Elements Security Center Common Features Changelog

AnttiPi · 2023-05-11T10:54:57+00:00

There was an error rendering this rich post.

Changes in features and functionalities that are impacting all security domains within WithSecure Elements Security Center will be published under this announcement thread.

Every time there is a change, an entry will be created under this announcement describing new functionalities, improvements or bug fixes.

📝 Click here to see the most recent change log and bookmark the discussion to be notified of any updates.

Find more posts tagged with

Changelog

Comments

AnttiPi

Security Administrators

Elements Security Center has a new view called "Security Administrators". View can be found under "Management" menu item.

This view lists all Elements Security Center security administrators. View includes defined roles for each security capability in Elements Security Center.

In addition to administrator roles view has information about last login time and Multi-Factor Authentication (MFA) status.

Content of the page can be exported for further use.

Administrators can be filtered with multiple different conditions using equals or contains operation when applicable.

View is read-only and security feature specific role management remains in corresponding security application e.g. Endpoint protection → Accounts. We will gradually introduce here administrator management features and replace security solution specific administrator user/account functionality.

AnttiPi

Elements scope management

Elements Security Center scope management has been introduced. This changes the way how WithSecure Elements Security Center is used to manage multiple Companies under Solution Provider (SOP) or Service Partner (SEP) organisation.

All companies under same organisation hierarchy

Elements Security Center has one organisation hierarchy. This is tree like three level hierarchy to help to manage large amount of companies. With Elements scope management this three level hierarchy is shared and synchronised across all Elements security capabilities.

Elements scope selector user interface component visualises organisation hierarchy and highlights what types of subscriptions each company has (see picture below).

Here "Data Fellows Security" is top level Solution Provider (SOP) organisation having multiple companies under it. Elements scope selector shows indicator of subscription type within company and shows union of available subscription types for Solution Provider and Service Partner organisations.

In the example "BE Consultancy Services" company has Endpoint Protection, Endpoint Detection and Response, and Vulnerability management subscriptions (highlighted icons). "BE Consultancy Services" does not have Collaboration Protection or Cloud Security Posture Management subscriptions (dimmed icons).

Synchronised scope selection

With these improvements scope selection within Elements is fully synchronised between different parts of the Elements Security Center. This means that when you change organisation while being in Endpoint Protection dashboard and then move to any other part of Elements Security Center e.g. to Collaboration Protection dashboard your organisation selection is always preserved until you explicitly pick another organisation scope.

Menu synchronisation

Navigation menu of Elements Security Center adapts to features that are available for selected organisation and current user.

Sample below shows navigation menu behaviour when selected organisation has limited set of subscriptions available.

Company called "Computational Fluid Dynamics" only has Endpoint Protection and Endpoint Detection and Response subscriptions so other Elements security capabilities are not available due to missing subscription. Common management functionalities are available for all organisations.

In cases where organisation has subscription but users access to given security capability is limited this is indicated in Elements menu with "No access". In sample below user does not have access role to Cloud Security Posture Management while organisation does have subscription for it.

It is also possible that company organisation has restricted Solution Provider and Service Partner access to their company data. These cases are indicated with "Restricted" label in corresponding menu item (see sample below).

AnttiPi

Subscriptions view

Elements Security Center has a new view called "Subscriptions". View can be found under "Management" menu item.

This view can be used to find all subscriptions under Elements portfolio.

View has option to

find details with subscription key
filter subscriptions based on expiration time
export subscriptions in CSV or JSON format
for partners subscriptions view content is filtered according to selected organisation scope

For each subscription all relevant information is available.

Product type
Subscription key
Subscription type
Subscribed quantity
Used quantity
Expiration time

With this view will replace existing product specific views under Endpoint Protection, Endpoint Protection and Response, and Management - Collaboration Protection.

PrzemekWoz

Security Administrators - Collaboration Protection Management

New view

Collaboration Protection administrators can now be managed from the Security Administrators view, which can be accessed through the "Management" menu item.

New users with various Collaboration protection access grants can be added with the "Add admin" button. By clicking the email address of an existing user Collaboration protection access grants can be given or modified.

Old view - prepared for deprecation

This update is set to replace the old view accessed through "Management - Collaboration Protection" -> "Users", which now features a banner with a deprecation message and a link redirecting to the new view.

PrzemekWoz

New features in Subscription view

The common "Subscriptions" view accessible via the "Management" menu item now features improved subscription filtering. With this update, the "Management - Collaboration protection" -> "Subscriptions" view has been set for deprecation and now features a deprecation banner informing of the replacement and a link to the new view.

