Release Notes

What's New in 3.7

  • Multiple Configuration File Support - Security Analyzer now supports the use of multiple configuration files for a single Management Server.
  • Agent Grouping - Agents can now be organized into groups with each group being assigned a different configuration file.
  • Agent & Event Grooming - Agents and events are now automatically groomed out of the database according to user defined retention periods.
  • Event Tags - Events can now be tagged with keywords that can be used for grouping and filtering in the dashboard.
  • Install Scripts - The Security Analyzer Agent and Management Server can now be installed using unattended install scripts.
  • Auto Upgrades - A new user configurable option was added that specifies whether or not an agent should be automatically upgraded after a Management Service upgrade.

New in version 3.6

  • Untrusted Object Detection - Security Analyzer now traces an input string from initiation throughout the transaction to detect whether the string is trusted or untrusted. If the string is determined to be untrusted, the transaction will be blocked.
  • Enhanced Detection - Security Analyzer now identifies untrusted parameters for parameterized SQL. In addition, several new patterns have been added to the detection engine rules.
  • Enhanced Upgrades - Upgrades are now a more automated and seamless process while preserving settings and configurations.
  • Enhanced Event Details - Additional information has been added to the Security Analyzer event details including cookies, headers, parameters and referrers providing more visibility and context into detected events.
  • Expanded Web Service Notifications - Security Analyzer now includes stack trace details, request headers, parameters and SQL statements as part of the web service notifications. This information can be correlated with data from other applications to provide additional context around detected threats and events.
  • Installer Updates - Various enhancements to the agent and management server installers to make them more intuitive and automated and the agent attach function is now included as part of the agent installer.
  • Various enhancements and defect resolution.

New in version 3.5

  • Cross Site Request Forgery Detection & Blocking – New detection, blocking and notification of CSRF threats with customizable filters to define which pages, resources and forms should be protected or excluded.
  • Enhanced XSS and SQLi Detection – New and updated detection methodology with expanded detection coverage and improved performance.
  • Enhanced OS Command Injection Detection – OS Command Injection detection now provides support for starts with, ends with, exact match or regex expressions.
  • Jar Analysis Report – Compares loaded jar files with known vulnerabilities from the National Vulnerability Database to identify vulnerable jar files in use by your web applications.
  • Dashboard Usability Enhancements – Various usability updates to the BrixBits Dashboard including an updated Event Origin Map.
  • Updated installer with improved user experience and workflow.
  • Various enhancements and defect resolution.

New in version 3.1

  • Additional filtering options for threat detection and blocking – New filtering options allow for the blocking of specific OS commands
  • Flexible severity level assignment for input parameter detection events – Now different severity levels can be assigned for each input parameter check.  Additionally, events can be filtered so only those below the base severity level are blocked.  
  • New Events Landing Page and Dashboard Enhancements – Several improvements to the BrixBits Dashboard improve workflow and usability including a central events landing page for displaying widget results.
  • Admin Console is now a part of the BrixBits Dashboard – The Admin Console functionality has been incorporated into the BrixBits dashboard eliminating the need to use two different interfaces to administer the application and/or view security events and data.
  • Additional event details available in the Dashboard – Stack trace and URL for a transaction is now available as part of the event details on the Events page in the Dashboard.
  • Configuration Enhancements – Various updates have been made to the Security Analyzer configuration interface to make configuration easier, more understandable and provide more validation.
  • LDAP Support – The BrixBits Dashboard now has support for LDAP as well as multiple roles to control who has access to what information within the BrixBits Dashboard.
  • Session Escalation Blocking – New functionality monitors sessions and sends events after the specified number of occurrences.  The agent can block further occurrences once escalated.
  • Untrusted transaction blocking – Now block untrusted transactions based on IP address or headers.
  • Enhanced XSS/SQLi detection – New input parameters have been added to our default list of known threats.
  • DNS Lookup – New DNS lookup helps to identify the origin of security threats.
  • Cipher\Protocol Startup Checks – Security Analyzer now checks for the use of certain protocols and ciphers to determine if applications are at risk
  • Improved login and authentication events and the ability to add on custom login events for 3rd party applications.
  • Improved Session List Report
  • Agent performance improvements

New in Version 2.2:

Detection

  • JVM memory scanning – Security Analyzer now scans Java memory and classes to identify sensitive data that may be exposed in clear text and that may be vulnerable to exploitation.
  • Serialization Detection – Security Analyzer will now check at startup for classes that use serialization as well as detect and send an event when serialization is in use.
  • Enhanced Detection of Cross Site Scripting and SQL Injection Threats – Additional checks were added to expand the coverage of cross site scripting and SQL injection threats as well as the ability to search for custom strings.
  • Detection of the use of ProcessBuilder – Security Analyzer now detects and events when ProcessBuilder is used.

Blocking

  • Cross Site Scripting Blocking – Security Analyzer can now be configured to block any transactions that are suspected of being cross site scripting threats.
  • SQL Injection Blocking – Security Analyzer can now be configured to block any transactions that are suspected of being SQL injection threats.
  • Serialization Blocking – Security Analyzer can be configured to block classes that use serialization.

Patching

  • HTTP Response Header Patching – HTTP header request are evaluated and when certain security related headers are found to be missing, Security Analyzer will patch the response by inserting the appropriate headers to ensure the browser and ultimately the user is safe from attempted security vulnerabilities.

Enterprise Features

  • Audit Mode – The new audit mode turns on certain auditing features that are useful to identify certain risks and vulnerabilities in applications prior to moving them into production.
  • New Security Analyzer Dashboard – Security Analyzer now has a new dashboard page with new widgets such as the number of alerts by security classification, an audit of startup security settings, the number of events by severity for a given instance, as well as a map showing the origin of security threats.
  • Optimized Performance – The Security Analyzer threat detection engine has been updated to optimize performance
  • Dashboard Customization – Users now have the availability to create custom dashboard pages and widgets.
  • New Reports in the Dashboard – The following reports have been added to the BrixBits Dashboard:
    • Java Permissions Audit
    • Java Permissions Audit Types
    • Class Package Audit
    • Serialized Classes
    • Session List