Improved Security Center user interface
We are extremely happy to make the new generation of Security Center general available, which includes a new design for the user interface.
The next generation of Security Center comes with a new design that aligns our future direction of Holm Security and an updated web framework technology that enables us to innovate faster with higher quality and remained security levels.
Over the next months, we'll move over each area of features in Security Center to the new web framework. The transition will only be seen by minor differences in the user interface design, and will not impact functionality for customers in any way.
What is new with the updated user interface
General availability of new external scan engines
During 2022 Q1 we have rolled out new versions of our external scan engines across customer accounts in both our European and Asia Security Centers. The rollout was happening in several phases to evaluate the result and performance of the new scan engines.
The new network and web scan engines come with major changes that primarily focus on the stability and quality of the scans. These come from a longer development cycle and are a new architectural foundation for us to build upon going forward.
In the next months, we will release a new generation of Scanner Appliance with the updated versions of the scan engine. Until then we don't anticipate any negative effects of continuing using the current legacy scan engine.
CVSS version 3 on network vulnerabilities
Network vulnerabilities have until today had support for Common Vulnerability Scoring System (CVSS) version 2.0 which is an industry-standard for risk-based security on vulnerabilities.
The shortcomings of version 3.0 made CVSS version 3.1 be developed and become more popular across vulnerabilities.
With this release, we are bringing in support for CVSS version 3.0/3.1 across our network vulnerabilities. Depending on the related CVE we will include the CVSS versions available.
How to work with CVSS version 3
New Strict Transport Security vulnerability test
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
A missing or misconfigured Strict-Transport-Security header allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Severity:
Medium - 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
HTTP Strict Transport Security (External link)
Network asset ports inventory
Asset Manager is receiving an additional overview of where all ports that are currently opened and related to an asset can be viewed. This new feature provides a single place to understand the complete inventory of ports across your network assets. Making it easy to understand what ports are currently exposed on what protocols.
The inventory list of opened ports provides a view of the number of vulnerabilities connected to the opened port together with the number of impacted assets. You can easily filter and have separate views across your list of ports.
From each port you can navigate further to look deeper into the individual assets and vulnerabilities, providing cross-links to other areas in Security Center such as Vulnerability Manager.
How to work with ports in Vulnerability Manager
Other improvements
- A new revision update of the Scanner Appliance is being rolled out in the next weeks. The update comes with primarily stability improvements and bug fixes.
- Running check of blacklisted mail server and compromised website now is allowed for non-owner users.
- Customers in Organizer now have the correct modified timestamp saved.