New
Endpoint Prevention - Next-Gen Antivirus with Behavioral Blocking through the integration of the patented Minerva technology:
- Next-Generation Antivirus (NGAV) that monitors your assets for both static and dynamic threats and automatically responds according to customer configurable policies.
- Endpoint Prevention policies determine what kind of behavior to monitor, how to respond when detected, and how events should be prioritized in InsightIDR.
- All aspects of Endpoint Prevention are configurable on a per-organization basis by users with Administrator privileges in the Agent Management experience.
- This feature is currently only available on Windows and will be available as an add-on to all Managed Threat Complete (MTC) customers and existing MDR customers.
Advanced Digital Forensics and Response Capabilities with Velociraptor hosted in the Insight Platform:
- Assets running the Insight Agent will receive the Velociraptor sub-component automatically instead of requiring customer deployment.
- Users can access the Velociraptor UI to monitor, hunt for threats, and investigate those assets with the standard open source DFIR toolkit.
- Users can also choose to forward events from on-endpoint monitoring rules to InsightIDR Investigations for centralized alert triage.
- This feature is available to InsightIDR Ultimate customers only.
A New Model for InsightVM Data Collection: The Insight Agent will now dynamically update the data checks that it needs to support new InsightVM vulnerability assessments:
- Newly disclosed vulnerabilities, including Windows Patch Tuesday, will no longer require an Insight Agent software release.
- Dynamic Content Loading only updates configuration files and not executables (adopting the model used by virus scanners).
- InsightVM customers can safely remain on any 4.0+ Insight Agent release, upgrading only at their convenience, and remain fully covered on new security content.
- This feature is automatically enabled for all InsightVM customers.
Improved
- The Insight Agent Windows MSI Installer now includes the Bootstrap, Agent Core, and Endpoint Broker sub-components of the Insight Agent:
- Agent Core manages the communications between the endpoint and the Insight Platform. The initial release supports Endpoint Prevention and Velociraptor.
- The Endpoint Broker executes the InsightVM scripts for Agent-Based Policy data collection, helps configure Agent sub-components without requiring a software update (like Events Monitor and Sysmon Installer), and brokers commands to osquery for forensics and hunts on Linux and MacOS.
- Additional logs available for viewing in Agent Management: We updated the Insight Agent to upload component logs to Agent Management for any available sub-components that are installed, including the new Endpoint Prevention and Velociraptor.
Fixed
- We fixed a bug caused by a 3rd party library that can break the Insight Agent's installation on Windows 8 and Windows Server 2012 if KB2999226 is not installed.
- We resolved vulnerabilities in the third party certifi Python library (CVE-2023-37920).