Skip to content

Release notes

Release notes
  • Version: 5.0.0
  • Build number: 12321
  • Release date: 2024-04-16 (general availability)
  • Benchmarks release date: 2024-04-17
  • Server version: nanitor-5.0.0.12321-14838-master
  • Agent version: nanitor-5.0.0.12321-14838-master
  • Collector version: nanitor-5.0.0.12309-14831-master

Welcome to Nanitor v5.0.0!

We are thrilled to announce Nanitor v5.0.0, bringing a suite of new features, improvements, and bug fixes to enhance the Continuous Threat Exposure Management (CTEM) capabilities of our platform. This release underscores our commitment to supporting Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs), broadening compliance frameworks, refining our vulnerability prioritization, and expanding support to include new technologies and platforms.

Highlights

MSSP Support Enhancements

Property Inheritance Across Organizations

To reduce the management burden for MSSPs, we've enabled property inheritance from parent organizations to suborganizations, streamlining the configuration process and management across organizations.

Supported inherited properties:

  • "Enable vulnerability checking and management" (General organization settings).
  • "Enable automatic agent upgrades" (General organization settings).
  • Labels and labeling rules can now be defined in a parent organization and used in suborganizations (flag "Inherited to suborganizations").
  • Users in parent organization can inherit access to suborganizations (flag "Inherited to suborganizations").

In a suborganization, an inherited setting is grayed out and the text indicates that it is controlled in the parent organization.

Inherited settings in suborganizations
Inherited settings in suborganizations are now controlled from the parent organization.

Future releases may include more inheritable properties based on feedback from MSSPs.

Enhanced Role Utilization and Global Dashboard Accessibility

The Global Dashboard is now accessible to all users with access to multiple organizations, tailored to show only the data relevant to their assigned organizations. This enhancement facilitates better role-based access and utilization.

Issue Report: Summary of Prioritized Threats

Addressing the need for more detailed and shareable threat summaries, we've introduced a new Issue Report feature that allows users to export a summary of prioritized threats in PDF format. This capability enables security teams and MSSPs to document and communicate imminent threats more effectively, enhancing the overall security posture and facilitating better stakeholder engagement.

Outcomes:

  • Easy to export the Issue list as a nice PDF report that can be shared with management or clients.
  • Well designed report that captures the status of key issues and threats in an intuitive fashion.

The Issue PDF report can be exported from the Issue Prioritization diamond page, or from the Issue List page.

Example of the Issue PDF report:

Issue PDF report
Snapshot of the Issue PDF report.

Enhanced Vulnerability Prioritization with CISA Integration

The updated vulnerability prioritization algorithm now takes into account advisories from the Cybersecurity and Infrastructure Security Agency (CISA), alongside the existing EPSS ratings and CVSS3 scores. This enhancement allows for a more accurate reflection of the current threat landscape, ensuring that known exploitable vulnerabilities are prioritized more effectively.

Outcomes:

  • Prioritization is more accurate for vulnerabilities that are known to be exploitable, where EPSS is known to give values that are too low in many cases.

HIPAA Compliance Framework Implementation

We have added support for the Health Insurance Portability and Accountability Act (HIPAA) compliance framework, aiding health tech customers in aligning Nanitor issues with HIPAA requirements.

Outcomes:

  • Companies with HIPAA compliance requirements can now understand how Nanitor issues fit into their compliance requirements.
  • Users can export a PDF listing how issues in Nanitor map to compliance requirements.

Identity Security Enhancements

This update brings additional issues and UI/UX improvements for managing identity security within Active Directory (AD) environments. New identity issue types include:

  • Domain account has a password stored using reversible encryption
  • Privileged account not protected against delegation.
  • Privileged account with constrained delegation (risky Kerberos delegation).

VMWare vCenter (ESXi) support

Customers can now include VMWare ESXi assets in their inventory and audit configurations, enabling comprehensive security and compliance management of their virtual environments. The support is provided through the Nanitor Collector, where the user can easily add a new vCenter asset and setup for configuration auditing.

Outcomes:

  • Easy to install - Only need to add it to the Nanitor collector and it starts checking immediately.
  • Implements the CIS benchmark for proper configuration of VMWare ESXi.
  • Covers the entire set of ESXi servers that are managed through a vCenter.

