What's new ?

Updated 1 week ago by admin

What's new ?

After pressing Reload, If you do not see v2.12.1 in the bottom left hand corner of the dashboard, please clear cache or use Ctrl+R to reload the page

v2.12.1 - 10th April 2019

Bug fixes

  • Mailbox variants could not be added as a result of the RBAC implementation
  • "Valid to" on a License is now displayed in UTC
  • Email Security domain list no longer pages incorrectly

v2.12.0 - 29th March 2019

Roles Based Access Control

Added support for RBAC (Roles Based Access Control) to the dashboard with a set of pre-defined roles for easy restriction of administrator capabilities. The following roles are supported in this release:

  • Super User - full access to all dashboard capabilities
  • Agent Installer - restricted user capable of installing endpoint agents, AD Connect agent and gateway virtual machines
  • Admin - Web - Web Security product administrator only
  • Admin - Email - Email Security product administrator only
  • Admin - Cloud App Security - Cloud App Security product administrator only
  • Admin - MFA - MFA product administrator only
  • Admin - Partner - ability to provision new accounts and manage licenses only (requires partner level account)
  • Email - Quarantine Admin - ability to manage the Global Quarantine only
  • Web - URL Admin - ability to manage Custom URL categories only
  • Report Viewer - ability to view reports for all products
  • Report Viewer - Web Security - ability to view the reports for the Web Security product only
  • Report Viewer - Email Security - ability to view the reports for the Email Security product only

Email Security - Mailboxes

This section has been updated to show an icon if the mailbox was synchronised from Active Directory. It now also shows the total number of mailboxes and the number of those which were synchronised from Active Directory, e.g. 159 mailboxes synchronised (130 from Active Directory)

Email Security - Global Quarantine

Now supports Safe/Deny by IP address for quarantined messages.

Product Settings - Administrators

The "Super User" column has been removed and a new "Role" column added that allows a super user to set a role for another admin user.

MFA - portal logins

Dashboard logins now use SMS-based one time passcodes. Support for the "CensorNet /SMSPASSCODE App" is no longer available for dashboard logins. The token entry time has also been reduced from 2 minutes to 30 seconds.

MFA powered by IntelliTrust

This release includes support for the upcoming launch of MFA powered by IntelliTrust - a new Cloud MFA product integration for the USS platform. Look out for further product announcements soon.

Account Management - Provisioning

The Provision Account process has been improved so that it is no longer necessary to wait until all of the requested products are provisioned. Instead, provisioning will now take place in the background freeing up the administrator to carry out other tasks within the dashboard. Note that this may mean new account Activation Links take a couple of minutes to be ready to use. Using an activation link too early will display a "Try again in a couple of minutes" message - this is normal. In addition, the account will not be visible in the Account Management section until provisioning has completed.

Active Directory - User objects

The Active Directory / AD Objects user list now shows the users group membership. Note: this is not available if the legacy Cloud MFA product is licensed.

Active Directory - Settings

The Active Directory connection settings now includes options for synchronising Email and Phone numbers for user objects.

Web Security - Web Activity

Additional Filters have been added to the Web Security report to allow searching by MIME Category and MIME Type.

Internet Explorer 11 

Support for Internet Explorer 11 has been removed. Only browsers supporting Javascript ES6 are supported.

v2.11.0 - 1st February 2019

Web Security

The Filter Rules section has been expanded to support additional actions:

  • There is a new action called Template which is shared by the other actions instead of being set explicitly in the action configuration.
  • The Allow, Block, Warn, Quota and Redirect actions are now known as Request Actions as they operate on the HTTP request.
  • A new MIME Type action has been added as the first supported Response Action as it operates on the HTTP response. This can be used with the Allow, Warn or Quota request actions as a second step before web content is returned to the end user.
  • The MIME Type action allows for blocking MIME Type strings in the Content-Type header that is returned by the remote web server. Over 450 categorised MIME Types are available.
  • In addition to the MIME type header being scanned, the HTTP response will also be scanned for executable code if the Executable Binary category is enabled.

NOTE: this feature requires USS Gateway v1.32 and above.

Reports

  • The Web Activity report has been extended so that the web hits in a visit now show the request and response scanning outcomes.
  • Additional columns: Response Module, Response Category, Response Pattern Name and Keyword have been added to the report.

Bug fixes

  • Downloading a saved report that uses the Keyword Category column no longer results in an empty report.
  • The Web Activity report sometimes displays out of timestamp order.
  • Exporting headers for an email message in Excel format no longer hides email addresses.

v2.10.1 - 29th January 2019

Bug fix

The Message Rules filter in the Email Activity report no longer displays an error message

v2.10.0 - 23rd January 2019

General

A new System Status link has been added to the login page and a new System Status page has been added to the Status section.

General

The Products section menu is now collapsed by default.

Web Security

The Filter Rules and Feature Controls sections have been improved for better usability and performance. The rule editor now opens in the main tab rather than in a floating window.

Web Security

From the Filter Rules section, when adding a Custom URL match it is now possible to edit the Custom URL category/patterns without leaving the rule editor.

Email Security

The Message Rules and Connection Rules sections have been improved for better usability and performance. The rule editor now opens in the main tab rather than in a floating window.

Email Security

It is now possible to multi-select messages in the quarantine to release, add to safe list or add to deny list.

Bug fixes

  • It is now possible to download a report if the XHR filter is used.
  • Removed unused values from the "Final Action" filter in the Email Activity report.
  • Adding the “Audit” product changes the region of the “Web Security” license.

v2.9.0 - 27th December 2018

Email Security

It is now possible to use the USS AD Connect service to power user synchronisation in the Email Security product. This requires AD Connect 1.4 client software to be installed and your Email Security license to be updated to use the USS AD store. Existing customers please discuss migration with your service provider.

Email Security

A new Executive Tracking feature has been added to combat spear phishing and CxO fraudulent emails. Using details synchronised from Active Directory (AD Connect 1.4+ required), the new Executive Tracking condition will automatically detect, using fuzzy logic algorithms, variants of users' real names within the senders' email headers, to detect simple but effective attempts to impersonate key company officials. The condition can be used in conjunction with any of the existing actions, such as Quarantine, Add to Subject, Notify, etc for complete flexibility. This is not active by default. 

