Heimdal's latest product enhancements and improvements have gone live in the last few weeks. To keep you updated, we have shared some recent updates below. In September, version 4.3.4 RC and production version 4.3.6 were rolled out with significant enhancements, improvements and fixes to the platform.
Here's a summary of the latest updates:
DNS over HTTPS (DoH) for DNS Security – Network
DNS Security (formerly Threat Prevention Endpoint) enhances DNS protection with DoH, providing safer and more private internet navigation by encrypting all DNS requests via HTTPS. This new addition can be found in Network settings under the 'HybridDNS' tick box.
DoH is designed to mitigate the risk of DNS spoofing and man-in-the-middle (MITM) attacks in your IT environment. As a default standard, it ensures that the session between the browser and the DNS server is encrypted and that nobody can alter the resolution request results and point the end user's browser toward a malicious website.
Patch and Asset Management developments
Users can now experience more intuitive and user-friendly reporting in Windows OS Stats view. Key updates to note include:
- Pie charts and matrixes in the Windows OS Stats views, related to third-party patch management and OS updates, are now clickable for easier reporting.
- Users can toggle to the Stats view and click on CVSS/Severity pie charts or by release date matrixes to filter data based on date range and severity.
- Clicking these elements redirects users to a pre-filtered view displaying only relevant third-party patches or OS updates.
Primary user functionality in PEDM
The new Primary User functionality in Heimdal's Privilege Elevation and Delegation Management (PEDM) allows organisations to assign a specific user to request elevated privileges on each Windows machine.
This feature helps improve security by limiting admin rights to a designated user. The primary user is determined based on either Microsoft Azure AD settings or the machine's first non-admin login.
The new Primary User Management tab in the dashboard provides a detailed view of endpoints, primary users, and login statistics. Admins can manually update or unassign primary users via dropdown menus, and only the designated primary user can request admin privileges, ensuring tighter control over privileged actions.
Endpoint detection: new firewall notification
Notifications have been introduced to address firewall incompatibilities between Windows GPO and Heimdal GP. This update aims to prevent cybersecurity errors and enhance organisational security. The newly named Device Info notification, previously called Active Clients, now alerts dashboard users when a firewall is managed by a local Active Directory policy rather than the Heimdal Agent.
When configuring an endpoint this way, the Heimdal agent cannot perform isolation actions. To address this, Heimdal has added a notification and icon to indicate when an action’s outcome might change from expectations. This new icon appears in the Unified Endpoint Management, under Device Info - Standard and Hardware views in the Status column of relevant tables. The notification will only appear if the Heimdal agent detects that a local policy manages a firewall.
View and edit end-user allowlists and blocklists
Heimdal has also introduced enhanced functionality for IT Admins, allowing them to view and edit personal allowlists and blocklists set by end users. Here are the key points:
- A new table in the Email Security section allows IT Admins to view and manage user-level allowlist and blocklist rules from the End User Console.
- Admins can switch a rule between allowlist and blocklist or delete it entirely, with changes applied to the respective user’s End User Console.
- Admins can create allowlist/blocklist rules at personal or global (domain) levels, with personal rules reflected in the new table in Network Settings.
Heimdal Release Candidate, version 4.4.0
At the end of September, version 4.4.0 of the Heimdal Release Candidate (RC) dashboard was also released. The top features of this include:
- Azure Active Directory (AAD) group synchronisation enhancements: IT admins can search and sync multiple AAD groups directly from Group Policy using the Microsoft Graph API.
- Single Sign-On (SSO) for Okta Users: The Heimdal dashboard now has a new "Okta" login button. Users can log in by entering their Okta email and being redirected to the Okta login page.
- Threat-hunting and Action Center enhancements: The M365 user security component now features real-time threat hunting with a new Login Anomaly Detection (LAD) module to monitor suspicious login activities, which can be activated in Network Settings. Resellers can view customer risk scores and Login Anomaly Detections geographically.
- Application control rules from PEDM grids: Users can create application control ‘Allow’ and ‘Block’ rules directly from the PEDM grids, streamlining the process through a new checkbox feature.
- Elevated privileges on locked screens: Users can maintain elevated privileges even when their screens are locked, a setting configurable via Group Policy.
- USB management enhancements: A new USB reporting mode allows monitoring of plugged-in USB devices without action. Users can manage devices in a dedicated storage area, add them to allowlists, suppress devices, and filter by status.
- Email Fraud Prevention (EFP) integration: The EFP module has been merged into the Email Security ATP with centralised licensing management. A new EFP tab in the menu simplifies control, and the Advanced Filter now includes an EFP Rule Category dropdown.
- Email quarantine management: IT admins can deny the release of specific emails from the quarantine report, with denied emails marked in the end user console.
If you have any questions about Heimdal and any of the recent updates, please get in touch with one of our team. https://www.brigantia.com/contact