Elements Security Center Common Features Changelog

AnttiPi
AnttiPi Staff, Product Leadership Posts: 15 W/ Product Leadership
edited October 2023 in Elements Security Center

Changes in features and functionalities that are impacting all security domains within WithSecure Elements Security Center will be published under this announcement thread.

Every time there is a change, an entry will be created under this announcement describing new functionalities, improvements or bug fixes.

📝 Click here to see the most recent change log and bookmark the discussion to be notified of any updates.

Elements Security Center.jpg

Tagged:

Comments

  • AnttiPi
    AnttiPi Staff, Product Leadership Posts: 15 W/ Product Leadership

    Security Administrators

    Elements Security Center has a new view called "Security Administrators". View can be found under "Management" menu item.

    sec_admins_menu.png

    This view lists all Elements Security Center security administrators. View includes defined roles for each security capability in Elements Security Center.

    In addition to administrator roles view has information about last login time and Multi-Factor Authentication (MFA) status.

    sec_admins_filters.png

    Content of the page can be exported for further use.

    sec_admins_export.png

    Administrators can be filtered with multiple different conditions using equals or contains operation when applicable.

    sec_admins_filter_options.png

    View is read-only and security feature specific role management remains in corresponding security application e.g. Endpoint protection → Accounts. We will gradually introduce here administrator management features and replace security solution specific administrator user/account functionality.

  • AnttiPi
    AnttiPi Staff, Product Leadership Posts: 15 W/ Product Leadership

    Elements scope management

    Elements Security Center scope management has been introduced. This changes the way how WithSecure Elements Security Center is used to manage multiple Companies under Solution Provider (SOP) or Service Partner (SEP) organisation.

    All companies under same organisation hierarchy

    Elements Security Center has one organisation hierarchy. This is tree like three level hierarchy to help to manage large amount of companies. With Elements scope management this three level hierarchy is shared and synchronised across all Elements security capabilities.

    Elements scope selector user interface component visualises organisation hierarchy and highlights what types of subscriptions each company has (see picture below).

    Elements-scope-management-1.png

    Here "Data Fellows Security" is top level Solution Provider (SOP) organisation having multiple companies under it. Elements scope selector shows indicator of subscription type within company and shows union of available subscription types for Solution Provider and Service Partner organisations.

    In the example "BE Consultancy Services" company has Endpoint Protection, Endpoint Detection and Response, and Vulnerability management subscriptions (highlighted icons). "BE Consultancy Services" does not have Collaboration Protection or Cloud Security Posture Management subscriptions (dimmed icons).

    Synchronised scope selection

    With these improvements scope selection within Elements is fully synchronised between different parts of the Elements Security Center. This means that when you change organisation while being in Endpoint Protection dashboard and then move to any other part of Elements Security Center e.g. to Collaboration Protection dashboard your organisation selection is always preserved until you explicitly pick another organisation scope.

    Menu synchronisation

    Navigation menu of Elements Security Center adapts to features that are available for selected organisation and current user.

    Sample below shows navigation menu behaviour when selected organisation has limited set of subscriptions available.

    elements-scope-management-2.png

    Company called "Computational Fluid Dynamics" only has Endpoint Protection and Endpoint Detection and Response subscriptions so other Elements security capabilities are not available due to missing subscription. Common management functionalities are available for all organisations.

    In cases where organisation has subscription but users access to given security capability is limited this is indicated in Elements menu with "No access". In sample below user does not have access role to Cloud Security Posture Management while organisation does have subscription for it.

    Elements-scope-management-3.png

    It is also possible that company organisation has restricted Solution Provider and Service Partner access to their company data. These cases are indicated with "Restricted" label in corresponding menu item (see sample below).

    Elements-scope-management-4.png

  • AnttiPi
    AnttiPi Staff, Product Leadership Posts: 15 W/ Product Leadership

    Subscriptions view

    Elements Security Center  has a new view called "Subscriptions". View can be found under "Management" menu item.

    subscriptions-1.png

    This view can be used to find all subscriptions under Elements portfolio.

    View has option to

    • find details with subscription key
    • filter subscriptions based on expiration time
    • export subscriptions in CSV or JSON format
    • for partners subscriptions view content is filtered according to selected organisation scope
    subscriptions-2.png

    For each subscription all relevant information is available.

    • Product type
    • Subscription key
    • Subscription type
    • Subscribed quantity
    • Used quantity
    • Expiration time

    With this view will replace existing product specific views under Endpoint Protection, Endpoint Protection and Response, and Management - Collaboration Protection.

  • PrzemekWoz
    PrzemekWoz Staff Posts: 2 W/ Staff
    edited August 2023

    Security Administrators - Collaboration Protection Management

    New view

    Collaboration Protection administrators can now be managed from the Security Administrators view, which can be accessed through the "Management" menu item.

    MicrosoftTeams-image (1).png

    New users with various Collaboration protection access grants can be added with the "Add admin" button. By clicking the email address of an existing user Collaboration protection access grants can be given or modified.

