Release Notes
This topic lists both the latest features now available in Prevasio and important documentation updates.
February 2025 Update
Introducing the new VM Scanner that enhances cloud workload security by providing agentless scanning for virtual machines, starting with support for AWS EC2 instances. This robust solution addresses the growing complexity of securing workloads in cloud environments, focusing on:
-
Vulnerability Assessment
-
Antivirus and Malware Detection
-
Exposed Secrets Identification
See Enable Virtual Machine Security. (released 7-Feb-2025)
January 2025 Update
We’re excited to announce that Prevasio now supports AWS WAF (Web Application Firewall), enabling enhanced visibility and control over your web application security. This new capability empowers you to seamlessly integrate WAF configurations into your security workflows, giving you greater control and protection. Gain insights into your Web Access Control Lists for improved application-level threat management. Analyze and manage AWS WAF rule groups to fine-tune your WAF policies. Expanded support for related AWS WAF resource types provide a more comprehensive security view. (released 28-Jan-2025)
AWS Organizational Unit insights in Prevasio
Prevasio now displays AWS account organizational unit information (when available), expanding AWS account search and filter capabilities to include organizational units. You can view the new Organizational Unit (Account OU) column on the AWS Dashboard as well as in multi-account data tables. See Getting around Prevasio. (released 14-Jan-2025)
December 2024 Update
For a holistic view of your associated firewall policies and associated risks, use the new link Go to AlgoSec Cloud located in the user menu. See 6 User name (with dropdown menu). (released 17-Dec-2024)
We’ve reorganized the menu navigation so that it now groups items in a more logical way. This includes creating a new Settings and Configuration section. (released 17-Dec-2024)
AWS Network Firewall Networking Risk Analysis
Prevasio now supports comprehensive risk analysis for AWS Network Firewall and Firewall Policies. This enhancement consolidates all identified issues into a single view, allowing you to easily assess risks across both firewalls and their associated policies. For each issue, you'll find detailed information, including severity levels and actionable remediation steps, empowering you to address vulnerabilities effectively and maintain a robust security posture. (released 10-Dec-2024)
November 2024 Update
- Extended export to PDF and CSV capabilities
- Streamlined Azure Onboarding: Enhanced Security with Custom Roles
Extended export to PDF and CSV capabilities
Now you can export detected risks, scan results, history of pull requests and applications, to PDF and CSV files. (Released 26-Nov-2024)
Streamlined Azure Onboarding: Enhanced Security with Custom Roles
We have updated the onboarding script for Azure, replacing the contributor role with a new custom role with more limited permissions, as follows:
- "Microsoft.EventGrid/eventSubscriptions/read"
- "Microsoft.ContainerRegistry/registries/read"
- "Microsoft.EventGrid/eventSubscriptions/write"
- "Microsoft.Web/sites/functions/write"
Existing customers who onboarded Azure prior then 18-Nov-2024 can now reduce the permissions by reonboarding Azure. See Automating Azure Resource Onboarding to Prevasio. (Released 18-Nov-2024)
October 2024 Update
Azure onboarding script explained
We've added a new topic explaining the azure onboarding script outlining purpose and functionality of each part of the code. See Automating Azure Resource Onboarding to Prevasio. (Released 15-Oct-2024)
Enhanced Application Discovery Search field
We've enhanced the search field in Application Discovery. For both applications and microservices, you can now also search for resources types and resource labels as well as resource tags. (Released 15-Oct-2024)
Prevasio Application Discovery now supports AWS EKS
Prevasio Application Discovery supports AWS EKS. See Prevasio Application Discovery. (Released 15-Oct-2024)
Prevasio Kubernetes Security Enhancements – AKS Integration
Prevasio now supports Azure AKS Kubernetes Managed Service. Note that additional Azure role (Azure Kubernetes Service Cluster User Role) is required for permissions to perform a KSPM scan on the Kubernetes clusters. See Kubernetes Security Posture Management (KSPM) and Roles required by Prevasio to scan your Azure subscriptions. (Released 7-Oct-2024)
September 2024 Update
Prevasio Kubernetes Security Enhancements – EKS Integration
Prevasio introduces comprehensive Kubernetes security monitoring, starting with AWS EKS. As Kubernetes environments become more complex, maintaining a secure posture while managing vulnerabilities and compliance violations is critical.
