Major new functionality in Guardian V4
Change monitoring and recovery for Azure AD Enterprise Applications and App registrations
Cayosoft Guardian now has a feature that allows you to monitor changes and recover data for Azure Enterprise Applications, App Registrations, Consents, and App role assignments and more. This feature enables you to keep track of any suspicious or unauthorized activities in the Azure AD environment, which helps to identify potential security threats quickly. Moreover, with alerting rules, you can automatically respond to such risks. By unifying changes in objects related to applications such as Consents, Cayosoft Guardian provides better insight into application security by transforming them into user-friendly changes of Enterprise Applications.
Automated product updates
Cayosoft Guardian now supports in-product notifications of new releases and the downloading and installation of those new versions. Administrators can configure the timeframe for automatic updates or schedule each update to happen manually.
Instant AD Forest Recovery in AWS (Patent Pending)
Amazon Web Services (AWS) is one of the most broadly adopted cloud platforms in the world. Now, backup plans can synchronize backup files to an Amazon S3 storage. Recovery plans can automatically create isolated recovery sites on the AWS cloud platform with all required resources, such as virtual machines and network infrastructure providing the fastest full AD Forest Recovery on the market today. With Instant Recovery, there is always an up to date stand-by directory at the ready should the Forest fall victim to a ransomware or wiper cyberattack.
Instant AD Forest Recovery in Azure (Patent Pending)
Microsoft Azure one of the fastest growing platforms for infrastructure just behind AWS. Recovery plans can automatically create an isolated recovery sites on the Azure cloud platform with all required resources, such as virtual machines and network infrastructure providing the fastest full AD Forest Recovery on the market today. With Instant Recovery, there is always an up to date stand-by directory at the ready should the Forest fall victim to a ransomware or wiper cyberattack.
Threat Detection
AD configuration is complex and even a small misconfiguration can have significant security consequences. Attackers can exploit these misconfigurations to gain unauthorized access to the network or sensitive data. Guardian's threat detection capabilities now include the ability to scan the configuration of Active Directory to identify configurations or settings that pose a security risk.
Threat Signature Live Updates
Threat Signatures are files that contain information about new AD, Azure AD, or Office 365 threats. Updates are regularly released by Cayosoft to provide Guardian with the necessary information for the software to detect and respond to new threats. Similar to modern Anti-Virus programs, Threat Signatures are automatically updated periodically so that the level of protection provided by Guardian grows overtime.
Free Threat Summary Report
The Threats Summary Report includes all active threat alerts discovered by Cayosoft Guardian and overall threat statistics. The corresponding reporting job can be scheduled to generate and send the report via email or Teams on a regular basis.
Group Policy Change Monitoring & Rollback (v3)
Cayosoft Guardian v3 added change monitoring, creating backups, and performing recovery of Group Policy Objects down to individual GPO settings. Cayosoft Guardian tracks changes in all types of GPO settings. Change History view was improved to present changes in GPO settings and other complex data structures in a human-readable form.
Boosting Product Security
Security is a continually evolving animal and cyber only accelerates things. The Cayosoft Guardian 4.3.1 release marks the next evolution of strengthening product security. We’ve now adopted a more secure process for passwords used for backup encryption and allow you to exclude specific objects from your change alerting, ensuring a focus on critical changes while reducing security noise.
All items added in V4
Version | ID | Item |
Product area |
4.4.1 |
15162 |
An issue has been resolved when some functionality in Cayosoft Guardian that uses a database on an external SQL Server with Windows Authentication mode was not available. |
Service |
4.4.1 |
15165 |
An issue has been resolved when the health check of domain controllers in some cases raised alerts about security log size every hour without an option to disable this check. This health check has been removed from Cayosoft Guardian. |
Service Health monitoring |
New in version 4.4.0
Version | ID | Item |
Product area |
4.4.0 |
13744 13869 |
Monitoring for Microsoft Intune Now, Cayosoft Guardian monitors changes in Microsoft Intune policies. These policies are applied to sets of devices and significantly affect the overall security stance of your environment. Change History provides administrators with important details for each change in Intune and changes in Entra ID related to Intune and allows them to roll back unwanted modifications. Learn more about specific object types supported in Cayosoft Guardian. |
Entra ID Intune |
4.4.0 |
14522 14523 |
Notification Improvements We have enriched alert notifications, which now include information about an initiator, object type, change type, and other significant details. All alerts shipped with Guardian will automatically upgrade to the new detailed format unless you have previously customized them. NOTE: If you want any of your customized alerts to also start including these additional details, you can re-create them to take advantage of the new functionality. Also, we have enhanced notification algorithms to speed up the delivery in some scenarios like, for example, automatic rollback.
