Release Notes

Release # 10 – August 10, 2020

Type: This release adds better performance & fixes bugs.

Improvements

1. Reports & Widgets now load faster. Reports and Widgets now load 5x faster when the scan is completed.

2. New security checks by the Cloudnosys team can now be added faster. We’ve added a new module that helps our development team in adding new Security postures quickly, so they can be available for our customers at the earliest.

3. New Security checks for Azure.

Private Links

4. Moved email address settings into Account Settings > Security Settings
Now emails can only be updated based on inputting your current password for better security reach.

UI/UX improvements

5. Fixed text dropping issues on the signature status tooltip.

6. Updated labels for suppression settings screen.

7. Table cut issues for some specific screen resolutions.

Release # 09 – July 23, 2020:

Type: This release adds new features, fixes bugs & improves performance

Features

1. Google Cloud Platform Cloud Account

Cloudnosys has now the capability to scan GCP resources on its platform. Users can now check their inventory, security postures, compliances, and add governance to their GCP infrastructure via Cloudnosys.

2. GCP added in Custom Signatures

Users can now create their custom signatures via our code editor using a wide variety of resource types already included in our system.

3. GCP added in our Custom Regulation

Users can now create custom policies using our custom regulation tools for their GCP infrastructure. It supports all our pre-built signatures and also custom signatures if a user has created any.

4. Better inventory collection for GCP

Cloudnosys use GCPs Asset API to scan resources from a user’s infrastructure and also cover their Firebase assets. This helps us cover a great scope of resources for the user so we could provide better inventory coverage.

5. Added CCPA Regulation

Improvements

1. Most critical resources are now shown on a single page instead of paginated.

2. Icons changed for inventory widgets.

3. Better shades for priority notifications of high, medium & low.

4. Adjusted spacing for better readable content.

Bugs

1. Fixed UI and spacing issues for widgets.

2. Fixed explorer spacing issues to adjust content.

Release # 08 – July 03, 2020:

Type: This release adds new features, fixes bugs & improves performance

Features

1. Playbooks

Playbooks give the user the ability to automatically remediate and orchestrate an immediate response on specific actions. Playbooks can also help achieve automatic remediation on Risks that Cloudnosys detects and generate emails to inform the concerned person/department.

2. More Resource coverage in services

We’ve broken our EC2 service to Instances, Volumes, Security groups, and Elastic IPs. So users can now deep dive into their EC2 inventory and have more coverage of their resource health.

3. Billing Dashboard

Users can now view their billable resource counts and get a sense of an idea on how much they’re being billed by Cloudnosys. The billing dashboard only counts resources that are currently active on your cloud infrastructure.

Improvements

1. Improved Scan Engine performance.

2. Improved dashboard widget performance.

3. Added filters for new resources that come under specific service umbrellas such as EC2.

4. Added more services & security checks for AWS & Azure

For AWS:
— Key Management Services
— Dynamo Database
— Elastic Load Balancers
— Cloud Watch Alarms
— Cloud Watch Events

For Azure:
— Added security checks for Web Apps

Bugs

1. Fixed count issues between Widgets and Explorer.

2. Fixed resource status issues when viewed from the Signature drawer.

3. Fixed UI issues.

Release # 07 – June 11, 2020:

Type: This release adds new Features, fixes bugs & improves performance

Features

1. View Historical data on Widgets

Now Users can view historical data on their widgets on Security & Compliance dashboards, giving them more power and analytics to compare their data with previous dates.

2. View historical data on Explorer

Now users can also track back their data on the Explorer (Sidebar) which can be popped by clicking on widgets from Compliance and Security dashboard. Users can select previous data from the latest previous date.

3. View 7 & 30 days trends

We’ve improved our trends data to now include 7 & 30 days older data. Users can have more analytical approach to how their risks are changing with time.

4. Added NYCRR Regulation

Improvements

1. Most critical risks now shows counts of only failed signatures in a resource on the widget.

Bugs

1. Fixed map locations on Risks by Region widget.

2. Fixed VPC collection methodology to include better network related resources.

Release # 06 – May 13, 2020:

Type: Feature release and performance improvements

Description: Cloudnosys introduces new widgets for security posture with better UI & performance, resource enhancements, and introduction of a new dashboard called “Health dashboard”. New signatures for Lambda, IAM, VM & some others are added.