Improved subscription filtering

Subscriptions can now be filtered by the following fields:

subscription key
expiration
type
product

Previously available search by subscription key has been merged into the filters and can be accessed by selecting "Subscription key" as the filter field. This also applies to the "Expiration" filter that allows filtering valid, expiring or expired subscriptions (valid subscriptions are shown by default).

Subscriptions can now be also filtered by their asset type.

You can use the new "Product" filter and select the appropriate product from the dropdown list. You can use the search bar inside the filtering option dropdown menu to find a specific product.

Applied filters are displayed above the subscription table and can be removed or edited and reapplied. Multiple filters can be applied at once.

Management - Collaboration Protection -> Subscriptions view deprecation

Old view

The view features a deprecation banner informing of the replacement and a link to the new view.

New view

witkkr2

EPP access management in Security Admins view

Endpoint Protection access rights can now be managed from the Security Administrators view, which can be accessed through the "Management" menu item. Use ‘Add admin’ button to grant access right to new user:

or click on administrator email in the Security Administrators table to modify existing access rights:

Flyout for changing access rights now contains additional ‘Delete’ button, that removes all access rights in organization for given administrator (which effectively removes them from displayed administrators list). This button is active only if current user has sufficient access rights to remove access for all relevant solutions.

AnttiPi

New Multi Factor Authentication options

Multi Factor Authentication (MFA) support in WithSecure Elements includes the following options:

Push notifications in use with Auth0 Guardian Multi Factor Authenticator application

This will allow the approval of an authentication request with a single click of a button.
The Auth0 Guardian Multi-Factor Authenticator application is available in Google Play and the Apple AppStore

Verification code using an Authenticator application

Example authenticator applications are Microsoft Authenticator, Google Authenticator, or any TOTP based authenticator) either in your mobile device or computer
A six-digit authentication code will be sent to the Authenticator application, and this will need to be entered into the login dialog to continue.
We are not introducing a dependency on having a mobile device. For many, it is the best option, but there are Computer-based authenticator applications available.

Verification code using SMS

A six-digit authentication code will be sent to the user’s configured mobile phone number via SMS. This code will need to be entered into the login dialog to continue.

How to take MFA in use

MFA options can be accessed from header bar via user button and by selecting "My settings".

My settings sections shows your current MFA status and gives you access to enable or change your MFA configuration.

All options can be configured to be in use simultaneously. Our recommendation is to use more than one option to ensure your Elements access is not lost in unfortunate event of losing your primary MFA method (e.g. if mobile authenticator is deleted by accident).

Read more about Multi Factor Authentication recommendations here: https://community.withsecure.com/en/kb/articles/31235-withsecure-elements-and-multi-factor-authentication

SergeH

Multi-Factor Authentication (MFA) Banner

As every administrator should activate MFA to keep their company (and customers) safe, Element Security Center is now displaying a red banner each time an administrator logs without MFA.

By clicking on "here" in the banner, the administrator can easily activate MFA by clicking on "enable" in the My Settings view.

Reminder: From Security administrator table under organization settings, you can and should verify that all administrator in your organization have enabled MFA.

LukaszK

Additional Multi Factor Authentication options

Additional Multi Factor Authentication (MFA) methods have been enabled for WithSecure Elements. WebAuthN protocol is the most secure and usable authentication method on the web. It’s adoption by Elements lets users authenticate with two new types of authenticators:

Roaming authenticators are removable and cross-platform, like a Yubikey, and can be used on multiple devices. To authenticate with a roaming authenticator, you need to connect it to the device (through USB, NFC, or Bluetooth), provide proof of presence (by touching it, for example), and optionally provide user verification, for example, by entering a PIN.
Platform authenticators are attached to device and only work on that device. Some examples are MacBook’s TouchBar, Windows Hello, iOS Touch/FaceId, and Android’s fingerprint/face recognition. Biometric data is stored on the device and never sent to the server. When biometrics cannot be used, alternative authentication methods are usually provided.

Benefits of WebAuthN adoption:

It minimizes login friction. A simple and familiar gesture lets users authenticate.
It's the only web authentication method that is phishing resistant.
It's standard based and implemented across browsers and operating systems

For more information about introduction of MFA see the November post.

SergeH

Partner logo on Elements Security Center

Why?

Partners may want to display their logo on Elements Security Center when used by their resellers or customers. We had solution to show partner logos in EPP and Vulnerability Management portals. As we unify our offers in Element Security Center, we need the partner logo available for the full Elements Security Center.

