Product Troubleshooting WithSecure Elements Announcements

What's New in Elements: June 2024

Elements Security Center

Ability to email custom reports as PDF

It is now possible email custom reports in PDF format, by following the instruction below:

Add Widgets:
- Navigate to the “My Report” tab.
- Add the desired widgets to create your custom report.
- Save the view template.
Set Up Email Reports:
- Go to the “Email Notification and Report” tab.
- Click on the “Add Email Report” button.
- In the flyout, select the personal or organization view template you saved in the “My Report” section.
Configure Email Settings:
- Specify the language for the report.
- Set the schedule (daily, weekly, or monthly).
- Add recipients to the recipient list.
Recipient Experience:
- Recipients will receive an email from WithSecure.
- The email will contain a button to download the report as a PDF.
- The PDF includes both the dashboard and the description from the “My Report” page.
- The report remains available for 7 days.

The screenshot below shows how the user can add/create description within ‘My Reports’ tab. Users now can mark or add/edit any desirable and explanatory information, also remove description if necessary. The description will be visible both on screen and in the PDF report.

Elements Endpoint Protection

WithSecure Elements Agent for Windows: Version 24.4

A new version of the Windows endpoint clients is available to our Early access program participants, with full availability starting in August.

This release makes the Elements Agent version 24.4 available (internal version 24.4.356).
The endpoints automatically upgrade, without a reboot.

Features:

We have enhanced our compatibility with Squid Proxy 6 and above, ensuring smoother operations.
This release includes an updated software updater engine, providing more reliable and efficient updates.
We have enabled offload scanning in the portal's profile editor. This premium feature allows for more efficient resource usage by offloading scanning tasks.

WithSecure Mobile Protection for Android: Version 24.5.0022817

This release includes the following new features and improvements:

The app and the WithSecure Elements Endpoint Protection portal now support the security parameter for unsupported OS
The app and the WithSecure Elements Endpoint Protection portal now support the web content control setting
The StrandHogg vulnerability was removed
Improvements to app stability

Elements Endpoint Detection and Response

Next generation of our detection engine

Partners and customers will see a new and improved risk score against all EDR Broad Context Detections. The new model learns from your environment using resolution closure codes to assess detection logicperformance. By identifying areas for enhancement, we aim to refine and improve our detection capabilities, achieving a significant reduction in reported BCDs.

For more information view the full article here: Next Generation XDR Detection Engine - WithSecure Community

WithSecure Endpoint Detection and Response: Accepted Behavior released

We have now introduced “Accepted Behavior” to all customers.

It is now possible to create suppression rules that accept the behavior of a user or process. This feature aids in silencing Broad Context Detections (BCDs) for expected behavior. Partners and customers using WithSecure’s EDR solution can utilize this functionality to allow specific behavior in their environments. For example, if you trust a process called “XYZ” associated with software “ABC,” you can suppress similar BCDs to avoid unnecessary alerts.

Accepted Behavior works by suppressing key detections within a BCD. Each BCD contains one or more key detections that highlight suspicious behavior. Organizations can create suppression rules based on their specific circumstances. However, users should be cautious not to suppress too broadly, as legitimate behavior might also be affected.

Limitations of the release include enabling “accepted behavior” on BCDs with up to 5 key detections. We will soon be addressing this and dealing with cases where identical rules are created due to repeating key detections.

You can find full details about Accepted Behavior in our dedicated article.

Elements Collaboration Protection

Try Collaboration Protection Now with Our New In-Product Trial

In-Product Trial for Collaboration Protection is now available in production. EPP admins can easily create an evaluation subscription directly from the product interface.

Key Highlights:

Easy Activation: Simply click on Collaboration Protection at the company scope to start your trial.
Streamlined Setup: The subscription process is quick and easy—just enter your email and phone number.
Self-Subscription: Follow a straightforward self-subscription flow to get started.

This new feature allows you to explore and experience the benefits of Collaboration Protection with minimal effort. Try it out today and see how it can enhance your collaboration security.

Elements Vulnerability Management

EVM: System Scan

The following applications have been added to the list for detecting vulnerabilities, in authenticated scanning for Windows:

Progress Telerik Reporting
Progress Telerik Test Studio
Progress Telerik UI for WinForms
Intel VTune Profiler
Intel Graphics Performance Analyzers
Intel Graphics Performance Analyzers Framework
Intel Power Gadget
IBM Cognos Controller
Ivanti Endpoint Manager
FileCatalyst TransferAgent
Dropbox Desktop
JetBrains RustRover
JetBrains GoLand
JetBrains DataSpell
JetBrains DataGrip
JetBrains CLion
JetBrains Aqua
VIPRE Antivirus Plus
Hancom Office
Veeam Backup Enterprise Manager
Ashlar-Vellum products

EVM: Portal changes

Elements Vulnerability Management supports SNMP for system scan configuration. Users can now configure authentication using SNMP v3.
Product subscription names in Device Discovery view have been updated. Read more.

Integrations

WithSecure Elements API: Create response actions

The Elements API allows a user with EDR subscription to create a response action.