Key Features:
-
EKS Focus: Prevasio now supports automatic onboarding of all Kubernetes clusters across AWS EKS, with plans for multi-cloud vendor support coming soon.
-
Auto-Discovery: Seamlessly discover all clusters within each of your AWS accounts across all regions.
-
Efficient Scanning: Each cluster undergoes an in-depth security scan by the Prevasio KSPM scan engine. Scans take a few minutes per cluster, depending on configuration.
-
Continuous Monitoring: Prevasio performs daily scans and continuously updates your Kubernetes security posture. Any changes, such as new clusters, deleted clusters, or new vulnerabilities, are automatically reflected, ensuring your environment remains secure and up-to-date.
By simplifying cluster management and vulnerability detection, Prevasio helps you maintain strong security practices as your Kubernetes environment scales. See Kubernetes Security Posture Management (KSPM). (Released 11-Sep-2024)
August 2024 Update
Azure Support of Prevasio Application Discovery
The Prevasio Application Discovery feature has been enhanced to support Azure, expanding its capability beyond AWS. This advanced solution now identifies applications within both AWS and Azure environments, presenting a comprehensive graph of the applications' resource inter-dependencies. The graph details the application’s structure, highlights elements with security issues, and offers a visual view of complex relationships within the cloud environment. By pinpointing vulnerabilities within the application, this tool helps prioritize security issues based on their placement and impact, across both AWS and Azure platforms. See Prevasio Application Discovery. (Released 28-Aug-2024)
New Prevasio deployment locations for ME, UAE and IND regions
We're excited to announce the addition of a new Prevasio deployment location for our valued users in the ME, UAE and IND regions. Prevasio is now hosted on the following AWS availability zones:
-
ME: me-south-1 (Bahrain )
-
UAE: me-central-1 (UAE)
-
IND: ap-south-1 (Mumbai)
-
US: us-east-1 (N. Virginia)
-
EMEA: eu-central-1 (Frankfurt)
-
ANZ : ap-southeast-2 (Sydney)
See Logging in and out. (Released 5-August-2024
July 2024 Update
Kubernetes cluster risk insights
The new Kubernetes Security Dashboard to deliver insights into cluster misconfiguration, vulnerabilities and exposed secrets. Benefit from advanced visualizations and detailed analytical reports to effectively manage and mitigate security risks. See Kubernetes Security Posture Management (KSPM). (Released 30-July-2024)
Prevasio now supports three system roles more granular control over user permissions, ensuring that each user has access to only the necessary features based on their role. The Admin role has full access to all settings, resources, and sections; the Security Manager role has full access except for User Management; and the Auditor role has read-only access to specified features. See Manage user rolesPrevasio user roles. (Released 23-July-2024)
New Prevasio deployment location for Europe, the Middle East, and Africa (EMEA) region
We're excited to announce the addition of a new Prevasio deployment location for our valued users in the Europe, the Middle East, and Africa (EMEA) region. See Logging in and out. (Released 2-July-2024)
June 2024 Update
Prevasio Application Discovery Enhanced!
Our dependency graph now automatically identifies microservices within your applications. A microservice consists of an interconnected set of cloud resources that collectively perform a set of functions or service and works together with other microservices to form the larger application. See Prevasio Application Discovery. (Released 23-June-2024)
Export your dashboard to PDF or CSV
Export your dashboard views to files in PDF or CSV format, for both single and multi-account views. This enables you to easily share the data with others or perform further analysis in a spreadsheet program. See Getting around Prevasio. (Released 21-June-2024)
May 2024 Update
Introducing Prevasio Application Discovery
Application discovery is an advanced solution designed to identify applications within customer environment and present a graph of the applications' resource inter-dependencies. This graph details the application’s structure and highlights elements with security issues, offering a view of the complex relationships within the cloud environment. By showing where vulnerabilities occur within the application, this visual tool helps prioritize security issues based on their placement and impact. See Prevasio Application Discovery. (Released 21-May-2024)
View GCP AR CD mitigation scan history
The GAR CD Mitigation Scan History Page provides a provides a scan log of each deployment of an image in the AR . You can view a summary of all scan history or drill down for details of each GCP project. See Enable Threat Management on GCP AR. (Released 16-May-2024)
March 2024 Update
We have updated Prevasio login URLs:
-
For US-based users: http://us.app.algosec.com/prevasio
-
For ANZ-based users: http://anz.app.algosec.com/prevasio
See Logging in and out. (Released 06-March-2024)
February 2024 Update
View Azure ACR CD mitigation scan history
The ECR CD Mitigation Scan History Page provides a provides a scan log of each deployment of an image in the CR . You can view a summary of all scan history or drill down for details of each Azure Subscription. See Enable Threat Management on Azure ACR. (Released 28-February-2024)
View Configuration and Compliance Risk Trends
We've enhanced the dashboard for single accounts of all CSP (Cloud Service Provider) types. This update features a high-level analytic risk trend graph. This graph displays both regressions and progress in resolving configuration and compliance issues for the account and can be filtered according to severity level and time frame. Additionally, the update introduces a summary of the latest cloud security assessment scan data for the selected cloud account.