|
Service Alerting Security |
4.4.0 |
8896 13948 14153 |
Health monitoring for Cayosoft Used Infrastructure To make you aware of issues in the environment that might prevent Cayosoft Guardian from functioning properly, we added health checks that include:
This upgrade will automatically add these to your health check monitoring. |
Service Health monitoring |
4.4.0 | 13474 |
Accelerated Threat Detection To improve detection capabilities in Cayosoft Guardian, now, each threat definition has its own schedule that can be adjusted. Prior to this enhancement, a daily check was performed (once every 24 hours), but now detection can be executed much more frequently (e.g. every hour). With this upgrade, the product gets new updated frequency settings and will detect many threats much faster. |
Service Security |
4.4.0 | 14714 |
Multiple enhancements have been made to improve usability and operations with multiple objects, specifically, with change history records and alerts. Cayosoft continually seeks ways to improve the user experience. |
UI UX |
New in version 4.3.2
Version | ID | Item |
Product area |
4.3.2 | 14619 |
An issue has been resolved! An Azure AD change collection job sometimes fails with an error when the Collect Changes for Roles action was enabled. Now fixed. |
Service |
4.3.2 | 14620 |
An issue has been resolved! A threat detection job might report warnings and skip some threat definition checks. Now fixed. |
Service |
New in version 4.3.1
Version | ID | Item |
Product area |
4.3.1 | 13819 |
Exclusions for collection jobs For larger environments containing frequently changing objects, Cayosoft Guardian allows fine-tuning of collection jobs to exclude specific changes or objects. Focus attention on the most essential or critical objects and reduce security noise. Monitor and alert on what matters to you most. |
Service |
4.3.1 | 13634 |
Enhanced security for backup encryption Now, Cayosoft Guardian offers to copy and preserve the password that is used to encrypt backups only when a plan is created. This ensures less and limited people will have access to, know, and use password for backup encryption. |
Security Forest Recovery |
4.3.1 | 13642 | An issue was resolved when some cookies did not have the HTTPOnly flag set. |
Service Security |
4.3.1 | 13638 | An issue was resolved when the fully qualified path name of the server was exposed in the server's response. |
Service Security |
4.3.1 | 13640 | An issue was resolved when the Content-Security-Policy HTTP header was set incorrectly. |
|
4.3.1 | 13643 | An issue was resolved when a JWT token had an excessive token lifetime. |
Service Security |
4.3.1 | 13641 | An issue was resolved when a cookie did not require the use of SSL for secure transmission. |
|
4.3.1 | 13633 | An issue was resolved when the request to a server contained a session identifier. |
Service Security |
4.3.1 | 14006 | An issue was resolved when Cayosoft Guardian created unused credentials on adding multiple Azure subscriptions using the same account and reported a warning. |
Service Forest Recovery |
4.3.1 | 13749, 13750 | Several issues were resolved to improve product security. |
|
4.3.1 | 10938, 13833 |
UI and UX improvements We continue to streamline screens to minimize clicks and complexity. Minor design adjustments were also made to improve convenience and simplicity. |
UI UX |
New in version 4.3.0
Version | ID |
Item |
Product area |
4.3.0 | 4947 |
Change Monitoring and recovery for AAD Devices Cayosoft Guardian now presents changes related to the lifecycle of Azure AD or Hybrid devices in the Change History including joins, deletions, ownership, and membership changes. In addition, Change History provides a user-friendly classification for each type of action and other features like initiator discovery, and instant recovery. Cayosoft Guardian also collects events for Bitlocker-related activities. |
Azure AD, Intune |
4.3.0 | 6676 |
Multiple databases for better reliability and supportability Cayosoft Guardian now uses two system databases. The history database contains your data such as change history, and the configuration database contains the settings required to operate. If your database is on the external SQL server, Cayosoft Guardian will automatically move configuration data to the local storage during the upgrade. Learn more about backing up local configuration database in Cayosoft Guardian. |
Service |
4.3.0 | 13196 |
Security hardening for Azure storage Cayosoft Guardian now supports the blob storage type as a default storage type. Using Azure file storage is not recommended as this storage type does not support secure authentication methods. IMPORTANT: Cayosoft Guardian will not support Azure file storage in future versions. Add Azure blob storage in backup locations and replace Azure file storage with Azure blob storage in all your backup plans.
