Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Release Date: 2019-11-26

Version: G4.10-1.0

New Features

Platform

  • This release introduces unified Public Key Infrastructure (PKI) for the Outpost24 platform and HIAB appliances, and are expected to increase the robustness and security of appliance setups.

    Note

    Customers who have deployed but not enrolled HIABs prior to this release, must download and deploy a new image provided with this release before enrolling.

Compliance

With this release, we are pleased to announce:

  • Support for the hardening Google Cloud provider compliance benchmarks. To use and access the results of the hardening GCP compliance policies, you need to run and access these from within the Appsec menu option.
  • Support for the hardening AWS compliance benchmarks in the Appsec UI.

Scout

  • As we continue to assess Scout as part of its beta program we have added the ability to rerun previous Scout discoveries. This allows you to schedule discoveries to run at a time suited to your needs, as well as viewing the content and findings from previously discoveries. We will continue to add additional functionalities based on feedback from our beta participants. As a reminder, if you wish to be considered to beta test Scout, please raise a request via the Support team.

Appsec

  • A new source Cloudsec has been added to the Appsec Assets view, to help with filtering and analyzing assets subject to the GCP or AWS hardening benchmarks.
  • Appsec Scale checkbox has been removed from the User Role Management section. Since the Appsec UI views are available to all customers and users, it has no longer any effect on the access to Appsec Scale.

Cloudsec

  • The GCP and AWS functionality in Cloudsec now fully supports the use of the REST API.

Vulnerability Detection

Netsec

  • Added detection for IOS XR over SSH
  • Improved portscanner range parsing logic
  • Improved authenticated detection for ASP.NET Core
  • Improved detection for Pulse Connect Secure
  • Improved Port fingerprinting
  • Resolved issue related to VNC Security Types
  • Resolved issue related to HTTP redirection responses
  • Merged "SMB Null Sessions Enabled" finding (217926) into "Default SMB Credentials" finding (1345754)

Appsec

  • Improved detection of command injections

  • Resolved issue related to case sensitivity in certain headers

  • Resolved issue related to Directory Traversal on Windows platforms

Fixes and Minor Improvements

Appsec

  • Improved the way Outpost24 performs troubleshooting of Scale issues when running Internal Scale on HIABs.  

End of Life Announcement

Appsec SWAT UI EOL

We have delayed the deprecation of the SWAT Classic UI indefinitely. We strongly recommend our customers to make use of the APPSEC UI for the majority of their activities as we are no longer actively developing the Swat Classic UI. Once we have a firm deprecation date, we will provide a three month notification of the End of life.