These enhancements enable security administrators to gain a holistic view of the current security status and historical trends streamlining the process of identifying vulnerabilities and understanding security patterns over time.
See View Configuration and Compliance Risk Trends. (Released 19-February-2024)
January 2024 Update
Enhanced Networking Risk Management in Prevasio
Introducing the AlgoSec Best Practices compliance standard: Prevasio now enables you to deep dive into networking risks with advanced capabilities for identifying and analyzing networking misconfiguration, a feature that distinctly positions us ahead of competitors in the cloud security space. We've added a fourth compliance standard, AlgoSec Best Practices, specifically designed for network risk violations. This internally developed standard elevates our compliance and risk assessment to new heights, offering a more comprehensive analysis and improved adherence to compliance standards. See Networking risks. (Released 17-January-2024)
November 2023 Update
View ECR CD mitigation scan history
The ECR CD Mitigation Scan History Page provides a provides a scan log of each deployment of an image in the ECR repository. You can view a summary of all scan history or drill down for details of each AWS account. See Enable Threat Management on AWS ECR . (Released 29-November-2023)
Manage threats in your CI/CD pipelines
Prevasio's Mitigation Rules are integral to the GitHub CI and the AWS ECR CD pipelines. Mitigation rules assess container images for high-risk flags. Prevasio static scans cover malware, vulnerabilities, and dynamic scans check behavior analysis (IPs, Domains, Countries, Open Ports).
Default Mitigation Rules, sourced from government and other public databases and updated daily, include artifact items with risk severity. You can set minimum risk levels for blocking pull requests (GitHub CI) and locking repositories (AWS ECR CD). For instance, a medium-risk IP won't block a pull request if the minimum risk is set to high. Conversely, with a medium risk-setting, the same IP would trigger a block. You can also create custom block- and allow-lists. See Threat Management. (Released 16-November-2023)
October 2023 Update
New Prevasio deployment location for ANZ region
We're excited to announce the addition of a new Prevasio deployment location for our valued users in the Asia Pacific region. We are already in the process of onboarding the first customer located in Australia. Prevasio is now hosted on the following AWS availability zones and next in line is the EMEA availability zone as well.
-
ANZ : ap-southeast-2 (Sydney).
-
US: us-east-1 (N. Virginia)
See Logging in and out. (Released 26-October-2023)
Extended insights for Docker container scans
We've enhanced Prevasio CI/CD Container Security by displaying the list of your open Pull Requests right in Prevasio. The list provides a structured view of the scan details for each open pull request, to help quickly assess and manage your security findings. Also, you can now access a full report of Docker container scans, directly from the Scan Summary comments in GitHub or from within Prevasio, in the Pull Requests list. See Prevasio CI/CD Container Security. (Released 22-October-2023)
Manage Your AWS ECR Repositories
Now you can integrate Prevasio with AWS to manage ECR repositories. Automatically detect when new images are pushed to your repositories. Modify the permissions of your repositories, giving you the ability to block any pull operation for the location where the image resides. See Enable Threat Management on AWS ECR . (Released 12-October-2023)
September 2023 Update
Prevasio CI/CD Container Security
AlgoSec Prevasio CI/CD Container Security solution AlgoSec Prevasio CI/CD Container Security solution is an extensible security plugin platform that provides an automated scan for Docker containers. AlgoSec Prevasio will build, simulate runtime, and scan the image statically and dynamically for security risks. This is integrated into the user's GitHub repository CI process. See Prevasio CI/CD Container Security. (Released 19-September-2023)