|
Service, Forest Recovery, Azure
|
4.3.0 | 13248 |
Licensing OFFICEBASIC licenses are no longer counted in Cayosoft Guardian. |
Licensing |
4.3.0 | 13291 |
Change Monitoring for tenant-wide settings Cayosoft Guardian now supports change monitoring and recovery for security-sensitive tenant-wide settings. Learn more about specific settings supported in Cayosoft Guardian.
|
Azure AD |
4.3.0 | 13616 |
Health check for Cayosoft Guardian Cayosoft Guardian now regularly evaluates the health of its components and reports any discovered issues to notification channels. |
Service |
4.3.0 | 13542 |
Update channels: Mainstream and Insider Cayosoft Guardian has multiple update channels to offer the possibility to try new features before there are publicly available. The Mainstream channel is the best option for most production environments. With Insider channel, you can try new features before they are generally available. Changing this setting will only impact future updates. Learn more.
|
Service |
4.3.0 | 5118 |
An issue has been resolved when undeleting a hybrid security group completed without restoring App Role Assignments in Azure AD. |
Hybrid |
4.3.0 | 13263 | An issue has been resolved when a backup plan with encryption enabled might fail with an error. | Forest Recovery |
4.3.0 | 13639 | A minor security issue has been resolved when a Strict-Transport-Security header was not included in some requests. | Security |
4.3.0 |
13762 11543 12859 13202 13275 13328 13498 13692 |
UX and UI improvements |
UI, UX |
New in version 4.2.1
Version | ID | Item | Product Area |
---|---|---|---|
4.2.1 | 13333, 13446 |
An issue has been resolved when a standby recovery plan allowed execution with incorrect settings for locations of SYSVOL and Active Directory data store files. Now, Cayosoft Guardian automatically checks and adjusts these settings to ensure a successful recovery. |
Active Directory Forest Recovery |
4.2.1 | 13364 | An issue has been resolved when a promotion of an additional domain controller with a non-default owner failed with an error. |
Active Directory Forest Recovery |
4.2.1 | 13365 |
An issue has been resolved when a recovery plan might fail with an error during the resetting of trust passwords. |
Active Directory Forest Recovery |
4.2.1 | 13411 |
An issue has been resolved when the execution of the recovery plan failed with an error due to lengthy paths in SYSVOL. |
Active Directory Forest Recovery |
4.2.1 | 13413 |
An issue has been resolved when a promotion of an additional domain controller in a child domain might fail with an error. |
Active Directory Forest Recovery |
4.2.1 | 13450 |
Now, during the execution of the recovery plan, Cayosoft Guardian automatically retrieves encoded error messages from the AWS cloud platform and includes them in the execution history of a recovery plan. |
Active Directory Forest Recovery AWS |
4.2.1 | 13457 |
UI and UX improvements |
Forest Recovery |
New in version 4.2.0
Version | ID | Item | Product Area |
---|---|---|---|
4.2.0 | 6304, 13183 |
Change Monitoring for Microsoft 365 tenant settings Certain Microsoft 365 tenant settings in Azure Active Directory affect all users, groups, or applications in the tenant or the entire organization's security posture. Cayosoft Guardian offers change monitoring and rollback capabilities for some of the most security-sensitive tenant settings. With Initiator detection, you can ensure that any changes are authorized and in compliance with your security policies. |
Azure Active Directory |
4.2.0 | 12886 |
Better security for Azure cloud storage with TLS 1.2 enforcement Cayosoft Guardian now provides enhanced security for file storage in Azure. For newly created storage, blob public access is disabled and TLS is set to version 1.2. |
Service Azure |
4.2.0 | 12958 |
Automatic backup selection enhanced Cayosoft Guardian now has a better algorithm to automatically select backups from multiple storages for a new recovery site. |
Service |
4.2.0 | 12985 |
Audit for Bitlocker and LAPS passwords access Now, Cayosoft Guardian allows auditing of the read access operations. With this feature, you can audit access to BitLocker and LAPS passwords. |