Affected components: Database, UI, Signatures, Scan, Reports, Filters

Features updated as follows:

1. New Widgets for Security Dashboard

  • Security Posture
  • Inventory
  • Critical Risks
  • Most critical Resources

2. New Widgets for Compliance Dashboard

  • Compliance Overview
  • Security Groups
  • Regulations
  • Compliance Standards

3. Health Dashboards

  • Risks by Severity
  • Risks by Cloud Account
  • Risks by Category

4. New Signatures added for Lambda

5. UI Changes

  • Added time icon in widgets
  • Risks by Region stats shown with a bar chart 
  • In compliance dashboard, compliant bar added in Compliance Standards which will show users how much the resource is compliant

New items added:

  • Risks by Region widget now show heat maps on regions that have risks categorized in severity circles (red-high,yellow-medium,blue-low). Upon hovering, users can see their total risks & region
  • Added 3 new lambda signatures.
  • Improved explorer performance
  • Widgets count will show only unsuppressed resources
  • Resources Explorer now loads instantly.
  • PDF reports are now cached for faster display and generation. This helps users instantly download copies of them without any processing or wait time.

Release # 05 – March 11, 2020:

Features

  • Custom Signature
    Create your own Custom signatures through our premium feature of Custom Signatures that comes along with a code editor with complete code IntelliSense.
  • Explorer
    A dynamic sidebar that displays all your resources and their statuses. You can drill down using different filters like region, categories or even which of them are compliant or not.
  • Playbooks
    Playbooks is our automatic security orchestration tool. That helps you take immediate actions based on any event occurring on your infrastructure through our platform.
  • Supression
    Users can suppress alerts / notifications that are not relevant to their scope, by doing so, its absence does not affect the normal presence of the resources. Suppression option occurs on Resources tab or on any specific risk that a user wants to hide.
  • Access Control
    AC (Access Control) provides users to create their separate organizations, add users to their organizations and create new users that only reflect on their organization.

Features Updated

  • Cloudnosys has updated the Scanning mechanism. Now Scanning for resources takes 30 to 40 seconds to complete.
  • Cloudnosys has improved the PDF download and it can be downloaded into two formats now. (e.g. Executive Summary & Full Report)
  • Cloudnosys added more app integrations (SAML, Okta, OneLogin, Servicenow).
  • Cloudnosys has updated additional signatures of AWS and Azure.
  • Cloudnosys now provides a MultiAccount Selector, that can be used to run scan on multiple accounts at the same time.

Bug Fixes

  • This release resolves the Signature layout issue on Edge and Firefox.
  • This release resolves the issue of multiple ‘Scan already in progress’ pop ups. Now a single pop up displays multiple cloud accounts’ scan progress.
  • This release updates email settings that are now replaced from basic to security settings.
  • This release resolves the issue of delay in ‘Create User’ email, which is now sent instantly to the user. 

Release # 04 – August 2, 2019:

Features

  • App Integration
    Cloudnosys provides the facility to get delivery of alerts on your custom apps (Slack, Webhook) in a matter of minutes and without a single line of code. Now, you can Integrate your custom apps to Cloudnosys and get notified of the security risks and alerts in your cloud infrastructure so your team is always up to date with security and compliance posture.
  • Custom Regulation
    Cloudnosys allows users to create new policies or customize provided regulations for your infrastructure with distinguished custom rule sets that can generate reports on specific resources.
  • Azure Signatures
    Cloudnosys has added around 10 new control sets for Azure.

Features Updated

  • Cloudnosys has updated the signature catalogue filter with Azure Categories. You’re now able to view the filtered view of Azure control sets.
  • Cloudnosys has updated the User facing documentation with details of the new feature, Integration.

Bug Fixes

  • This release resolves an issue with the Alerts UI.
  • This release resolves issue with Forget Password Link.
  • This release resolves compliance report bug.
  • This release resolves the issue with CloudEye Alerts.

Release # 03 – June 20, 2019:

Features

  • SOC-2 Services Organization Control
    Cloudnosys has added a new report that is built using the American Institute of CPA (AICPA.org) SOC 2 Controls (2017). AICPA guide on Reporting on Controls as noted as Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy specifies the components of a SOC 2.
  • GDPR (EU) 2016/679
    Cloudnosys has added The General Data Protection Regulation (EU) 2016/679. It
    is a legal framework that sets guidelines for the data protection, collection and processing of personal information of individuals within the European Union (EU). Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personal data of individuals (formally called data subjects in the GDPR) —regardless of its location and the data subjects’ citizenship—that is processing the personal information of data subjects inside the EEA.
  • Cloudnosys Custom Compliance Report
    Added Cloudnosys Custom Compliance Report developed by our experts to evaluate different security parameters such as Audit Log, cryptography, Access Logging, Data Protection, etc.
  • Account Center
    Added billing section in the Cloudnosys environment having details about the licensable resources in user’s account and their instances.
  • Admin Panel
    Users with Administrator access to manage and control cloud accounts. An admin view screen containing a list of all accounts and allowing Admins to edit or update user profile, user package and expiry date from the panel.
  • Region Selector
    Added a region selection step to the Add Account process. Now you must choose a region to create a cloud account.
  • Full-Protection Policy
    Added AWS Full-Protection Policy that vigorously governs the security aspects and impose best practices. This policy quickly mitigate cloud vulnerabilities and misconfiguration and allows one-click remediation.
  • Azure Signatures
    Added 15 new control sets for Azure.