Email Security

A new Group Management section has been added to Email Security for viewing groups from Active Directory and to manage manually created ones. Groups can also be flagged for "Executive Tracking" meaning all users in the group will be used by the new condition described above.

Email Security

The Mailboxes section has been enhanced to support group membership and adding custom variants for use with the Executive Tracking condition. For example, if there is a specific name that someone is known by, it can be manually added as a variant for the mailbox and this will be taken into account by the Executive Tracking condition. Mailboxes can also be included or excluded from Executive Tracking from this section.

Email Security

A new Nearby (Cousin) Domain feature has been added to combat targeted attacks using your own corporate brand names that at first glance appear legitimate. The new condition uses the Levenshtein distance algorithm to detect how similar the sender domain is from one of your own corporate domains. Based on the result, any of the existing actions such as Quarantine, Add to Subject, Notify, etc can be used for complete flexibility. For example, if your corporate domain that is protected with Email Security is called and a sender emails you from  - the distance is 1 which is very small and suggests it is extremely similar but not identical to your real domain. In this case, you may want to add a warning to the message or quarantine the mail for review as it is potentially suspicious. This is not active by default.

Mac OS X Agent 

An updated version of the Mac OS X Agent is available to bring key feature parity with the Windows agent:

  • Now supports Network Detection. The Network Detection option has been added to the agent configuration section.
  • Installer now allows selection of the configuration profile to use during installation
  • Block QUIC feature has been implemented
  • Block Insecure SSL Ciphers has been implemented
  • Do not log IP/MAC has been implemented

 Early access to this version is available through your service provider.

Bug fixes

  • Modifying an Unblock Request URL before Approving still saves the original URL in the chosen Custom URL category
  • Refreshing the page when managing licenses causes the Remove license button to disappear
  • Paging through Tags in the Visual Rule Builder generated an error
  • Bypass Types based on IP/CIDR now support IPv6 patterns

v2.8.1 - 10th December 2018

Partners - License Management

Partner accounts are now restricted by default:

  • Only new product licenses can be added to a child account
  • All new product licenses are locked to 30 day trial

Supported Browser warning

A warning message will be displayed if you try and access the dashboard with IE11. See Supported Browser page.

Email Security - Message Rules

Updated to be consistent with Web Filter Rules:

  • Remove paging toolbar
  • Now uses the same icons for delete and change
  • Increased character limit for Notify Sender/Recipient message

Email Security - Email Activity

  • Added a new "Dropped" value to the "Delivery State" filter.
  • Added a "Dropped" series to the "Inbound Email Activity" chart

Bug fixes

  • Clicking the search icon multiple times in the Account Relations tree causes the product button status to change
  • Added a chart title for "Top Cloud Application Locations"
  • Fixed "Device Group" select box in Device Import sections
  • Changed the "Authentication Activity" chart from area to line chart so that data points are more easily clickable
  • Searching Devices/Custom URL/Bypass shows more results than it should when clicking on the category
  • "Update Config" timestamp now reflects UTC and local time
  • Sometimes bypass patterns are not taking effect on the USS Gateway (gateway update required)

v2.7.0 - 23rd November 2018

CASB

Added image content scanning to files uploaded via connected Cloud Storage apps in API mode. The following image categories are supported:

  • Alcohol
  • Drugs
  • Gore
  • Adult
  • Underwear (including swimware)
  • Extremism
  • Weapons

This is configurable in the Image Scanning section under Cloud Application Security

Reports - Cloud Activity (API)

Added new Threat Count filter to return only results that contain a minimum number of threats

Reports - Cloud Activity (Inline)

  • Added new Service IP filter to search for hits based on the destination cloud service IP address
  • Updated the Keywords filter so that it searches captured app data and supports multiple values separated by semi-colon

Bug fixes

  • Searching in Devices section shows the correct count in the resulting categories
  • Action Value in downloaded reports is now formatted correctly
  • Entering invalid credentials when logging in results in an infinite "Loading" message
  • Unable to add a URL pattern that ends in a number
  • It's now possible to select a sub-category when submitting a URL for reclassification
  • Drill down from Top Cloud Application Locations

v2.6.0 - 16th November 2018

Reports

All of the chart visualisations have been updated for better usability and accuracy with drill-down and zoom. The charts also now support download to PDF or image and they support a custom time range

Reports

Added a new product "Extended Web Reports" which provides additional charts by Active Directory user group for the Web Security product.

  • Top Web Categories by Group
  • Top Domains by User or Group
  • Top Users or Groups by Time Spent

Reports - Web Activity

A new "SYSTEM" category has been added to the Web Categories selector containing the following options:

  • CTIRU - hits that matched the Counter Terrorism Internet Referral Unit block list
  • Time Quota - hits that were accessed whilst a Time Quota was active
  • Warning Bypassed - hits that were accessed after the warning page (Warn final action) was bypassed by the user

Provisioning and License Management

The new "Extended Web Reports" product can be added during provisioning or license management

Products

The navigation menu is now expanded by default for faster access to configuration sections

Web Security - Filter Rules - Warn & Quota final actions

The minimum configurable value for the "Allow For" setting is now 5 minutes

Web Security

Added a new ICAP node in Tokyo, Japan for improved coverage in Asia-Pacific

Web Security - USS Gateway

Version 1.1.30 is now available for download:

  • Updated user interface
  • Bandwidth, Requests and DNS timing charts with pan-zoom
  • Image Analysis module for image scanning
  • Improved performance when using content scanning modules
  • Bypass entries shown in the local UI
  • Support for the new "Bypass Authentication by MAC Address" bypass type
  • Based on Ubuntu 16.04 operating system

Existing customers can follow the upgrade steps to migrate from 1.0.x

Version 1.0.58, for existing Ubuntu 14.04 versions of the USS Gateway, is now available as an upgrade package. This includes:

  • Updated user interface
  • Numerous bug fixes including improved handling for overlapping domains

**The 1.0.x branch is now in maintenance mode only.**

Bug fixes

  • Fixed an issue where the warning state for a user does not persist across ICAP servers, resulting in an unexpected "invalid token" error message
  • Validation error when trying to add a new schedule
  • "Re-write URL" action filter not returning the correct results on the Email Activity report
  • Charts now correctly support the "Limit" option
  • Email Security - NDR is not generated for EOD errors
  • Email Security - Global quarantine ordering is sometimes out of sync
  • Email Security - placeholders are case sensitive
  • Email Security - "signed email cannot be verified" Outlook error
  • Email Security - blank recipients removed from charts

v2.5.0 - 26th October 2018

Account Management

This section has been redesigned to make it easier for partners to manage their child accounts.

