Introducing New Features Across the Platform | Release 698

Product Update 698

Check out the highlights from our most recent update, Platform Release 698. This release contains 449 items including new features, improvements, and bug fixes. See the highlights below. For a full rundown, check out the complete Release Notes here.

Dashboard & Analytics

Identify Risks Early with the New Insider Threat Dashboard

We have added a new Insider Threat Dashboard under the Dashboards menu.

Identify Risks Early with the New Insider Threat Dashboard

The Insider Threat Dashboard shows you a summary of organizational risks. You can view risks by rule type, risk scores by rules, risks by departments, top risky employees, etc. You can click on a graph to drill down to individual risks, rules, and users.

Use Case: The dashboard will help you identify risks early, find out where the gaps are, and take preventive actions before the risks become real threats.
This is a feature on request only. Please contact your customer support representative to activate this feature on your instance.

Behavior Policy & Rule

Assign Risks to Rules with the New Classification Tags

We have added a few built-in tags to the rules. These can be selected from the MARK THIS POLICY WITH TAGS TO IDENTIFY ITS PURPOSE field on a rule’s General tab.

Assign Risks to Rules with the New Classification Tags

The tags are used on the Insider Threat Dashboard.

Insider Threat Dashboard-Risk Score
Use Case: The tags will help you better organize the rules, and classify the rules according to their risk profile. These special tags along with the rule violation severity can also be used with the new Insider Threat Dashboard to measure organizational risks proactively.
This is a feature on request only. Please contact your customer support representative to activate this feature on your instance.

Security & Account Management

Better Manage the Security of Your Account with the 2FA Enhancements

We have introduced a number of changes and new options to the 2-Factor Authentication. These include:

Email-Based 2FA Verification

We have introduced an option to support email-based 2-Factor Authentication.

Email-Based 2FA Verification

You can enable the feature by turning on the Settings > Security > ENABLE MFA VIA EMAIL option. You can then enable/disable the email 2FA option from your profile.

Use Case: This will help you use the 2FA even if you don’t have a second device or do not want to use a 2FA App.

2FA Trusted Device

We have added an option, Trust this device for 15 days to the 2-Factor Authentication screen. If the option is enabled, you will not be asked for a 2FA code for 15 days.

2FA Trusted Device

You will be able to use this option on multiple devices (each with its own time period) and for both Authenticator App and Email authentications.

Use Case: This option will be useful if you frequently use the same computer(s) and do not want to log in with the 2FA all the time.

2FA Enrollment Timeout

We have added a timeout feature on the 2FA enrollment screen. The user will have to set up the 2FA before this timeout expires.

2FA Enrollment Timeout

The timeout value is taken from the Settings > Security > IDLE TIMEOUT field.

If the timeout is expired and the user hasn’t set up the 2FA, they will be logged out. The event will be recorded in the System > System Log and the BI Reports > Audit reports as a Logout/Time left event.

2FA Enrollment Timeout-System Log Report
Use Case: This feature will enhance account security such as protecting your login from an unattended system while letting administrators audit users who don’t complete their 2FA setup.

SSO vs 2FA Exclusivity (Cloud)

Previously, 2-Factor Authentication was always enforced on Cloud deployments. Now, you can disable it if you enable the Single Sign On (SSO) authentication. You can configure them on the Settings > Security screen under the Dashboard authentication section.

SSO vs 2FA Exclusivity (Cloud)
Use Case: The ability to use SSO and 2FA exclusively will make it easy for some customers who do not need the 2FA because it’s already handled at the SSO authentication stage. Or customers who do not want to use 2FA and SSO together for other reasons.

Get More Information About Your Instance (Cloud)

Sometimes, Teramind may add additional servers to your Cloud instance for better performance and load balancing. However, previously the My Account > Server & Port tab would only show the primary server.

We have made changes so that it will now show all the attached servers.

Get More Information About Your Instance (Cloud)
Use Case: In addition to giving you more details of your instance, the information will help you configure firewalls/antiviruses properly.

System Settings & Configurations

Configure the Daily Digest Email According to Your Needs

You can now configure what sections will be displayed on the Daily Digest/Snapshot email from the Settings > Daily Digest Alerts screen.

Configure the Daily Digest Email According to Your Needs
Use Case: This will help you configure the daily digest email according to your needs and only share relevant information with the recipients of the email.

We have added an option, USER CONSENT AGREEMENT TEXT to the Settings > Login Screen. This will allow you to specify any text with formatting and styles.

The user will have to accept the agreement before they are allowed to log into the Dashboard.

Get Consent from the User to Conform with Privacy Regulations
Use Case: Due to the nature of the solution, the Teramind Dashboard can contain sensitive information. By obtaining explicit consent before giving a user access to the Teramind Dashboard, you can demonstrate your organizational policy and commitment to transparency and accountability while conforming to privacy regulations. This feature can also be used to display other useful information or notices to a user.

New API Additions and Improvements

Get a User’s Details Using Email or Agent ID

We have added a new API GET command to get a user’s profile via their email address.

Get a User’s Details Using Email or Agent ID

The command is:

https:///tm-api/agent/?fileds=field1,field2...fieldN

Example 1 (Using Email Address):

https://acme.teramind.co/tm-api/agent/[email protected]?fileds=agent_id,first_name,last_name,department_id

Example 2 (Using Agent ID):

https://acme.teramind.co/tm-api/agent/49?fileds=first_name,last_name,department_id,email_address

If the fields variable isn’t specified, the entire profile will be returned.