Features Updated

  • Cloudnosys has Improved the dashboard usability by adding a scan date selector. You’re now able to view compliance reports of a particular scan date selected from the selector.
  • Cloudnosys has improved Edit cloud account option by allowing users to change their selected policy.
  • Cloudnosys now includes compliance report after scan completion in email notifications. The compliance report now consists of Risks (failed signatures), Passed signatures and Compliance status.

Bug Fixes

  • This release resolves an issue with the Remediation button on the correlation policy. The Remediation button now displays and works as expected.
  • This release resolves an issue with downloading PDF reports in the Cloudnosys dashboard.
  • This release updates an error message that appears when a read-only user tries to access remediation.
  • This release resolves an issue related to the Risk Alerts emerging after enabling EagleEye.

Release # 02 – December 2, 2018:

Features

  • CIS AWS Benchmark Version 1.0
    Cloudnosys updated the CIS AWS Foundations Benchmark report in the Cloudnosys console of version (1.0) of the CIS AWS Foundations Benchmark. Users can now asses their AWS accounts against the latest CIS AWS Foundations Benchmark guidelines, including multi-factor authentications, AWS Config auditing, review of VPC peering network rules, review of IAM policies, access key rotation, and other improvements. For more information about the CIS AWS Foundations Benchmark report, see CIS Benchmarks .
  • PCI Data Security Standard (PCI DSS 3.2)
    Cloudnosys added a new report, the PCI DSS report that covers technical and operational practices for system components included in or connected to environments with cardholder data.
  • NIST 800-53 Rev 4 – FedRAMP / High
    Cloudnosys has added new report, NIST 800-53 Rev4 that is a publication which recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security.
  • Alerts UI
    Cloudnosys introduces an Alerts section that pushes notifications of risks and threats in user’s Dashboard.
  • Health Dashboard
    Cloudnosys added the Health dashboard which consist of graphs on the summary of your cloud environment with detailed health statistics about Risks with respect to Groups and Scans.
  • PDF Report
    Added ‘Export PDF’ button that facilitates users to download their complete compliance report with all Risk summaries and Signature level details in PDF format for record keeping.
  • Monitoring/Scheduling
    Cloudnosys provide more control to your scan schedules by automating the span of vulnerability scanning. It allows scheduled scanning with daily, weekly, and monthly intervals.
  • EagleEye
    Cloudnosys provides Real-Time Threat Detection System that monitors your Cloud infrastructure and detects risks with continuous alert notification to User’s Cloudnosys Dashboard.
  • User Account Verification
    Instant email notification on user specified email to verify the new registration on Cloudnosys.
  • Scan Progress Bar
    Cloudnosys has added a progress bar showing the progress of cloud account scanning with scan percentage and time of completion.

Features Updated

  • Cloudnosys has Improved the AWS Audit policy that now actively manages the security groups and grants users to audit and monitor security trails.
  • Cloudnosys has upgraded the usability with the addition of Edit profile facility allowing users to edit their account info and reset password.
  • Cloudnosys has now expedited the Scan Capability which now completes scan and update the whole dashboard within a min.

Bug Fixes

  • This release resolves an issue with Total Risk Count on the Compliance dashboard. All counts are now accurate.
  • This release resolves an issue with filters on the signature catalogue page. All filters appear as intended now.
  • This release resolves a cosmetic issue with the layout of the View Resource drawer.
  • This release resolves an issue related to the no. of resources and status of signature IAM-007.
  • This release resolves an issue related to the scan duration of cloud accounts.

Release # 01 – July 16, 2018:

Features

  • ISO/IEC 27001
    Cloudnosys has added ISO 27001/27002 report which is a widely-adopted global security standard that sets requirements and best practices for a systematic approach to managing company and customer information that is based on periodic risk assessments appropriate to ever-changing threat scenarios.
  • HIPAA Regulatory Citation
    Cloudnosys has added The Health Insurance Portability and Accountability Act of 1996 (HIPAA), sets the standard for sensitive patient data protection. Companies that deal with Protected Health Information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance
  • Signature Catalogue
    A comprehensive list of signatures used across the dashboard with easily operated filters.
  • AWS Signatures
    Added 25 new signatures for AWS across multiple compliance.
  • Compliance Dashboard
    Comprehensive view of risks in the dashboard with respect to functions along with Total Risks all over the dashboard. Additional field that allows users to select the cloud account they want to see the statistics of.

Bug Fixes

  • This release resolves an issue where metadata was missing on some log sources.