  • Integrated the "Lookup", "Relations" and "Explore" tabs into a single "Relations" view
  • The Relations view shows the account hierarchy
  • Search by name or account UUID
  • Toggle between traditional tree list and visual tree (with right-click menu for managing accounts)

Charts

  • Charts now support a "Specific" timespan and have a "Run Report" button to refresh
  • Drill down from Cloud Application Security charts have now been enabled
  • "Top Domains By Time Spent" chart now returns data for "Last Hour" interval (displays results from the top of the hour)
  • Charts that used a duration are now rendered correctly as HH:MM:SS format rather than just hours.

Reports

  • The Web Activity report now shows the query string, if available, for each hit in an expanded visit
  • Clicking the GUID in a Quarantined Email now opens the Email Activity report for that GUID
  • The Web Activity "Exclude Ajax" filter now works as expected and removes results that were triggered by background polling in the browser
  • Downloaded / Scheduled reports in Excel format now loads correctly on an iOS device
  • Download/Scheduled Report emails now use the branding configured for the account to make them look more familiar to end-users

Unblock Requests

  • Unblock Request notification emails now use the branding configured for the account to make them look more familiar to end-users
  • Added a tooltip for "User Reason" to make long entries easier to view
  • Fixed a bug where the URL added from an Unblock Request contained spurious characters

Email Security

Implemented a new "URL Scanner" rule condition which scans URL's in the message body at delivery time for known threats.

Email Verification

  • Email verification emails now use the branding configured for the account to make them look more familiar to end-users

Provisioning

  • The "Welcome" email for a new account now uses the branding from the parent account to make it look more familiar

Web Security - Filter Rules

  • Viewing and searching the parent/child grouping for the "Web Category" match has been improved

Bug fixes

  • Saving a Windows Agent Configuration Profile incorrectly increments the update interval
  • Login dialog disappears if cancelling an MFA login
  • Provisioning based on a child account generates an "Undefined" error
  • Drill down from charts was out by 1 hour in some cases
  • Agent Gateway Configuration profile was missing the "Enforce Safe Search" option
  • Preview from Quarantine now opens in a dialog
  • Missing descriptions have been added to system-level Message Rules in Email Security
  • It is now possible to correctly select a region per product

General

The dashboard now shows the version number (bottom left) which if clicked opens the What's New? page

5th October 2018

Web Security

The "Web Categories" list has been grouped to make administration easier. The list is now presented as a tree allowing for quick selection of entire groups or individual categories. This updated list is available in the Filter Rule Builder and the Web Activity report.

Email Security

The Global Quarantine is now refreshed when a message is released using the Safe or Deny option.

Email Security

A new "URL Scanner" condition has been added to Message Rules which scans email messages for malicious web links at delivery time. The condition will return a result of "Threat" or "Clean" which can be used to trigger an additional action, such as adding to the spam score, quarantine, notify, etc.

Reports

  • New columns "URL Category" and "Keyword Category" have been added to the Web Activity report.
  • The duration column in the "Top Domains by Time Spent" and "Top Users by Time Spent" is now formatted correctly.

License Management

The "Trial" column has been renamed "Status"

2nd October 2018

Agent Configuration Profiles

Now able to manage Gateway Anti-Malware and Image Analysis products on behalf of a child account.

1st October 2018

Image Analysis

A new "Image Analysis" product is available to add real-time image content scanning to the Gateway*. Added:

  • Image Analysis product to provisioning and license management
  • Additional Gateway Configuration Profile settings for configuring the Image Analysis product
  • Image Reputation report in Analytics section

* An upgrade to the Gateway virtual machine system software is required.  

Deployment

Added Search by agent name, GUID and version number.

Deployment

Added multiple delete option to remove agent records that are no longer required.

Email Security

Added multiple delete option to the Global Quarantine.

Web Security

Changed the "Duration" slider to be a numeric entry field based on seconds, to allow for more granular queries to be made.

Reports

Added new "Collaboration" options to the "Action" filter on the App Activity (API) report.

Reports

Added a new "Delivery Delay" option to the "Delivery Status" filter on the Email Activity report. If used, a new "Find Related Messages" option is available to find all results related to a particular delayed message for easier troubleshooting.

Reports

Added a new "(Block Uncategorised Sites)" option to the "Filter Rules" filter on the Web Activity report.

Bug fixes

  • New accounts provisioned using the "Baseline Template" system template correctly inherit the Filter Rules, Feature Controls and General settings.
  • The App Activity (API) report now groups duplicate threats into one threat result.
  • An agent configuration profile marked as default can no longer be deleted.
  • Email Security Message Rules action Notify Sender/Recipient now supports placeholder tags in subject and body

24th September 2018

Cloud MFA

Unable to lock/unlock an MFA user if a phone number has been set.

7th September 2018

Web Security

Implemented the Feature Controls section that allows you to configure rules to apply features such as Google, Yahoo!, YouTube and Bing Safe Search, YouTube for Schools mode and Google App domain restrictions.

Web Security

Added the ability to set a description for Filter Rules and Feature Control rules.

Web Security

Added a password strength meter to the admin password field in Agent Configuration profiles.

Web Security

Added a new Bypass pattern type to allow bypassing source MAC addresses from authentication (Gateway only - new release pending).

Email Security

Messages in the Email Quarantine can be previewed by clicking the subject text.

Cloud App Security

Now logging Download events in API mode.

Devices & Groups

Added a "Devices & Groups" section to Products for managing devices. Includes options to import from CSV, IP range or CIDR.

General

Enabled the "View Analytics" button in Quick Lookup and "Super User Access" now opens in a window.

