We would like to inform you that a new version of the Heimdal Release Candidate (RC) dashboard, version 4.1.0, will be released next Tuesday, April 2nd, 2024.
Starting Friday, April 5th, 2024, the Heimdal RC Agent will be available for download in the dashboard's "Guide" section under the "Download and Install" tab. It will be deployed on a roll-out basis over the coming weeks.
Here are the main features and improvements rolling in with the new 4.1.0 RC:
1. Reseller Master GP availability for macOS, Android, and Linux Ubuntu operating systems
2. Implement the "Select GP" dropdown in multiple product grids
3. BitLocker Management
HEIMDAL DASHBOARD
Reseller Master GP availability for macOS, Android, and Linux Ubuntu operating systems
Our “Reseller Master Group Policy” got enhanced. Previously available only for Windows OS–related GPs, starting with the 4.1.0 RC release, the master GP will be also available for macOS, Android, and Linux Ubuntu GPs.
The same functionality, as the currently available for Windows OS one, will be applicable for the rest of the operating systems where Heimdal runs.
Please note that enabling/ disabling the feature applies to all operating systems, the option cannot be managed individually, per operating system.
Since the reseller master GP distribution will be now available for Linux Ubuntu too, the option to add Infinity Management applications at the reseller level will also become available with the new release.
Implement "Select GP" dropdown in multiple product grids
This enhancement was carried out with the specific purpose of enhancing end-user experience and refining data visualization in the Heimdal dashboard, furnishing versatile yet efficient reporting.
It consists of the addition of a multi-select drop-down functionality in the Heimdal dashboard, in the Product views that allows their data to be sorted/ filtered in such a fashion.
Previously available only in the Windows OS -> Operating System Updates -> Installed, Available, and Pending views, the “Select GPs” drop-down list will be now available in more product grids views, across OSs, granting our dashboard users the option to triage data, real-time and in a multifaceted manner (one, more or all GPs selection, cross – OS GP selection, Active/ Inactive GP selection and toggle for Active GPs only, Search GP option in the drop down list etc.).
BitLocker Management
A completely new functionality implemented free of charge, with a very user-friendly and intuitive interface, helping you manage your organization’s cyber security posture by keeping data safe through encryption. It prevents unauthorized access and ensures the integrity of data stored on devices.
To use the BitLocker Management feature, you first need to set it up from the Endpoint Settings -> General -> BitLocker Management tab. Here you can define all the settings needed to process the volumes’ encryption process.
To initiate the encryption process, the 'Force disk encryption' option must be enabled. Once this is activated, two distinct sections for configuration settings become available:
1. OS Volume Settings:
• Encryption Method Selection:
Users can choose from various encryption methods, including 'XTS-AES 128-bit', 'XTS-AES 256-bit', 'AES-CBC 128-bit', and 'AES-CBC 256-bit';
• Key Protector Type:
The feature supports different key protector types for OS volumes like 'TPM And PIN' and 'Passphrase'.
Note: 'TPM And PIN' protector type is set by default (recommended for OS volume)
2. Data Volume Settings:
• Encryption Method Selection:
Similar to OS volumes, users can select from 'XTS-AES 128-bit', 'XTS-AES 256-bit', 'AES-CBC 128-bit', and 'AES-CBC 256-bit' for data volumes;
• Key Protector Type:
For data volumes, the current supported Key Protector type is 'Passphrase'.
• AutoUnlock Property:
This option is used to enable or disable automatic unlocking for a data volume protected by BitLocker Disk Encryption.
Note: the 'AutoUnlock' option for data volumes can be applied only when the OS volume is already encrypted and it means that if the option is enabled and the OS volume is encrypted, the data volume will be automatically unlocked once the OS volume is unlocked.
The access to the BitLocker Management GP area is regulated by two dedicated claims which are part of the Accounts -> click on an account -> Access Control tab, namely: “View BitLocker Endpoint settings” (granting the ability to only view the dedicated GP area, without the ability to alter the settings) and “Edit BitLocker Endpoint settings” (granting full control over the dedicated GP area).