What is the new feature?

A new "customization" tab under Organization settings from where a partner (SOP level) can insert a logo and a support url. The logo will be displayed in the bottom left corner of Element Security Center and visible in all pages. It will replace any logo that might have been configured in old EPP or Vulnerability Management solution.
If the url is configured, it will replace WithSecure support url in the support tab (behind "go to the website" link).

LukaszK

Multi Factor Authentication is now mandatory in Elements

As of August 1st 2024, Multi-Factor Authentication (MFA) is mandatory for all Elements users. Users who have not set up an MFA method will be required to do so upon their next login.

SergeH

Custom PDF report with EDR security incidents

When emailing a report using "My report" as data source, it is now possible to add the list of EDR incidents (Broad Context Detection) in the PDF report by simply clicking a tick-box as below.

Note: Elements Reporting is a common feature and will now be reported in this changelog instead of the Endpoint Protection portal changelog where it has historically been.

LukaszK

This “Add subscription key” feature, previously available on the now deprecated Endpoint Protection Subscriptions screen, is currently available for all types of subscriptions on the Management / Subscriptions screen. On the new screen, the feature is called “Assign subscription” and is initially accessible to either partner or company users who have full (server and client) access to Endpoint Protection. Just like before, an existing key associated with a partner account can be assigned to a company.

The company must be selected from the Scope Selector.

Clicking the “Assign subscription” button brings up a flyout where the subscription key currently associated with the partner account can be entered.

Clicking “OK” moves the subscription to the company account currently selected in the Scope Selector.

With this change, the old Endpoint Protection Subscriptions screen becomes obsolete and is scheduled for removal on January 1, 2025.

MarcinG_WS

Email change functionality moved to a dedicated page

The option to change the email of the user currently logged in to Elements Security Center, which was previously available directly on the My settings screen, has been moved to a separate page. Changing the email will now also change the username to the same value as the new email.

To change your email, go to My settings and click Change email.

You will be redirected to a separate screen. The screen will display your current email and allow you to provide a new one.

If your username is different from the email, a warning will be displayed that changing your email will result in setting the username to the same value.

To change your email, provide a new value and click Send. You will be asked to authenticate again before the operation is carried out.

After your email is changed, you will be automatically redirected back to Elements Security Center.

LukaszK

"Partner" column added to Subscriptions view

We have added the 'Partner' column to the Management → Subscriptions view. This column is visible to partner users. When a Solution Provider (SOP) user is logged in, the column indicates which Service Partner (SEP) organization a company subscription belongs to:

LukaszK

Adjustments to Exposure Management roles

With the introduction of the Exposure Management capability into Elements, the corresponding user roles will be grouped into a single column and details section on the Security Administrators screen. This applies to the Exposure and Vulnerabilities (formerly Vulnerability Management) roles:

“Vulnerability Management - Admin” role has been renamed to “Exposure Management - Vulnerabilities - Management”.

“Vulnerability Management - Read-only team member” role has been renamed to “Exposure Management - Vulnerabilities - Read-only”.

LukaszK

Elements IAM role granted to self-registering companies

The Identity and Access Management (IAM) role is now visible in the Security Administrators view. This new role is authorized to grant and revoke all Elements permissions for security administrators within the IAM administrator’s organization and affiliated entities.

Currently, this role is granted to self-registering companies, and only other IAM administrators can assign this role to additional users.

We are about to begin the migration process, during which existing users who already have equivalent IAM permissions will be able to claim the IAM role. For more details, refer to the User Guide: Elements Identity and Access Management role | Welcome to WithSecure Elements | Latest | WithSecure User Guides.

LukaszK

As part of our ongoing work to unify workflows in WithSecure Elements, we have introduced changes to Organization Management.

These changes help our Elements Administrators to more effectively manage their environments.

Key features/changes:

Introduction of device group concept that will lead into group level access management later this year. Group level access management will assist administrators of larger environments to effectively manage access to their assets.
New Elements level organization view collecting related features into same place and deprecating duplicate views.

The following screens will be removed on April 22, 2025, as this release introduces features that fully replace them:

Endpoint Protection Accounts tab (all functionalities included elsewhere)
Management - Collaboration protection views:
- Organizations
- Settings
- Users view replaced earlier by Management / Organization settings /Security Administrators
- Subscriptions view replaced earlier by Management / Subscriptions view

Further details can be found in the Community announcement: Upcoming: New Elements organization management features - WithSecure Community

Component react.asset.createComment had an error.

Permission Problem You need the session.valid permission to do that.