Active Directory LAPS BitLocker |
4.2.0 | 13279 |
Enrichment, advanced search capabilities and reporting for native Event Log Cayosoft Guardian now offers access to native event logs gathered from your cloud or on-premises environments. Besides Change History, you can now utilize the Event Log feature. While Change History employs various APIs to display changes and provide rollback functionality, Event Log allows access to native events that cover not just modifications but also all other types of operations. With Event Log, you can gain insights into a wider range of activities, such as changes to devices, contacts, or read-access operations related to BitLocker and LAPS passwords. |
UI UX Azure Active Directory Active Directory Service |
4.2.0 | 13082 |
Favorite queries Make it easier to access your frequently used queries in Change History by adding them to Favorites. |
UI UX |
4.2.0 |
13008 13014 13015 13060 13103 13228 13251 13234 13240 |
UX and UI improvements |
UI UX |
New in version 4.1.2
Version |
ID | Item | Product Area |
---|---|---|---|
4.1.2 |
4668 7520 12748 |
Change monitoring and recovery for Azure AD Enterprise Applications and App registrations Cayosoft Guardian now offers change monitoring and recovery for Azure AD Enterprise Applications, App Registrations, Consents, and App role assignments. By auditing changes related to Enterprise applications, you can monitor for unauthorized or suspicious activity within the Azure AD environment and identify potential security threats, enabling quick automated responses with alerting rules to mitigate risks. To provide better visibility and insight into application security, Cayosoft Guardian unifies changes in application-related objects such as Consents and transforms them into user-friendly changes of Enterprise Applications. |
Azure Active Directory |
4.1.2 | 9944 |
Change monitoring and recovery of authentication methods set up by Azure AD users Cayosoft Guardian provides change monitoring of changes in the authentication methods of users. In the context of Azure AD and Multi-Factor Authentication, detecting and responding to any suspicious changes in authentication information, such as phone numbers, email addresses, or security questions is imperative. |
Azure Active Directory |
4.1.2 | 12801 |
Improved change monitoring of Azure AD Conditional Access Policies (CAP) Cayosoft Guardian now supports the recovery of Conditional Access policies using authentication strength. Authentication strength is a Conditional Access control that lets you define a specific combination of multifactor authentication methods that an external user must complete to access your resources. |
Azure Active Directory |
4.1.2 |
12727, 11753 |
Automated product update Now, Cayosoft Guardian supports built-in downloading and installing updates from the cloud. You can configure the timeframe for automatic updates or schedule each update manually. |
Service |
4.1.2 | 12792 |
New change categories in Change History We added more than 40 new categories in Cayosoft Guardian to provide users with better visibility of changes in connected systems. |
UX, Azure Active Directory, Active Directory
|
4.1.2 | 11677 | Cayosoft Guardian notifies you about available threat definition updates using a global alert. | UX |
4.1.2 | 12836 | An issue has been resolved when a recovery site without virtual machines could be created with a recovery plan. | Forest Recovery |
4.1.2 | 12814 | An issue has been resolved when the initiator of some changes in Named Locations could not be detected. |
Azure AD |
4.1.2 | 13002 | An issue has been resolved when the restoration of mailbox changes containing properties related to litigation hold failed with an error. | Exchange Online |
4.1.2 |
12571 12864 12817 12837 12878 |
Enhancements related to user experience, security, and performance Every release gives Cayosoft the chance to improve our products and services. These items fall into this category. |
UX, Security, Service |
New in version 4.1.1
Version |
ID | Item | Product Area |
---|---|---|---|
4.1.1 |
11713 |
An issue was resolved when the creation of a custom saved query might fail with an error.