The BitLocker Management product page can be found in the Heimdal dashboard left-hand side menu, under Unified Endpoint Management -> Client Management -> BitLocker.
With this implementation, we’ve changed a little the structure and naming of some of the entries from the dashboard’s hamburger menu, as follows:
• “Management” became “Unified Endpoint Management”;
• “Active Clients” denomination was changed to “Device Info”;
• A new entry, under “Unified Endpoint Management”, was created – “Client Management”; the “Client Management” section contains, for the moment, the BitLocker and the Scripting functionalities;
The BitLocker Management Standard view is the dedicated product page of this functionality. The page contains relevant stats related to the encryption statuses of your IT estate, a search functionality (by hostname and username), a multi-select drop-down list allowing the dashboard users to select the relevant GP(s) and visualize only the data pertaining to that/ those GP(s), a Download CSV option (enabling the grid data export in a .csv format), a Filters button and the grid/ table itself.
The filtering options revolve around the “Protection Status”: Unsecured (no volumes on the device are encrypted), Partially Secured (at least on volume on the device is not encrypted), and Fully Secured (all the device’s volumes are encrypted) and “Recovery Key”: Unavailable (no recovery keys, for any volumes, are stored in the Heimdal database), Partially Backed Up (recovery keys for some volumes are missing from our database) and Backed Up (recovery keys for all volumes are stored in our database).
The Standard view data table/ grid has the following columns: Hostname, Username, Last seen, Protection Status, Recovery Key and Error.
When clicking a Hostname from the BitLocker Management, Standard view, the dashboard user will get redirect to a “Client Specifics” dedicated view which is providing information about: the Trusted Platform Module of the machine (status, manufacturer name and version) and a detailed per volume info/ data table, like the one showcased below.
The access to the Recovery Key info is regulated by a dedicated claim (part of the Access Control tab) called "View the BitLocker Recovery keys”. When an account has this claim awarded, the dashboard user can visualize and copy the recovery key info. If the account does not have the dedicated claim awarded, they will see an icon with a tool tip text mentioning that the user does not have the necessary permissions to view the recovery key.
On the Heimdal agent side, we’re checking some pre-requisites in order to assess the compatibility of the machine with BitLocker: compatibility of the OS edition with BitLocker as well as whether the OS version is supported or not (the detailed info of these aspects, connectivity, user rights, flows etc. can be provisioned by our Support dept.).
If the BitLocker Management functionality is enabled in the GP, the Agent checks if the BitLocker Drive Encryption feature is enabled in Windows and in case it is not, the end user will get the following pop-up message on their machine:
Note: if the user enables the feature in Windows, he/ she will be asked to reboot the computer and after the reboot taking place, BitLocker Management will be available on the computer and the module will apply its group policy configuration.
In case the Key Protector Type is set-up for OS and/ or Data volumes, the end user will be presented with a pop-up window in which they will need to input and confirm the protector (passphrase or PIN, depending on the Endpoint Settings set-up) and then, the encryption process will commence as soon as the end user confirms the protector.
SCRIPTING
Yet another “just out” functionality implemented free of charge, meant to streamline the management of your IT estate in an efficient and secure way, the Scripting module allows the execution and scheduling of custom scripts (.ps1 and .bat of 1MB maximum) as tasks to be run on a machine.
In order to use the Scripting feature, you first need to set it up from the Endpoint Settings -> General -> Scripting tab. Here, the dashboard user can add and view tasks/ scripts, edit, delete or search for them and turn them on or off.
Task creation
Clicking the Add Task button will expand the task creation menu that consists of the following configuration sets:
1. General
The dashboard user can add a Task Name of up to 50 characters in length and a Task Description of up to 250 characters in length.
2. Triggers
Customers can add as many triggers as their needs require and schedule them however they please.
Triggers have a configurable starting date and time functionality, under the Start option. Different trigger types are available in the Trigger Type drop down menu:
3. Actions
This menu is used to specify which action the Task will perform. It chooses a script from the customer's Script Repository.
4. Conditions
This dedicated menu tab will permit the dashboard user to define the conditions that need to be met in order for a Task to be performed.