Use Case: This API method will help you get user details more easily and programmatically.

We have recently changed how the Agent download links are generated for better security. The links now have an expiry time (7 days) and are generated on demand.

We have added an API command, tm-api/download/links?fullPaths=true that can be used with a GET method to retrieve the download links of the latest versions of the Agent.

Get Automated Download Links for the Agent (Cloud)

More information about the download links and API can be found in this Knowledge Base article.

Use Case: If you are using a script to automatically update the Agent, you will be able to use this API method to get the latest Agent versions. Additionally, you will be able to use automation tools like Curl and PowerShell to further automate the link fetching process.

Agent Improvements

Monitor Modern Websites with Support for the HTTP/2 Protocol

Many websites are gradually moving towards the HTTP/2 protocol as it improves website performance, optimizes resource usage, and reduces browsing latency.

We have added support for this HTTP/2 protocol.

Monitor Modern Websites with Support for the HTTP/2 Protocol
Use Case: Introducing support for this protocol will make the Teramind Agent future-proof and eliminate issues with non-working or partially loaded websites that use the protocol.
At the moment, the HTTP/2 support is activated for a list of select web resources. This list can be configured by Teramind Support. Contact them if you need to enable it for any sites.

Get the Most Out of Your Endpoints with the Latest Agent Updates

Upgrade to the latest version of the Agent to get the following benefits:

Optimized CPU Usage on Non-Persistent VDI

We have made some changes to the input monitoring module that’s responsible for tracking keystrokes and mouse activities. The changes will improve the CPU usage (4% – 8% on average) on a non-persistent VDI.

Improved Performance when Registry not Monitored

We have made some changes to the Teramind File System Driver (tmfsdrv2) that will help improve the performance of the overall system when registry monitoring isn’t needed (e.g., when not using any WINDOWS LOG EVENT rules).

Improved Compatibility with Zscaler

We have made some changes to the Agent so for users of Zscaler this will remove OS performance issues and improve startup time.

Mac Updates

Prevent Data Exfiltration with Files Content Sharing Rules

We are adding support for the Files Content Sharing rule type on Mac. With support for this rule type, you will be able to create a rule like the one below.

Prevent Data Exfiltration with Files Content Sharing Rules

Check out the Content Tab and Files sections under Content Sharing Rules: What Contents Trigger the Rules (Windows)? on the Rules Guide for more information.

Use Case: Files Content Sharing rules will help you detect sensitive contents such as PII, PHI, PFI, etc. inside files. You will also be able to define your own data classification using patterns, keywords, and regular expressions. This will help you keep an eye on sensitive and critical file movements and identify any data exfiltration attempts such as copying files containing sensitive information to external drives or uploading the file to a cloud sharing site, etc.

Track Anonymous Browsing with the Private Mode Rule Criterion

We have added support for the Private Mode rule criterion of Webpages Activity Rules on Mac. You can now create a rule like the one below to detect private browsing.

Track Anonymous Browsing with the Private Mode Rule Criterion

Note that the feature is supported only on the Safari browser at the moment.

Use Case: While anonymous/private browsing is a useful feature in ensuring user privacy, it can be used by a malicious user to hide their browsing activities and internet history. Having support for this rule criterion will let you monitor such private sessions when needed.

View the Status of OS Permissions Right from the Dashboard

The Mac Agent requires some OS permissions to operate properly. Without these permissions, you might encounter missing activities/screen recordings, etc. Previously, there was no easy way for you to check if these permissions were enabled for the Agent.

You will now be able to view what Mac permissions are enabled/disabled from the Computers > Computer’s Details screen.

View the Status of OS Permissions Right from the Dashboard
Use Case: With this feature, you can now easily check what OS permissions are enabled for a computer and determine if missing permissions are causing any monitoring issues.

Other New Features & Improvements

There are a lot more changes packed into this release with several enhancements to the web and server components. Below is a summary of some of these improvements. Check out the full list here to get the details.

Dashboard and Reports Improvements

Dashboard and Reports Improvements

  • We have updated the ONLINE EMPLOYEES dashboard widget so that it now properly displays all the information in a streamlined way.
  • We have migrated the Productivity > Overview report so that it will now use the same data sources as the BI Reports.
  • Finally, we have added support for the latest LinkedIn API ensuring proper parsing of the Monitoring/BI Reports > Social Media report.

Server Improvements

  • We have improved the mechanism of acquiring database connections and use fewer of them to avoid performance penalties and potential deadlocks.
  • We have optimized the DB connection usage time when getting the computer and agent information speeding up the authentication process.
  • We have moved the SIEM events into their own threat reducing the load on the main thread and preventing server hangs/crashes due to the SIEM server’s unavailability or a bad network connection.
  • We have integrated new geofence data for cities increasing city name detection accuracy and eliminating issues related to missing/inaccurate city/country names.
Author

Connect with a Teramind Expert

Get a personalized Teramind demo to learn how you can help your organization with insider threat detection, productivity monitoring, employe monitoring, data loss prevention, and more.

Table of Contents