3rd September 2018

Email Security

Bug fix for the Global Quarantine section

27th August 2018

Email Security

Support for DKIM and DMARC has been added to the Email Security product. DKIM public key can be managed in the Domains section and you can now use the new DKIM and DMARC rule conditions and actions to configure the desired behaviour for your domains.

New rule conditions:

  • DKIM Enabled
  • DKIM Signature
  • DMARC Policy
  • DMARC Failure

New rule actions:

  • DMARC Verification Required
  • DKIM Signing

Email Security

Added a new condition "Protected Attachment" condition for detecting password protected archives.

Email Security

The "Preview" option in the Email Digest (click the subject of an email in the digest) now has buttons to Release and Safe or Deny the sender, domain/IP from the preview page.

Products & Reports

The active tab that you are working in is now remembered when you switch between Products and Analytics (Reports) section as a partner level account

Reports

The Email Activity report now converts the Timestamp (Local) time to the browser local time, rather than the mail server delivery local time

9th August 2018

Reports

Added a section to create Report Schedules using a calendar view for ease of management. Schedules allow saved reports to be sent on a regular interval (hourly, daily, weekly, monthly) to one or more recipients, in different formats. This can also be used as an alerting system by disabling the "email empty report" option.

Reports

Added a Malware Detections report for use by customers who have licensed the BitDefender plugin for the Gateway virtual machine (Gateway Anti-malware).

Reports

Added Gateway Anti-malware product specific charts:

  • Top Malware Categories detected
  • Top Malware Identified
  • Top Malware by Domain
  • Blocked Malware by username
  • Blocked Malware by IP
  • Block Malware by MAC
  • Blocked Malware by Tag

Account Profile

Added a Notifications section where customers can now specify individual email addresses for system, maintenance, unblock and log archive notifications. It is recommended you review and update this to ensure the details are accurate.

Email Notifications

Updated the design and content for all of the notification emails sent by USS to use the new theme and contain more context.

Bug fixes

  • Cloud Activity (API) paging toolbar showed incorrect number of pages and results for some queries
  • Top Spam Recipients, Top Senders and Top Virus Recipients charts appeared empty for some customers
  • Second hour data point on time series charts always showed zero results
  • Unable to change a product region by adding and removing a license
  • Parent is unable to submit a URL reclassification request within a child account
  • Custom Risk score not rendered correctly on Cloud Activity - Inline report
  • Warn and Redirect final actions not rendered correctly on Cloud Activity - Inline report

20th July 2018

Log Archives

Added a section to view and download Log Archives, which are created automatically based on the retention period for your licensed products.

Reports

Updated the Search toolbar within the Analyse section.

Email Security - LinkScan

Added an additional set of options to block on threat detection and show/hide target URL's. Also updated the names of the LinkScan options. The full set of options are now:

  • Click to Continue
  • Auto Redirect unless Threat Detected
  • Click to Continue, Block on threat, Show target URL
  • Auto Redirect, Block on threat, Show target URL
  • Click to Continue, Block on threat, Hide target URL
  • Auto Redirect, Block on threat, Hide target URL

Email Security - Digest Template

The layout of the digest email has been updated:

  • "Release" button renders correctly on high resolution displays
  • Used a lighter colour scheme for the message From/Subject block
  • Trimmed long From/Subject lines

Bugs fixes

  • Drill down from "App" charts that rely on an App Name or Action.

USS Agent for Windows Agent

  • Hot fix for version 4.0.1 branch (4.0.1.3291) which resolves an issue with certificate generation on Windows 7 and Server 2008r2
  • Updated 4.1.5.3303 release candidate, excludes "interception" mode which is being phased out

17th July 2018

Web Security - Unblock Requests

Added the ability to manage "Unblock Requests" from within the Web Security product section. Unblock Requests allow end-users to submit sites to be unblocked, streamlining the process for IT administrators.

Reports

Added an additional filter for "Delivery State" to the Email Activity report. Also added mail flow direction indicators to the report and a "Delivered" column for quick review.

Reports

The Web Hits downloadable report now includes the full URL for each request.

Reports

Enabled the Download option for "Cloud Activity - Inline" report.

Bug fixes

  • Issue opening the Message Details view and selecting "Actions" tab
  • Some downloaded reports do not complete successfully
  • API error appears in Analyse section for accounts with no assigned licenses

10th July 2018

Reports

Added the ability to save any report you have created. This allows you to build up a library of frequently run reports which can be used by your administrator users.

Reports

Added the ability to mark a saved report as a "favourite". Favourite reports will show up in the quick access area within the "Analytics" section.

Reports

Optimised the "Email Activity" report so that results are returned much faster. This enhancement is also reflected in the drill down from charts.

Reports

The "Email Activity" report now includes recipients in the CC and BCC fields by default in new searches. To change this, use the new "Exclude CC/BCC" checkbox.

Web Security - Filter rules

Fixed the "Switch Logic" functionality so that the setting is saved correctly.

26th June 2018

Administrators

Added a new "Administrators" option within the "Products" section for creating and managing admin users.

Reports

Added the ability to search the "Web Activity" report based on Active Directory group. This new filter works in conjunction with Active Directory sync to allow a report to be generated based on web traffic from all users belonging to a particular group.

AD Objects

Added the ability to manually set a phone number or email address for a particular user (if the option to import automatically is disabled in the default sync settings).

21st June 2018

Provisioning

Added the ability to provision the Multi Factor Authentication product and manage the license for an existing account.

Active Directory

Added an "MFA Settings" tab that allows you to configure the AD Connect agent to sync attributes used for MFA, such as phone numbers and default settings such as dispatch policy and bypass.

AD Objects

Added "User Settings" for sync'd users that allows you to override MFA settings for a specific user, e.g. change dispatch policy, lock account, toggle MFA.

Reports

  • Added "Authentication Activity" report with search filters and export to CSV/Excel, to enable reporting on MFA activity.
  • Added 9 charts specific to the Multi Factor Authentication product, such as "Logins by Country", "Logins by Client Type", "Top Failed Users", etc.