|
UI/UX |
New in version 4.1.0
Version |
ID | Item | Product Area |
---|---|---|---|
4.1.0 |
11076, 11525 |
Instant forest recovery with Amazon Web Services (AWS) Amazon Web Services (AWS) is one of the most broadly adopted cloud platforms in the world. Now, backup plans can synchronize backup files to an Amazon S3 storage. Recovery plans can automatically create recovery sites on the AWS cloud platform with all required resources, such as virtual machines and network infrastructure.
|
Active Directory, Instant Forest Recovery |
4.1.0 | 10150 |
Azure AD Connect cloud sync support - Azure AD Connect cloud sync is a new offering from Microsoft designed for the synchronization of users, groups, and contacts to Azure AD. Cayosoft Guardian automatically discovers the configuration of Azure AD Connect cloud sync and starts the synchronization process when the rollback job restores hybrid objects.
|
Hybrid |
4.1.0 | 10868 |
Threats Summary Report - The Threats Summary Report includes all active threat alerts discovered by Cayosoft Guardian and overall threat statistics. The corresponding reporting job can be scheduled to generate and send the report via email or Teams on a regular basis.
|
Threat detection, Reporting |
4.1.0 | 11577, 11539, 11530, 11491 |
GPO backup and recovery enhancements - To simplify undelete of Group Policy Objects (GPO) in the Active Directory, Cayosoft Guardian can automatically detect and restore all related changes in both Active Directory and GPO files. Also, Cayosoft Guardian now supports additional GPO recovery scenarios, such as script settings and GPO preferences recovery.
|
Active Directory, Group Policy Objects |
4.1.0 | 11558 |
Performance enhancements for SQL databases - Cayosoft Guardian now uses a columnstore index technology to reduce overall database size and increase query performance. A columnstore index is a technology for storing, retrieving, and managing data by using a columnar data format, called a columnstore. Columnstore indexes are the standard for storing and querying large data warehousing fact tables. This index uses column-based data storage and query processing to achieve gains up to 10 times the query performance in your data warehouse over traditional row-oriented storage. You can also achieve gains up to 10 times the data compression over the uncompressed data size. IMPORTANT: An upgrade to Cayosoft Guardian 4.x from version 3.x might take up to several hours due to the changes in the database structure.
IMPORTANT: Cayosoft Guardian 4.x no longer supports legacy versions of SQL Server and some limited configurations of Azure SQL. If you use Cayosoft Guardian with the unsupported database configuration, after upgrade you will see an alert. We strongly recommend you to migrate to the supported configuration to receive all benefits brought by the columnstore index technology. Check system requirements to find supported configurations.
|
Service |
4.1.0 | 11539 |
Automation for recovery of containers in the Active directory - To simplify undeletes of containers, such as organizational units, Cayosoft Guardian can automatically detect related changes of child objects within a hierarchical structure and restore all these related changes.
|
Active Directory, Undelete |
4.1.0 | 11608 |
Automation of the DNS configuration in recovery plans - Cayosoft Guardian now automatically configures recovery plans to include addresses of specific DNS forwarders for recovery sites in the cloud. Domain controllers use these addresses to access cloud services during the forest recovery process.
|
Forest Recovery, Active Directory |
4.1.0 | 11312 |
Initial configuration wizard - After installation, Cayosoft Guardian offers quick access to essential configuration tasks, including license activation, database configuration, and connecting managed systems.
|
UX |
4.1.0 | 11606 |
An issue was resolved when the backup discovery process might fail if an Active Directory metadata size in the backup files exceeds a specific size.
|
Active Directory |
4.1.0 | 11378 |
An issue was resolved when Cayosoft Guardian generates a change history record related to an active role assignment, even though there are no changes in role membership in Azure AD.
|
Service, Azure AD |
4.1.0 | 11413 |
An issue was resolved when the threat detection job finished with success status, even though threat detection failed in some connected systems.
|
Service, Threat Detection |
4.1.0 | 11548 |
An issue was resolved when Cayosoft Guardian service might consume all available RAM memory if the Teams collection job is running.
|
Service, Teams |
4.1.0 |
11687, 11678, 11268, 11364, 11421, 11489 |
Minor UI and UX improvements. | UI/UX |
Comments
0 comments
Article is closed for comments.