Example query like (use all on one line, this example is split to multiple lines here for clarity):

curl -X POST -H "Authorization: Bearer {token}"   -H "Content-Type: application/json" 
     -d '{"organizationId": "{organizationId}", "type": "netstat", "comment": "test",
         "targets": ["{deviceId}"], "parameters": {"maxFileHash": 10}}'

{

id: "{actionId}"

}

The response contains the id of created action.

WithSecure Elements Connector: Version 24.25

A new release of Elements Connector 24.25 for both Windows and Linux is now available. This release includes the following changes:

Security Updates:
- Upgraded Spring Framework to version 5.3.34, addressing CVE-2024-22262.
MSI Installation Fix:
- Resolved an issue with MSI installation in localized Windows environments.
Fix for DNS Resolving:
- Addressed DNS resolving issues through upstream HTTP proxies when using isolated DNS.
New Channel Subscriptions for WS-GUTS2:
- Elements Connector now subscribes to the following WS-GUTS2 channels:
  - swup-win-db
  - sidegrade
  - elements-connector-win
  - elements-connector-linux

Installation Options:

First-time installers are now available on our Software download page.
The channel upgrade is scheduled for Tuesday, June 25th.

New integration of WithSecure Elements to Microsoft Sentinel released

A new integration of WithSecure Elements to Microsoft Sentinel has been published in the Azure marketplace.

The new integration is more secure, serverless and requires no maintenance from the customer. It brings all security events supported by the Elements API to MS Sentinel.

Alternatively, the connector can be installed from the command line by following the instructions in github.

How it works

The integration allows ingesting WithSecure Security Events into Microsoft Sentinel Logs Workspace. It periodically polls Security Events from Elements backends and forwards it to Azure cloud. A Sentinel administrator can then use the ingested events to create Workbooks, Playbooks and use other useful Sentinel features.

Other items of interest

Monthly Threat Highlights Report: May 2024

Emphasis on the importance of multi-factor authentication (MFA) in preventing cyberattacks, as demonstrated by the compromise of Change Healthcare due to a lack of MFA on a Citrix account.
Organizational changes at Microsoft in response to security failures, such as tying senior executives' pay awards to prioritizing security over new features and partnering deputy CISOs with engineering teams.
Ongoing law enforcement actions against cybercriminals, including the action against LockBit and the initiation of a secure-by-design pledge by the US government cybersecurity agency, CISA.
Response to zero-day vulnerabilities in SSL VPN solutions, with Norway's NCSC recommending organizations to switch to more secure alternatives like IPSec IKEv2 VPNs or 5G data connections.
Insights into AI security news, including research on how hackers are leveraging generative AI to enhance their offensive capabilities and strategies to defend against such attacks.

The key findings in the May 2024 Threat Highlight Report include:

Ransomware Trends: The report highlights the compromise of Change Healthcare due to a lack of multi-factor authentication (MFA) on a Citrix account, emphasizing the importance of MFA in preventing cyberattacks .
Organizational Changes at Microsoft: Microsoft has announced organizational changes in response to security failures, such as tying senior executives' pay awards to prioritizing security over new features and partnering deputy CISOs with engineering teams .
Law Enforcement Actions: Law enforcement actions against cybercriminals, such as the ongoing action against LockBit and the initiation of a secure-by-design pledge by the US government cybersecurity agency, CISA, have been noted .
Zero-Day Vulnerabilities in SSL VPN Solutions: CheckPoint's Firewall VPN gateways experienced a zero-day vulnerability, leading Norway's NCSC to recommend organizations to switch to more secure alternatives like IPSec IKEv2 VPNs or 5G data connections .
AI Security: Research on how hackers are using generative AI to enhance their offensive capabilities and strategies to protect against such attacks have been highlighted in the report .
Statistics and Summaries: Several companies have published reports on cybersecurity statistics and trends for 2023, providing insights into the evolving threat landscape.

Download report

In case you missed it

Important Announcement: End of installation support for deprecated Elements Agent registration API

Due to changes announced in Upcoming changes to WithSecure Elements client installations we will soon remove the ability to install Agents from old installer versions depending on obsolete Elements Agent registration API.

We strongly advise against using old installers and recommend to always take the latest versions from the Download Center or Elements Security Center.

Starting from 1.08.2024 it will be impossible to make new Agent deployments using installers published in 2022 or earlier.

Public Holidays coverage for WithSecure Co-Monitoring Service

We are delighted to announce that we are officially launching the Public Holidays coverage for the Co-Monitoring Out of Office service.

This coverage is currently available for the following countries, and for country-wide public holidays only:

Nordics: Finland, Norway, Sweden, Denmark
DACH: Germany, Austria, Switzerland
UK: England, Wales, Scotland and Northern Ireland
USA: Federal holidays only, not unique state holidays
Netherlands
Belgium
France (mainland only)
Italy
Estonia
Republic of Ireland
Singapore
Japan

Countries not listed above cannot currently use the Public Holiday coverage, but we will consider adding more in the future.

Please contact your WithSecure Sales Representative for more details. For End Customers, this is typically the partner that you purchased your WithSecure products and services from.

Share your ideas with us

Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.

Further information

Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center