Change Password

Added the option to change your password for the USS portal

Configure MFA Login

Added the ability to set up MFA for your USS account when logging in to the dashboard

Agents

  • It is now possible to change the assigned profile for an agent by double clicking the "Configuration Profile" cell
  • It is now possible to unset the "tag" option for an agent
  • It is now possible to delete hostnames configured for Network Detection

Email Security

  • Message Headers - added an "Export" button to be able to download as CSV/Excel file
  • Server Log - added an "Export" button to be able to download as CSV/Excel file

31st May 2018

Report Downloader

A new option to download reports for Web Security and Email Security.

Provisioning

The ability to add or remove Multi-Factor Authentication licenses.

23rd May 2018

Email Security

Added two new charts:

  • Top Final Rules - a bar chart showing the names of the rules that contained a final action
  • Top FinalActions - a donut chart showing the number of times a final action has been triggered by an email

Email Security

Changes to the Email Activity report:

  • Final Rule - the name of the rule containing the final action reported in the Final Action column
  • Improved the speed that the report is generated
  • Message Details - headers and server log entries are now expanded by default making them easier to read
  • Updated the Final Action filter to include all possible final actions

Email Security

Added the Message Security rule condition to Message Rules for detecting signed/encrypted email.

Email Security

Updated the Quarantine filters to reflect the search criteria currently available for quarantined messages.

Web Security

Added the Template section to Product Configuration for managing block templates.

Account Profile

Added a Region column to the Licenses list.

General

Updates templates for system email messages such as address validation

Bug fixes

  • Rule names can now contain white space
  • Default Mac OS X profile settings now use the correct URL's
  • Top E-mail Actions chart drill down now works as expected
  • Drill down from main dashboard now works correctly if a sub-account has been opened after logging in
  • Expiry label is removed correctly if the license becomes valid
  • Opening an account from the Analytics view correctly loads the licenses for the account

14th May 2018

Email Security

Hot fix to resolve an issue with drill down when clicking on a rule name containing parenthesis in a chart.

13th May 2018

Provisioning

The "Regions" section has been renamed "Data at Rest". This is where the log data for all licensed products will reside.

Provisioning

The "Products" section has been altered to be similar to "Manage Licenses" and to allow selection of "Region" for each licensed product. This "region" relates to where the service is based or in the case of Web Security, which filtering nodes the product will use.

Provisioning

Block Templates are correctly migrated to the new account if using a System Account as Template.

Email Security

New system rules "(Default) CoreService Malware" and "(Default) CoreService Phishing" have been created to provide more granularity in charts and reports.

Email Security

New Rule Conditions added:

  • File Type - detect the presence of certain file types e.g. Executables, Office What's new ?s, in the email message
  • Virus Ruleset - detects the presence of malware in macro, VBA and Office What's new ?s

Email Security

Added new filters to the Email Activity report:

  • Message Rule - search the report for emails that triggered a specific rule name, e.g. CoreService - Phishing
  • Also Search CC/BCC - optional tick box to search the CC/BCC fields for a recipient name
  • IP Address - now correctly accepts an IP address
  • GUID - this is now case insensitive

Email Security

Reporting has been improved:

  • Drill down from charts is now available
  • Charts now display times in local time
  • When searching using the "Last" intervals the timezone offset is correctly calculated
  • Local Timestamp column renders correctly on Safari/IE

Email Security

Message Detail section improvements:

  • Header view correctly renders header values now containing left and right caret characters
  • CC/BCC address are shown in the recipient list
  • Verdict has been removed

Email Security

Improvements to LinkScan service so that links included in the label part of anchor tags are not rewritten. Use "LinkScan HTML" action value for this option.

Email Security

Add paging to "Group Membership" condition for accounts with a large number of groups synchronised.

Email Security

Global Safe/Deny list now allows hyphen characters.

Email Security

Quarantine now supports Deny actions.

Email Security

Deleting a domain now correctly removes the domain from the account.

Account Profile

Administrator can now upload a custom logo to use for the dashboard.

License Management

Updated to show selected Region and supports Region selection when adding a new product.

Web Activity

The Warn count column now correctly reflects the number of hits in the visit with Warn as a final action.

Cloud Activity (Inline)

Report now allows the link in the Captured HTTP request to be clicked.

Agent Configuration

The "Block QUIC" setting is now sent correctly to the agent when configured (also ensure you are using the latest version of the agent software).

Audit

Now captures Login events.

Win / Mac Agent Profiles

The "Service Hostname" field is no longer editable. This is managed automatically by the product "Region" selection.

Web Security

Fix applied for embedded URL scanning on Translator Sites that caused a crash with an abnormally long URL.

9th April 2018

Mailboxes

Fix applied to allow searching of synchronised mailboxes.

6th April 2018

General

Minor cosmetic enhancements

E-mail Security

Notify Sender & Recipient rule actions now allow additional characters: []*

5th April 2018

E-mail Security

Integration of the E-mail Security Administration interface, including:

  • Visual Message & Connection rule builder
  • Global Quarantine with release, safe/deny sender
  • Global Safe & Deny Lists
  • Mailbox management
  • Configuration of domains, inbound/outbound mail routing, disclaimers and custom quarantine areas
  • Updated E-mail Activity report with Message Detail view, including headers and server log
  • New Top Rules and Top Rule Action charts
  • Custom Rule Data lists

Provisioning

Added a verify user step to the provisioning wizard

Provisioning

System templates now inherit filter rules and categories

29th March 2018

General

Moved "Administrators", "Active Directory" and "Keyword Lists" to the global Settings section within Products menu.

Provisioning

Added "Support Level" to the account provisioning wizard.

Keyword Lists

Keyword Categories has been renamed Keyword Lists and has now been made a global option for use across Web and CAS products. A new category type called "DLP" has been created for use with the CAS API mode DLP scanner.

Active Directory

Added configuration of Active Directory domains, status updates and synchronised object viewer for users, groups and OU's.

Web Security

Embedded scanning of URL's on known Translator and Anonymous proxy web sites. This enables you to let users access Google Translate without them being able to use it to request content from sites that may otherwise be blocked by active filtering rules.

Web Security

Updated the list of system web categories to over 400 including new categories such as Cryptocurrency, IoT, Terrorism and Fake News. This offers much more granularity when defining web security policies. All existing rules will be automatically updated and current categories will be mapped to the new more detailed categories. Where a current category maps to multiple new categories all of the new categories will be selected

Web Security - Windows Agent

Altered the Network Detection feature so that detected hostnames can resolve to a specific IP before triggering Network Detection rules. Requires the latest version of the Windows agent.