    MicrosoftTeams-image (2).png

    Old view - prepared for deprecation

    This update is set to replace the old view accessed through "Management - Collaboration Protection" -> "Users", which now features a banner with a deprecation message and a link redirecting to the new view.

    MicrosoftTeams-image (3).png
    MicrosoftTeams-image (4).png

  • PrzemekWoz
    PrzemekWoz Staff Posts: 2 W/ Staff

    New features in Subscription view

    The common "Subscriptions" view accessible via the "Management" menu item now features improved subscription filtering. With this update, the "Management - Collaboration protection" -> "Subscriptions" view has been set for deprecation and now features a deprecation banner informing of the replacement and a link to the new view.

    Improved subscription filtering

    Subscriptions can now be filtered by the following fields:

    • subscription key
    • expiration
    • type
    • product

    Previously available search by subscription key has been merged into the filters and can be accessed by selecting "Subscription key" as the filter field. This also applies to the "Expiration" filter that allows filtering valid, expiring or expired subscriptions (valid subscriptions are shown by default).

    Subscriptions can now be also filtered by their asset type.

    You can use the new "Product" filter and select the appropriate product from the dropdown list. You can use the search bar inside the filtering option dropdown menu to find a specific product.

    MicrosoftTeams-image (7).png

    Applied filters are displayed above the subscription table and can be removed or edited and reapplied. Multiple filters can be applied at once.

    Management - Collaboration Protection -> Subscriptions view deprecation

    Old view

    MicrosoftTeams-image (8).png

    The view features a deprecation banner informing of the replacement and a link to the new view.

    MicrosoftTeams-image (9).png

    New view

    MicrosoftTeams-image (10).png

  • witkkr2
    witkkr2 Staff Posts: 1 W/ Former Staff

    EPP access management in Security Admins view

    Endpoint Protection access rights can now be managed from the Security Administrators view, which can be accessed through the "Management" menu item. Use ‘Add admin’ button to grant access right to new user:

    1.png

    or click on administrator email in the Security Administrators table to modify existing access rights:

    2.png

    Flyout for changing access rights now contains additional ‘Delete’ button, that removes all access rights in organization for given administrator (which effectively removes them from displayed administrators list). This button is active only if current user has sufficient access rights to remove access for all relevant solutions.

  • AnttiPi
    AnttiPi Staff, Product Leadership Posts: 15 W/ Product Leadership

    New Multi Factor Authentication options

    Multi Factor Authentication (MFA) support in WithSecure Elements includes the following options:

    Push notifications in use with Auth0 Guardian Multi Factor Authenticator application

    • This will allow the approval of an authentication request with a single click of a button.
    • The Auth0 Guardian Multi-Factor Authenticator application is available in Google Play and the Apple AppStore

    Verification code using an Authenticator application

    • Example authenticator applications are Microsoft Authenticator, Google Authenticator, or any TOTP based authenticator) either in your mobile device or computer
    • A six-digit authentication code will be sent to the Authenticator application, and this will need to be entered into the login dialog to continue.
    • We are not introducing a dependency on having a mobile device. For many, it is the best option, but there are Computer-based authenticator applications available.

    Verification code using SMS

    • A six-digit authentication code will be sent to the user’s configured mobile phone number via SMS. This code will need to be entered into the login dialog to continue.

    How to take MFA in use

    • MFA options can be accessed from header bar via user button and by selecting "My settings".
    User dropdown.png

    • My settings sections shows your current MFA status and gives you access to enable or change your MFA configuration.
    My settings.png

    • All options can be configured to be in use simultaneously. Our recommendation is to use more than one option to ensure your Elements access is not lost in unfortunate event of losing your primary MFA method (e.g. if mobile authenticator is deleted by accident).
    MFA settings.png

    Read more about Multi Factor Authentication recommendations here: https://community.withsecure.com/en/kb/articles/31235-withsecure-elements-and-multi-factor-authentication


  • SergeH
    SergeH Staff Posts: 62 W/ Former Staff

    Multi-Factor Authentication (MFA) Banner

    image.png

    As every administrator should activate MFA to keep their company (and customers) safe, Element Security Center is now displaying a red banner each time an administrator logs without MFA.

    By clicking on "here" in the banner, the administrator can easily activate MFA by clicking on "enable" in the My Settings view.

    Reminder: From Security administrator table under organization settings, you can and should verify that all administrator in your organization have enabled MFA.

  • LukaszK
    LukaszK Staff Posts: 7 W/ Staff
    edited March 7

    Additional Multi Factor Authentication options

    Additional Multi Factor Authentication (MFA) methods have been enabled for WithSecure Elements. WebAuthN protocol is the most secure and usable authentication method on the web. It’s adoption by Elements lets users authenticate with two new types of authenticators:

    • Roaming authenticators are removable and cross-platform, like a Yubikey, and can be used on multiple devices. To authenticate with a roaming authenticator, you need to connect it to the device (through USB, NFC, or Bluetooth), provide proof of presence (by touching it, for example), and optionally provide user verification, for example, by entering a PIN.
    • Platform authenticators are attached to device and only work on that device. Some examples are MacBook’s TouchBar, Windows Hello, iOS Touch/FaceId, and Android’s fingerprint/face recognition. Biometric data is stored on the device and never sent to the server. When biometrics cannot be used, alternative authentication methods are usually provided.
    image.png
    image.png

    Benefits of WebAuthN adoption:

    • It minimizes login friction. A simple and familiar gesture lets users authenticate.
    • It's the only web authentication method that is phishing resistant.
    • It's standard based and implemented across browsers and operating systems

    For more information about introduction of MFA see the November post.