5. Settings
The following settings tab allows the users to better control the way their tasks run and it represents a complementary set of configurations.
For cases in which the selected task is already running, the dashboard user can select one of the below set-ups:
The dedicated Scripting product page can be found in the Heimdal dashboard left-hand side menu, under Client Management. It consists of two views and three statistics counters.
Statistics counters:
1. Available Scripts - the total number of existing scripts
2. Active Scripts - the number of scripts used in Active Tasks in the dedicated Group Policy
3. Scripts with errors - the number of scripts used in Active Tasks in the dedicated Group Policy, that have errors
Enabling or disabling a Task in the Endpoint Settings -> General -> Scripting, using the Task table's On/Off toggle switch, updates the Active Scripts counter.
Standard view
This view contains Scripting logs/ data from endpoints where specific scripts have been run to completion or have not been successfully run due to an error.
Besides the existing grid/ table, dashboard users are able to search for scripts by Script Name or Script Description, using the Search field and also search based on Username, Hostname and Trigger name. There’s also a Download CSV option which, if used, downloads the data from the grid in a .csv format.
There are also filtering option in the Scripting -> Standard view. When hitting the “Filters” button, the dashboard user will be able to selected the filtering on Resolution to be applied to the Standard view data.
Clicking the desired Hostname redirects the customer to Client Specifics -> Unified Endpoint Management -> Scripting -> Standard view.
The Client Specific Three Bullet menu now includes the View Script logs action that also redirects the customer to the Client Specific -> Unified Endpoint Management -> Scripting -> Standard view.
Repository view
In this view customers and resellers can add scripts and visualize the existing scripts, as well as Edit their Description or Delete them altogether.
There’s also a search option in place in the Repository view, with the assistance of which dashboard users can search by: Script Name or Script Description and a Download CSV option which, if used, downloads the data from the grid in a .csv format.
Clicking the “Add new script” button opens a pop-up window, where the dashboard user can Import a new script and offer a description for it.
Note: The Script Name cannot be edited ⚠️, it automatically receives the imported file's name and cannot be changed after being added. We recommend deleting the file and adding it with the desired name in order to avoid populating the Repository with redundant entries.
HEIMDAL PRIVILEGES & APP. CONTROL
Addition of a “Timestamp” column in the Heimdal agent, App. Control views
In order to improve the end users reporting and forensic capabilities, a new column called “Timestamp” was added to the Application Control grid from the Heimdal agent UI. The “Timestamp” data will provide the time when the processes were intercepted, based on the created Block/ Allow rules.
Enhancements to the PAM end-user Reason for Elevation pop-up
In order to further improve the end-user experience of our products, we made some tweaks to the existing Privileged Access Management end-user reason for elevation pop-up window, namely:
• The “free text” area will now be shown in the Agent UI, regardless of what pre-defined (drop-down) reason type the end-user chose; however, the “free text” reason is mandatory to be filled in, only when the “Other” pre-defined option is selected;
• Increased the minimum limit of characters pertaining to the reason “free text” area (from 3) to 30 characters, in the case of the “Other” drop-down selected reason;
• The error messages, derived from the incorrect fil-out of the reason for elevation end-user pop-up, have also been enhanced
Some improvements have also been implemented in the PAM views from the Heimdal dashboard (“Pending approvals” and “History” grids). In the “Reason given” column, one of the predefined options (“Other, Install software, Uninstall software, Update software, Run script and Use software which requires elevation”) will be now displayed, along with a tooltip added next to it. This tooltip will appear only when a “free-text” reason has been provided. The “Other” option will always display a tooltip next to it, as providing a reason longer than 30 characters is mandatory for this option.
HEIMDAL EMAIL PROTECTION
The Email Security and Email Fraud Prevention data sets from the lower section homepages graphs are now clickable
Email Security
The navigation to the ESEC details pages has been streamlined, by the implementation of a functionality that allows dashboard users to click on charts’ intersection points (only the graphs from the lower end of the ESEC homepage were included in this change). This modification enhances user experience by providing direct access to specific ESEC details from the charts’ interface.