Web Security

Added a "URL Lookup" tool in order to determine how a web site address is classified in the system category list. Accessible from the Filter Rules section.

Web Security

Added the ability to report a misclassified site directly from the URL Lookup tool or Web Analyse report.

CAS - DLP

Ability to use a custom Keyword List for scanning documents uploaded to Cloud Applications connected via API mode CAS.

CAS - App Catalog

Search option is now operational.

CAS - App Activity (Inline)

Added username and device (IP & MAC) columns to the report.

USS Gateway

Maintenance release v1.0.44 is now available

USS Agent for Windows

Maintenance release v4.0.1.3018 is now available.

USS Agent for Mac OS X

Maintenance release v1.0.0.3053 is now available.

v2.0 - 23rd January 2018

Gateway Profile

  • [FIX] Selected Bypass Categories are now displayed correctly

v2.0 - 22nd January 2018

Dashboard

  • Added default charts to the primary dashboard for licensed products

Gateway Profile

  • New "Advanced" option to set the behaviour of the proxy for unsupported protocols

E-mail Security

  • Global Deny List (excluding search)
  • Global Safe List (excluding search)

E-mail Security

Product Configuration section added:

  • Domains
  • Inbound E-mail
  • Outbound E-mail
  • Disclaimer

Provisioning

  • [FIX] Clicking Web Security product causes an error during provisioning wizard

Licensing

  • [FIX] Unable to set expiry date of an existing license

v2.0 - 11th January 2018

Area

Description

Provisioning

  • It is now possible to specify the parent of the newly provisioned account

Quick Account Lookup

  • It is now possible to move an account to another parent

Analyse

  • Cloud Activity (Inline) report shows news entries first.

General

  • Fix for timestamp format in Internet Explorer/Edge
  • Branding colour can now be saved

v2.0 - 22nd December 2017

Area

Description

General

  • EULA Acceptance for first-time admin logins
  • [FIX] Issue accesing Production Configuration of a child account

v2.0 - 21st December 2017

Area

Description

Agent Profiles

  • Added Captive Portal mode and timeout options to Gateway Profile section
  • It's now possible to use a separate tag for Captive Porta/Guest connections

Account Activation

  • Minimum password strength enforced

Dashboard

General fixes after initial release:

  • [FIX] Accounts section gives an API error on some partner accounts
  • [FIX] Match Logic in Web Filter Rules now persists
  • [FIX] Clicking a line chart point causes the web app to crash
  • [FIX] Drill down from Top App charts now works

v2.0 - 19th December 2017

Area

Description

Dashboard

Initial release of an updated user interface for the Unified Security Service, available at https://dashboard.clouduss.com. For access, please contact your Service Provider.

v1.16.0 - 31st August 2017

Area

Description

Cloud App Security

A new "User comforting" feature has started to be rolled out across the most popular apps in the App Catalog. This feature mimics the native SaaS/App error message format to display a "Blocked" notice, rather than terminating the request unexpectedly if an action has been blocked by a policy rule. This feature is designed to give users comfort that an action has been stopped rather than the SaaS/App is not functioning correctly, for a better user experience and to reduce helpdesk requests.

Cloud MFA

New options have been added to "Local Sync" mode to allow a dialling code prefix to be specified for all synchronised users and the ability to synchronise phone number and e-mail details for each user. Custom attributes for locating the phone number and e-mail address in AD can also be specified, if required.Version 1.2 of the AD Connect agent must be installed to take advantage of these features.

Cloud MFA

A "Bypass MFA" option has been added to the "Local Sync" mode which can be used to turn MFA authentication on or off for all synchronised users. An additional override has been added to "User Settings" allowing you to override this setting on a per user basis. This can be useful for proof-of-concept testing or to make exceptions for additional flexibility. Please note: this option is visible in the UI but will not be available to use until beta 2 of Cloud MFA (due September 2017).

Cloud MFA

The "Authentication Analyse" report has a new search field called "Note" which allows you to search Authentication attempts for a particular outcome e.g. "Authentication bypassed", "Invalid Credentials", etc. As with all other search fields, these can be used for on-demand or scheduled reports.

AD Connect

Version 1.2 of AD Connect is now available which supports the latest MFA product features. This is the production release of AD Connect and all customers are advised to uninstall the previous 1.0 or 1.1 version and reinstall with 1.2 (an advisory e-mail will be sent out in due course).

USS Agent for Windows

Version 4.0.0.2669 is now available via direct download and auto-update. This version includes a fix for Bypass patterns not taking effect in Local Proxy mode. Please see the full change log for further details.

v1.15.2 - 14th July 2017

Area

Description

Settings

The Active Directory Add/Edit Domain dialog has been updated with a new layout. If you have an Authentication (MFA) license for your account then the MFA specific settings will now appear in a separate tab. Additional settings have been added to support the upcoming AD Connect 1.2 release which synchronises phone number and email address details from Active Directory.

USS Agent for Windows

Final release candidate v4.0.0.2591 is now available to download. This concludes the beta phase.

USS Agent for Windows

A new "Strict SSL/TLS mode" checkbox has been added. If enabled, the agent will reject old style ciphers such as rc4 and rc4-md5. This is only compatible with v4.x of the USS Agent for Windows.

USS Gateway

Updated the root CA certificate database to improve access to HTTPS sites when SSL Interception is enabled.

USS Gateway

System logs are cleared after 30 days to preserve disk space.

v1.15.1 - 15th June 2017

Area

Description

Login

Updated the splash screen image.

Reports

Only supported columns on the Web Analyse report can be used to sort the results.

Reports

Allow searching for keywords containing single quotes and fixed an issue with scheduled/downloaded reports that contain special characters.

USS Gateway

Added an "Advanced" configuration section containing options to fine tune the performance of the gateway. The new options include:

  • Reduce noise from background Web requests - designed to avoid unnecessary SSL interception on background URL's that are used by search engines and mapping sites to suggest phrases or locations (search terms are still captured as normal).
  • Reuse the same key when using Diffie-Hellman key exchanges - reduces CPU and disk I/O by not creating a new key on every TLS handshake when PFS is in use.

