Editor’s Highlights
Advanced Response Actions are now available on macOS
We’re happy to announce that EDR Advanced Response Actions are now available for macOS. Please see the item WithSecure Elements Agent macOS 24.3.53367 below for more information.
Extended Detection and Response
Endpoint Protection
EPP: Migration from Policy Manager (PILOT)
We have released a new wizard that can help you with migration from the Business Suite (Premium) to our Elements products and we are eager to hear your feedback.
This wizard helps you to migrate some data from Policy Manager to Elements Security Center. You can use it to import policy settings and convert them into Elements profiles. However, it does not create subscriptions, devices, or profile assignment rules. To start the migration, click the “Start migration” button. Note that this wizard is for testing purposes only.
Keep these points in mind before importing a profile:
Important: This is a PILOT version. Some settings may be missing from the Elements profile after import.
Make sure that you import all migration files. Otherwise, you might lose some settings in child profiles.
If your migration file has settings for different profile types (Windows, Windows Server, Linux Server, Mac), you can clone the imported profile and then change the type of the cloned profile.
Always publish a profile with the expected profile type. Change it if necessary.
WithSecure Elements Agent macOS 24.3.53367
A new version of WithSecure Elements Agent for macOS has now rolled out to Production and is available for all customers.
Added features:
- Advanced response actions are now available for macOS
- Software updater user interface component enabling better visibility and control of application updates
Other:
- This release is not compliant with macOS Sequoia
- Official macOS 15 Sequoia support is scheduled later in 2024 with version number 24.4.
- Before upgrading, please read article about the network addresses
Elements Mobile Protection IOS updates
An update to the WithSecure Elements Mobile Protection app for iOS (24.7.11129) has been completed 9 September 2024.
It includes the following new features and improvements:
Improvements to URL validation
- The app now supports the update of User Data
Elements Mobile Protection: Android version 24.7.0023004
An update to the WithSecure Elements Mobile Protection app for Android (24.7.0023004) has been released.
It includes the following new features and improvements:
- Replaced "Traffic protection" with "Recent activity"
- Redesigned the main app interface for improved user experience
- Extended details are now available for checked URLs
- The app now supports reporting false positives
- Added filtering by category and status to the "Recent Activity" view
- The counter of processed and blocked URLs is now more preciseThe app now displays a notification when a URL is blocked
EPP Portal
Device importance can now be updated from the device listing view
Multiple selection and edit by query are both supported.
Endpoint Detection and Response
Elements XDR: New Feature for Reopening Closed BCDs
We are pleased to introduce a feature that allows Partners and Customers to reopen closed BCDs within 30 days, regardless of the resolution code. This ensures any critical questions can be addressed post-closure.
You can find full details of this new feature in its own dedicated article.
Elements XDR: New ‘Timeline” section in the BCD details view
We’ve introduced a new “Timeline” section in the BCD details view. This feature lists detections in a table format for another alternative view to assist investigation in understanding sequence of events across multiple hosts.
Exposure Management
Vulnerability Management
Attack Path Simulation
We have now released a new feature to Exposure Management, which models how an attacker can exploit your environment, and presents this to you visually.
You can find full details of this new functionality in its own dedicated article.
EVM: System Scan
The capability to detect vulnerabilities in the following products has been added to authenticated scanning for Windows
- Zabbix Agent
- Zabbix Agent 2
- Spring HATEOAS
- Cisco Smart Licensing Utility
- Veeam Backup & Replication
- Intel oneAPI HPC Toolkit
- Intel Rapid Storage Technology
- Webroot Antivirus
Elements Foundations
Elements Security Center
Elements Security Center “Add subscription key” moved and replaced by “Assign subscription”
The “Add subscription key” feature, previously available on the now deprecated Endpoint Protection Subscriptions screen, is currently available for all types of subscriptions on the Management / Subscriptions screen.
On the new screen located “Management > Subscriptions”, the feature is called “Assign subscription” and is initially accessible to either partner or company users who have full (server and client) access to Endpoint Protection. Just like before, an existing key associated with a partner account can be assigned to a company.
The company must be selected from the Scope Selector.
New view:
Clicking the “Assign subscription” button brings up a flyout where the subscription key currently associated with the partner account can be entered.
Clicking “OK” moves the subscription to the company account currently selected in the Scope Selector.
With this change, the old Endpoint Protection Subscriptions screen becomes obsolete and is scheduled for removal on January 1, 2025.
Elements Security Center: Email change functionality moved to a dedicated page
The option to change the email of the user currently logged in to Elements Security Center, which was previously available directly on the My settings screen, has been moved to a separate page. Changing the email will now also change the username to the same value as the new email.
To change your email, go to My settings and click Change email.
You will be redirected to a separate screen. The screen will display your current email and allow you to provide a new one.
If your username is different from the email, a warning will be displayed that changing your email will result in setting the username to the same value.
To change your email, provide a new value and click Send. You will be asked to authenticate again before the operation is carried out.
After your email is changed, you will be automatically redirected back to Elements Security Center.
Integrations
Elements API
The latest Elements API release brings new incident sources from the incidents endpoint.
There is a new query parameter <source> in the /incidents/v1/incidents endpoint.
The <source> parameter can be one or many of these (separated by comma):
- endpoint - The incident contains detections raised by endpoint events
- cloud - The incident contains detections raised by cloud events
- customer - The incident is a support request originated from the customer
- endpointExpert - The incident was raised manually by the MDR service team
If the <source> argument is not given, the incidents endpoints returns incidents from all possible sources.
Please see the api definition for more details on the incident endpoint:
https://connect.withsecure.com/api-reference/elements#get-/incidents/v1/incidents
Other items of interest
Gartner recognition
As one of 15 global vendors, Gartner recognized WithSecure in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for our ability to execute and completeness of vision.
For more information, please visit our website
In case you missed it
Navigation changes in Elements Security Center
We recently announced changes to the navigation structure within the Elements Security Center.
You can find out more about the changes in the announcement.
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center