An enhancement to the existing interface will be evident when hovering over a point on the chart tile. In addition to the currently displayed legend for the data of a specific intersection, users will now be able to see the corresponding date.
Based on the selected chart tile and data, when clicking on an intersection data point, specific filters will be automatically applied when being re-directed to the “Details page” (pre-filtering based on the graphic point that was clicked), such as in the below example:
After clicking on the hovered point in the chart tile, the timeframe interval of the redirected “Details” page is automatically set to the one pertaining to the hovered data point.
Moreover, this action also sets, in the “Advanced filter”, the “Type” field to “Spam” (considering the graph tile from which the selected data point was clicked on).
Depending on the graph tile clicked, the following actions occur: clicking on the "Rejected" and "Quarantined" tiles, automatically sets the “Status” of the “Advanced filter”, while clicking on the "Spam", "Virus", and "ATP" graph tiles, automatically sets the “Type” field from the “Advanced filter”.
If there is no recorded data when hovering over the chart data points and attempting to click on them, a toast notification will be shown to the dashboard user with the message "No data for the specific timeframe."
Email Fraud Prevention
The same enhancement has been carried out to the EFP homepage too: clicking the lower tiles graphs' info points (Quarantined, Out of Character to C-Suite, Malicious URLs, Malicious Attachments and EML Features Failed), redirects the dashboard user to a pre-filtered “Details” view, containing the emails that meet the corresponding criteria.
On top of the above, we’ve also added an “Advanced Filter” button to the EFP “Details” page, which is very similar to the ESEC one. The new filtering capabilities provide more granular options for forensic and reporting purposes. Previously, an EFP dashboard user could have filter the “Inbound” and “Outbound” grids only based on the “Risk score” of the emails (Low, Medium, High, Critical), while starting with the new 4.1.0 RC release they can now filter based on: Receiver, Sender, Hostname, Resolution, Risk Score and Rule Category.
OTHER IMPROVEMENTS AND FIXES:
Ransomware Encryption Protection for Endpoint, persistent end-user pop-up
We’ve refined the end-user pop-up window mechanism for the Ransomware Encryption Protection for Endpoint, in the sense that a new checkbox called “Agent Balloon Notification Persistence” has been added to the Endpoint Settings -> Endpoint Detection -> Ransomware Encryption Protection tab -> General Settings area of the Heimdal dashboard. If enabled, this new functionality will make the end-user pop-up window triggered whenever a REP for endpoint detection happens (pre-requisite: “Agent Balloon Notifications” enabled) stay on screen, until it is closed by the end-user.
3rd Party Patch Management & OS (Microsoft) Updates Heimdal agent UI data default sorted descendent based on timestamp
We’ve addressed a small inconsistency present in the Patch & Asset Management space of the Heimdal Windows agent UI and now all the entries from the “See Details” (Available) and “History” Microsoft Updates views and “History” 3rd Party Patch Management view are sorted in a descendent manner, based on time stamp (“Date”), by default.
Option to delete Reseller Master Group Policy once opted out
Based on the feedback received from our Partners and Customers, we’ve provided more versatility to the Reseller Master GP feature: if before, only Resellers were able to delete a Reseller Master GP, starting with the 4.1.0 RC release, Corp. Customers that have opted out from that/ those specific Master Reseller GP(s) can also delete them (a corp. customer can also delete a Master Reseller GP, in case, at reseller level, the “Reseller Master GP distribution” tickbox is disabled).
Change “Resolve” action to “Suppress” in VectorN Detection™ Endpoint and add the action to VectorN Detection™ Network, TAC Action Center -> Notifications/ Actions tab and Guide -> MXDR Permissions
A change in denomination (meant to avoid confusion) was performed to the “Resolve” action from the VectorN Detection™ Endpoint submodule and it is now being called “Suppress” (no change in functionality, whatsoever).
This action has also been added to the VectorN Detection™ Network “Select what action to take” drop down list (if taken, the action will hide/ dismiss/ suppress the corresponding VND entries for 30 days), as well as to the VectorN Detection™ notifications from the TAC Action Center -> Notifications/ Actions tab and the Guide -> MXDR Permissions tab, Settings table.