USS Gateway

The Captive/Guest Portal now redirects to the original web site visited by the user (if available) unless an explicit Redirect URL is specified in the Gateway Profile Configuration.

USS Gateway

Changes to the Network Configuration that are made after installation, such as DNS servers and hostname, are now correctly applied to the gateway.

USS Gateway

The version number is now displayed on the Overview / Configuration section.

v1.15.0 - 31st May 2017

Area

Description

Filters

Added a new final action called "Warn" to the rules engine which is similar to "Block" except it enables the end-user to access the blocked page by clicking a Continue button. This is also known as a "coaching mode" as it helps to train end-users about web sites that may violate an Acceptable Usage Policy but gives them freedom to proceed if they acknowledge the risk. The "Warn" final action comes with a new $WARN$ placeholder which allows the button to be placed anywhere in a custom template. The amount of time an end-user can spend looking at a site that matched the "Warn" final action is also configurable.

Reports

The "Warn" final action column has been added to the "Web Analyse" report and a new Web Category called "Warning Bypassed" can be used to report on Web sites that have been accessed by clicking through the warning page.

Reports

The Start/End search fields are no longer restricted to the default retention period for each product. This allows customers with longer retention periods to search older data.

Reports

The "Overview" button has been changed to "Explore" and moved down in the menu. The "Analyse" option is now the first to load when clicking the "Reports" button - as this is the most used option in the "Reports" section.

Reports

The "Add Chart" window is now longer and shows the charts grouped by product for easier selection.

Reports

Changed the "Web Analyse" report so that columns specific to a web hit are only visible when a Visit is expanded. These columns are: Device Type, Tag, Feature Control Name, Filter Rule, Keywords.

Provisioning

It is now possible to find a parent account when provisioning or moving an existing account by typing the first few letters of the account name.

Windows Agent Configuration

The "Local Proxy with Driver Interception" mode is now the default mode in the Default Windows Configuration profile for newly provisioned accounts.

USS Gateway

Now correctly supports the 206 "Partial Content" HTTP response code.

USS Agent for Windows

The latest v4.0.0.2497 beta (GA release is expected in June 2017) release includes the following changes:

  • compatibility with the Windows 10 1703 upgrade (Creators edition)
  • Fixed a problem with Chrome when using the agent on a HP TC 620 server with AMD CPU
  • ICAP port selection is now automated - agent will try the preferred ports and then automatically switch to the alternative ports if a connection is not possible

This version of the agent is available for all customers to try via the usual Download link. 

v1.14.0 - 11th April 2017

Area

Description

Web - Categories

Bypass Categories can now be applied to either explicit proxy connections, Captive Portal connections, or both. This allows you to maintain conditional bypass rules based on how the user is connected to the proxy.

USS Gateway

SSL Intercept mode now has additional flexibility - it can be enabled for proxy connections, Captive Portal connections, enabled for both or disabled. Domain level visibility and filtering is available even if interception is disabled.

USS Gateway

Web access via the Captive Portal is now logged and filtered at the domain level even if SSL Intercept has been disabled via a Bypass Type, which means customers can disable SSL Interception for certain devices, networks or destination domains and still maintain a level of visibility and control.

USS Gateway

A new Bypass Type has been added - "Bypass authentication for destination domain". This is particularly useful for Java applet based web applications that are not compatible with proxy server authentication, or to anonymise access to sensitive web based sites/applications.

USS Gateway

It is now possible to configure the proxy to use the X-Forwarded-For header which may be useful for some remote web servers/applications. The supported options are "delete" (default), "on", "off", "truncate" and "transparent".

v1.12.0 - 30th March 2017

Area

Description

Filters

Added a "Time Quota" feature to the rules engine which is implemented as a new Final Action for a rule. If Quota is enabled, on a per rule basis, you can specify the amount of time in the quota and the template to use if the quota is exceeded. Web traffic that the quota is applied to appears with the "Time Quota" category in the Web Analyse report.

Filters

Added a "Match Logic" option to Step 3 of the Rule Editor so that AND or OR logic can be applied to all of the selected match types, allowing for more flexible rules to be created. Previously, all matches used OR logic only.

Filters

The "Devices" condition now shows all of the devices imported into the Devices & Groups section.

Reports

Added the option to search Web and App Analyse reports by Filter Rule name. For Web Analyse, you can also use this feature to search for uncategorised sites that were blocked.

Reports

Added additional columns to the App Analyse report for Browser, Agent, Country and Filter Rule name.

Reports

Scheduling system has been changed so that only Saved Reports with a similar relative timespan to the schedule interval can be attached.

Reports

An e-mail notification will be sent to the configured "Notify E-mail" address once log data has been archived according to the account retention period.

Windows Agent Configuration

The Windows Agent Configuration profile now supports "Local Proxy with Driver Interception" mode for the upcoming version 4 release of the Windows Agent (contact your account manager to participate in early beta)

v1.11.0 - 9th February 2017

Area

Description

Reports

Added a "Hostname" field to the search criteria and a "Device (Host)" result column to the Web, Apps and Malware analyse reports, to allow reporting on web activity based on device hostname.

Settings

Import devices via CSV to more easily register devices (hostname, IP and MAC address) with USS.

Settings

Import IP addresses via range or CIDR to more easily register networks for use in filtering policies.

v1.10.0 - 25th January 2017

Area

Description

Settings

The AD Connector service for Local Sync mode is now available in public BETA. The AD Connector can be installed on a local Windows server and synchronises Active Directory objects from the local network to the USS cloud. It does not require a port opening through the customer firewall.

Reports

Added a Log Data section to Reports / Archives which allows customers to download their log data in CSV format once the product retention period has been exceeded. To receive an e-mail when new archives are available, ensure you configure the "Notify E-mail" option in Account profile.

Gateway

For advanced users, a pre-override file is now available for customising proxy server configuration on the USS Gateway. See the Advanced section for further information.

Mac OS X Agent

The USS Agent for Mac OS X now correctly reports the username if the Mac is joined to a domain but logged in with a local user account.

v1.9.2 - 10th January 2017

Area

Description

Login

New login splash page.