  • SergeH
    SergeH Staff Posts: 62 W/ Former Staff

    Partner logo on Elements Security Center

    Why?

    Partners may want to display their logo on Elements Security Center when used by their resellers or customers. We had solution to show partner logos in EPP and Vulnerability Management portals. As we unify our offers in Element Security Center, we need the partner logo available for the full Elements Security Center.

    What is the new feature?

    A new "customization" tab under Organization settings from where a partner (SOP level) can insert a logo and a support url. The logo will be displayed in the bottom left corner of Element Security Center and visible in all pages. It will replace any logo that might have been configured in old EPP or Vulnerability Management solution.
    If the url is configured, it will replace WithSecure support url in the support tab (behind "go to the website" link).

    image-ac78489ce6ab9-db13.png

  • LukaszK
    LukaszK Staff Posts: 7 W/ Staff

    Multi Factor Authentication is now mandatory in Elements

    As of August 1st 2024, Multi-Factor Authentication (MFA) is mandatory for all Elements users. Users who have not set up an MFA method will be required to do so upon their next login.

  • SergeH
    SergeH Staff Posts: 62 W/ Former Staff

    Custom PDF report with EDR security incidents

    When emailing a report using "My report" as data source, it is now possible to add the list of EDR incidents (Broad Context Detection) in the PDF report by simply clicking a tick-box as below.

    image.png

    Note: Elements Reporting is a common feature and will now be reported in this changelog instead of the Endpoint Protection portal changelog where it has historically been.

  • LukaszK
    LukaszK Staff Posts: 7 W/ Staff

    image.png

    This “Add subscription key” feature, previously available on the now deprecated Endpoint Protection Subscriptions screen, is currently available for all types of subscriptions on the Management / Subscriptions screen. On the new screen, the feature is called “Assign subscription” and is initially accessible to either partner or company users who have full (server and client) access to Endpoint Protection. Just like before, an existing key associated with a partner account can be assigned to a company.

    The company must be selected from the Scope Selector.

    image.png

    Clicking the “Assign subscription” button brings up a flyout where the subscription key currently associated with the partner account can be entered.

    image.png

    Clicking “OK” moves the subscription to the company account currently selected in the Scope Selector.

    With this change, the old Endpoint Protection Subscriptions screen becomes obsolete and is scheduled for removal on January 1, 2025.

  • MarcinG_WS
    MarcinG_WS Staff Posts: 1 Security Scout

    Email change functionality moved to a dedicated page

    The option to change the email of the user currently logged in to Elements Security Center, which was previously available directly on the My settings screen, has been moved to a separate page. Changing the email will now also change the username to the same value as the new email.

    To change your email, go to My settings and click Change email.

    image.png

    You will be redirected to a separate screen. The screen will display your current email and allow you to provide a new one.

    image.png

    If your username is different from the email, a warning will be displayed that changing your email will result in setting the username to the same value.

    image.png
    image.png

    To change your email, provide a new value and click Send. You will be asked to authenticate again before the operation is carried out.

    After your email is changed, you will be automatically redirected back to Elements Security Center.

  • LukaszK
    LukaszK Staff Posts: 7 W/ Staff

    "Partner" column added to Subscriptions view

    We have added the 'Partner' column to the Management → Subscriptions view. This column is visible to partner users. When a Solution Provider (SOP) user is logged in, the column indicates which Service Partner (SEP) organization a company subscription belongs to:

    image.png

  • LukaszK
    LukaszK Staff Posts: 7 W/ Staff

    Adjustments to Exposure Management roles

    With the introduction of the Exposure Management capability into Elements, the corresponding user roles will be grouped into a single column and details section on the Security Administrators screen. This applies to the Exposure and Vulnerabilities (formerly Vulnerability Management) roles:

    image.png
    image.png

    “Vulnerability Management - Admin” role has been renamed to “Exposure Management - Vulnerabilities - Management”.

    “Vulnerability Management - Read-only team member” role has been renamed to “Exposure Management - Vulnerabilities - Read-only”.

  • LukaszK
    LukaszK Staff Posts: 7 W/ Staff

    Elements IAM role granted to self-registering companies

    The Identity and Access Management (IAM) role is now visible in the Security Administrators view. This new role is authorized to grant and revoke all Elements permissions for security administrators within the IAM administrator’s organization and affiliated entities.

    Currently, this role is granted to self-registering companies, and only other IAM administrators can assign this role to additional users.

    We are about to begin the migration process, during which existing users who already have equivalent IAM permissions will be able to claim the IAM role. For more details, refer to the User Guide: Elements Identity and Access Management role | Welcome to WithSecure Elements | Latest | WithSecure User Guides.

    image.png
    image.png

Categories