Lastline Defender and Analyst Hosted Release Notes

Version 7.34

New features

  • Enforce a strong password policy for new passwords on Lastline Portal

Enforce a strong password policy for new passwords on Lastline Portal

With this release, the Lastline Portal will begin enforcing a stronger password policy for all new account passwords. This change applies:

  • At account creation
  • When changing the password of an account
  • When using the password reset functionality to change the password of an account

In all these cases, if the user selects a password that is too weak, the portal will display an informative error message that should assist the user in selecting a better password.

To determine if a password is weak and suggest how it can be improved, we do not just rely on its length and on hard-coded rules on the character classes it contains. Password character composition rules are both cumbersome for users and ineffective at ensuring password strength. Instead, we adopt industry best practices for detecting weak passwords by using the zxcvbn library to estimate password strength.

This change was tracked internally as FEAT-2745

Detection Improvements

  • LLADOC-542: More robust extraction of Ole-10-native files from Microsoft Office documents.
  • LLADOC-543: More robust parsing of RTF files in the prefilter module.
  • LLADOC-549, LLFILE-400: Improved analysis of URLs in Internet Shortcut files.
  • LLADOC-551: More robust parsing of invalid XML.
  • LLFILE-380: Improved file type classification for non-Office files using OpenXML file format.
  • LLFILE-393: Improved extraction of partially-corrupted 7z archives.
  • LLFILE-395: Improved analysis of Microsoft Office Spreadsheet-ML files.
  • LLFILE-399: Improved analysis of Microsoft Office Presentation-ML files.
  • FEAT-2808: Improved handling of malicious code embedded in CSV files for Microsoft Excel.

Bug Fixes and Improvements

  • SURI-698: Fix to a bug introduced by the sensor 730 sniffing component that would prevent correct processing of certain HTTP transactions.
  • SENT-822: Fix to a bug that would prevent the correct operation of a sensor inline bridge in case the bridge was assigned an IP address.
  • SENT-821: Improvement to the sensor file analysis processing logic in case of manager downtime.
  • SENT-818: Improvement to the "blocking with feedback" mode in ICAP and explicit proxy. The refreshing page used to provide feedback to the customer on the analysis status is now compatible with a wider range of web browsers.
  • SENT-817: Improvements to CPU allocation for sniffing sensors with large amount of CPU cores.
  • MALS-2523: Improved detection of suspicious web pages hosted on compromised websites.
  • MALS-2509: Better documentation for "No IOC extractable" error in the Lastline Analyst API.
  • MALS-2473: More reliable generation of document-structure analysis reports.
  • MALS-2257: Better validation of OpenXML-based file types in the Lastline Analyst API.
  • LLSHED-48: Improved error handling in sensor upload processing.
  • FEAT-2828: Fix bug where reports would be empty for mail-only sensors.
  • FEAT-1823: While sending out the event notifications via e-mail, URLs are now obfuscated using hxxp and not spaces. This has been done to simplify the parsing of event notifications automatically.
  • FEAT-1714: Extend Lastline Analyst API report to show more information on files inside archive/container files submitted for analysis.

Deprecation of API methods

Since release 7.24, all methods of the legacy API (/ll_api/ll_api) are deprecated. The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:

Lastline Sensor version 731

Deprecation of appliance versions

Since release 7.28, sensor versions before 720 are no longer compatible with Lastline backend.

Since release 7.24, sensor versions before 717 are no longer compatible with Lastline backend.

Distribution Upgrade

Sensor version 731, which is being made available as part of this release, does not support Ubuntu Precise as the underlying operating system distribution. Before upgrading to the latest sensor versions, sensors that are still on Ubuntu Precise will need to be upgraded to Ubuntu Trusty.

Users can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "trusty". If it is "precise", the appliance distribution needs to be upgraded.

For complete information regarding the upgrade process please refer to the Lastline Support Knowledge Base.

7.33 2018.1