Web - Unblock Requests

Added an Unblock History option to view past requests that have been processed. Also improved duplicate handling and preventing end-users submitting the same request multiple times.

Web - Categories

Improved pattern duplicate checking for URL, Bypass and Keyword Categories.

Agent (Windows & Mac)

Added a new configuration profile option for "Update Check Interval" which allows you to configure the number of minutes between checking for new software updates.

Agent (Windows)

Added two new configuration options, "Capture MAC Address" and "Capture IP Address" so that these details can be excluded from reporting e.g. for privacy reasons.

Settings - Account Profile

Improved layout and added a vertical scrollbar.

Settings - Active Directory

Local Sync now requires a username and password to be specified.

Partner - Accounts

It is now possible to search for an account by ID rather than just name.

v1.9.0 - 23rd December 2016

Area

Description

Web - Unblock Requests

Feedback mechanism for streamlining end-user requests to "unblock" sites that have been blocked by their Filter Rule. The feature is enabled through a new Web Template placeholder, $UNBLOCK_FORM$ and managed through the new Web / Unblock Requests section by the administrator.

Web - Prevent Law (UK)

For UK organisations bound by the Prevent Law e.g. schools, local government, police, healthcare, etc the ability to block the police monitored list of terrorist content (Web Sites) can now be enabled on an account basis by the service provider. Once enabled, the list of web sites will be automatically blocked and can be reported on by the administrator via Web Analyse.

Web - Filter Rules (CAC)

New "Action Risk Level" match option allows Cloud Application Control based on the risk level of the cloud action. This allows the administrator to control access to Cloud Application activity (e.g. file uploads, sharing, etc) that has been deemed a certain risk level, either by default or by the administrator customising the App Catalog settings. The new match option can be used in isolation or combined with an existing Specific or Generic cloud application action match. 

Apps - Custom Domains

The App Catalog has been extended to support multiple domains for Cloud Applications, for cases where customers are using Cloud Applications running on their own domain names.

Web - Filter Rules

The Rules Engine now enforces the Final Action for all requests captured by the conditions if there are no Matches configured in the rule e.g. allows for simple creation of a "block all" rule

Web - Keywords

Added a new "Add & Create New" button to the "Add Pattern" dialog to allow faster entry of multiple patterns.

Partner - Accounts

It is now possible to update account licenses and profile information for a child account even if the child has opted out of Partner Management.

Agent (Gateway)

Fixed a problem with the Captive Portal caused by the inclusion of the local loopback interface in the firewall rule used for intercepting requests.

v1.8.0 - 7th December 2016

Area

Description

Settings

Improved the Active Directory domains section with a new layout and support for the upcoming "AD Connector" push agent. Administrators can choose between Cloud Sync (existing method) and Local Sync (AD Connector method – when available).

Web - Policy

Added a new Keyword Filtering module that can be incorporated into filter rules, which allows matching URL's or captured app data against a list of pre-defined Keyword Patterns. This allows for monitoring or blocking search engine terms, URL's, file extensions and postings on Social Media.

Web -Categories

Added a new Keyword Categories section for managing lists of categories and patterns for use with the Keyword Filtering module. Categories of patterns can be used specifically with URL's, specifically with captured App Data or both. Categories also have a logic setting to determine if any one or all patterns in the category must match. Patterns can use matching logic such as "contains", "exact match", "begins with", "ends with" and negate (if more than one pattern exists).

Reports

Introduced a new style for map based charts such as "Top Cloud Application Locations" which makes it easier to see heat maps and will fit all heat maps into the chart view using auto-zoom. Standard and terrain views also now supported.

Reports

Extended Web and App analyse reports to include new search criteria and result columns for Keyword Categories and Keyword Patterns. Keyword data can also be used in exported or scheduled reports.

Reports

Added a new "Top Keyword Categories" chart for use in the Global and Web dashboards.

Reports

Improved the "More Information" dialog for individual Web Visits and Hits with a new layout and split the information into Request, Filter and Meta sections.

Gateway

Improved ICAP server selection algorithm which determines the best ICAP server to use when there are several close by.

Agent (Windows)

Signed driver for Windows 10 which is compatible with SecureBoot / UEFI BIOS.

Agent (Windows)

Added a warning message if DeviceGuard is enabled on Windows 10 Enterprise / Server 2016.

Agent (Windows)

Support for Microsoft Edge on 32-bit Windows 10.

v1.7.0 - 21st November 2016

Area

Description

General

Added a "What's New?" link for displaying the most recent change log

General

Updated EULA to 1.2

General

Child accounts now inherit the theme from the parent account that provisioned them

General

There is no longer a flicker effect when using a Theme logo that is hosted remotely. Maximum length of URL also increased.

General

Integrated the Online Documentation into the user interface, with a ? icon available in most sections

General

Various minor cosmetic changes.

Reports

Large result sets can now be converted to one-time CSV downloads straight from the Analyse report

Reports

It is now possible to Pause a scheduled report

Reports

It is now possible to save a report without having to run it first e.g. for creating scheduled reports

Reports

Added the Gateway Anti-malware option to the Partner Reports section

Reports

Updated the License Statistics chart layout

Reports

Changed the Analyse report Search Criteria layout to make selecting and managing Saved Reports clearer

Agents

The ICAP Hostname field has been improved to allow selecting servers by region e.g. Global, US, Europe 

Agents

The default maximum scan size for Gateway Anti-malware feature has been increased from 6Mb to 12Mb

Settings

Users who are not Super Administrators can no longer change the Role of another administrator

Settings

Moved the Tags option to the Web section and changed the labels on the Active Directory Add/Edit domain dialog

Back to top

After pressing Reload, If you do not see v2.7.0 in the bottom left hand corner of the dashboard, please clear cache or use Ctrl+R to reload the pagev2.9.0 - 27th December 2018

Email Security

It is now possible to use the USS AD Connect service to power user synchronisation in the Email Security product. This requires AD Connect 1.4 client software to be installed and your Email Security 

v2.10.1 - 29th January 2019

Bug fix

The Message Rules filter in the Email Activity report no longer displays an error message


How did we do?