Debian 12 Support

We've extended support to Debian 12, ensuring comprehensive coverage for one of the most widely utilized Linux distributions.

Benchmark updates

In this release, we're adding comprehensive support for new platforms and compliance frameworks.

Our upcoming benchmarks, set to be released shortly after the product launch (see more details in the release information header on top), will automatically integrate with the Nanitor server without requiring any manual actions from our customers.

New benchmarks & platforms

  • Debian 12 (revision 1): based on CIS benchmark version 1.0.0 (CIS Debian Linux 12 Benchmark).

  • VMWare ESXi (revision 1): based on CIS benchmark version 1.3.0 (CIS VMware ESXi 7.0 Benchmark). The first implementation of the benchmark where we have classified and automated 61 checks.

Note

The rules have also been classified with critical / high / medium / low severities, and selected rules have been assigned to the Nanitor default baseline.

Updated benchmarks

  • Multiple benchmarks were updated with incremented new revisions to add new compliance framework mappings for HIPAA framework.

  • A few heavy checks on Linux have been changed into manual checks to avoid unreasonable performance. Those are checks that require probing the entire file system, which is not practical to run periodically on large systems.

    • Platforms:
      • AlmaLinux 9
      • Ubuntu 20.04
      • CentOS 7
      • RHEL 8
      • RHEL 9
    • Rules:
      • Ensure no world writable files exist
      • Ensure no unowned files or directories exist
      • Ensure no ungrouped files or directories exist

Going forward, we will be considering options to make it easier to run those checks on request and/or mark the results for easier management and tracking.

New features

  • Kanban view for Projects: Now, you can not only view the projects in the usual list but also use card-based projects organization in the Kanban board for better visualization and easier management.

Improvements

  • Improved SAML support per organization. Login flows have been altered to display relevant options based on email address.
  • PDF report branding allows adding your own logo and and footer to PDF reports, such as the Issue PDF report. Use the Branding section under the System management to tailor your PDF reports.
  • Improvements to health dashboard API: the target health score has been added, and a query parameter to filter on asset labels is now available.
  • Identity detail CSV export option now includes a new column with a list of assets and their details.
  • EASM: Externally discovered assets now include additional information:

    • IP Address
    • Reverse DNS
    • Location
    • Website Title (if applicable)
  • Expanded global dashboard access for MSSP roles. All roles can now view the global dashboard, but only see what is available to them as applicable per permissions and scope.

  • Fixed a problem where API issue endpoint was including excluded assets.
  • Added collapse/expand functionality for long lists of organizations in the system management user list.
  • Asset Inventory: The issue priority filter has been added to allow filtering out assets having issues with certain priorities (P0, P1, or P2).
  • Various Projects UI enhancements to improve usability and user experience.
  • Improved performance for agent downloads for updated benchmarks and vulnerability checks.

Bug fixes

  • A bug was fixed that could lead to rogue duplicates of monitored assets.
  • A bug was fixed in CSV export of assets, where filters were not applying to the output file.
  • Addressed memory consumption issues in certain environments.
  • Corrected display of project scope for label-scoped users.
  • Addressed issue severity configuration issues, where under certain conditions the change would not go through and an error was returned.
  • Fixed an issue where issue priority could go above 10 due to age elevation.

Documentation Updates

A large number of pages have been updated on https://docs.nanitor.com to cover the new features, updated views and terminology.

Updates

  • 2024-04-10: Initial v5.0.0 release was published and released to early-access (EA) users.
  • 2024-04-15: Release published for general availability.
  • 2024-04-17: Benchmarks released for v5.0.0 version.
  • 2024-04-17: A new server-only build (nanitor-5.0.0.12316-14834-master) was published to fix the issue when users couldn't receive scheduled health reports.
  • 2024-04-22: A new server-only build (nanitor-5.0.0.12318-14834-master) was published to fix the issue when users couldn't create a notification rule with specified labels.
  • 2024-04-23: A new server and agent build (nanitor-5.0.0.12321-14838-master) was published to fix an issue with updating vulnerability feeds.