31.7.1.1
| 1 July 2019 |
| Major Feature Release | |
|---|---|
| Version 31.7.1.1 Introduces an all new Intrusion Prevention System (IPS) with enhanced network protections and network data. This feature set requires the CyberHound UTM module set. | |
| Enhancements | |
| Intrusion Prevention System | A new flow based Intrusion Prevention System (IPS) has been implemented to actively scan network traffic for malicious activity. The flow based IPS System can be enabled via Advanced Firewall > IPS Configuration > Enable IPS rules engine. More information on the Flow based IPS System can be found in article ID 250001 within the help menu. |
| Intrusion Prevention System | New Intrusion Prevention System (IPS) threat management signatures have been introduced, delivering 12,000+ rules in 9 granular categories with alert, drop, blacklist and ignore actions. IPS rules are distributed via the Superloop Cloud with regular updates to provide enhanced protections. IPS policy configuration can be found via Advanced Firewall > IPS Configuration > Configure Flow Based IPS. Note: Not all rules are available for all hardware configurations. |
| Intrusion Prevention System | An administrator can manually override specific IPS rule action to allow, block, blacklist or ignore future connections via the Threat Management datasource. You may view rule overrides via Advanced Firewall > IPS Configuration > IPS Rule Overrides. |
| Intrusion Prevention System | You may specify any networks to be excluded from the Intrusion Prevention System (IPS). IPS Network exclusions can be accessed via Advanced Firewall > IPS Configuration > Network Exclusions. |
| 3rd Party Integration | The CyberHound UTM now supports Intrusion Prevention System (IPS) integration with HPE Aruba ClearPass network access control system. The integration delivers real time threat management feeds to Aruba ClearPass to automate the enforcement network policy such as quarantining an infected device, or removing a device from the network. A technical configuration guide can be found here. You can enabled the HPE Aruba integration via Advanced Firewall > IPS Configuration > Enable Aruba ClearPass Integration. Note: Integration supports multiple ClearPass servers. |
| Intrusion Prevention System | You may now enforce enhanced GEO IP network protections by restricting access to countries of specified origin with additional protocol based controls. GEO IP management can be accessed via Advanced Firewall > IPS Configuration > Geo IP Management. |
| Reporting | A new dedicated “Threat Management” data source has been added to the XGen reporting system to provide enhanced visibility if threats identified on the network by the Intrusion Prevention System (IPS). This can be accessed via Reporting > Threat Management. |
| Reporting | A new dedicated “GeoIP Events” data source has been added to the XGen reporting system to provide enhanced visibility of threats identified on the network by the Intrusion Prevention System (IPS). This can be accessed via Reporting > GeoIP Events. |
| Reporting | You can now create custom reports using data within the new “Threat Management” and “GeoIP Events” data sources. |
| Logging | A new real time log view of Intrusion Prevention and GEO IP system events can be found via Administration > View Logs > Rule Based IPS. |
| System | An Intrusion Prevention System (IPS) monitoring service has been implemented to measure system resource utilisation and engage an automated, temporary disablement of the IPS service under heavy load. |
| Remote Logging | You may now log ship Intrusion Prevention System (IPS) event logs to a remote syslog server for analysis. This can be enabled via Configuration > Remote Syslog. Note, it is recommended that remote syslog is utilised over a secure network connection. |
| Resolutions | |
| Reverse Proxy | Improved handling in the reverse proxy to not always send the destination port number which has been observed to result in a broken connection to some web applications using a standard port. |
| Reverse Proxy | Resolved an issue with reverse proxying a resource which requires a HTTP authentication method. |
| Access Policies | Resolved an issue with “Don’t record blocks” not working as intended within Access Policies. |
| Resolved an issue with bounce emails being rejected by Gmail. | |
| HTTP AV | Resolved an issue that could stop the HTTP-AV service from starting correctly. |