Release Note
[Announcement] WMS Service Expansion and Name Change
✔ WSPC
Website Security Posture Check
As part of the enhanced capabilities of AIONCLOUD's existing Website Malware Scanner (WMS), we are pleased to announce its renaming to Website Security Posture Check (WSPC).
New features, such as SSL/TLS Certificate Monitoring, DNS Record Monitoring, and Blocklist Registration Monitoring, have been added to help you more comprehensively manage your website's security.
In today's digital age, website security is crucial for maintaining trust and ensuring sustainable business operations. While many companies focus on real-time traffic defense, comprehensive security assessments of websites are equally important. WSPC provides an all-encompassing security solution, monitoring your website's overall security posture to detect potential threats and ensure safe operations.
Furthermore, this enhancement marks only the beginning. We plan to expand the service to include vulnerability checks and other advanced security features. AIONCLOUD remains committed to continuously improving its services to safeguard your website’s security.
Thank you for your continued support and interest.
2024-09-30 Release
✔ WMS
New Feature: Blocklist Monitoring
In this release, we have added the blocklist Monitoring feature to monitor the blocklist status of registered domains in real time. If your domain gets listed on a blocklist, It can lead to consequences such as email and web service traffic being blocked by security systems, or search engines applying SEO penalties. This feature enables users to quickly identify and respond if their domains have been listed in spam or malicious site databases, helping to maintain both security and trustworthiness.
• Provides comprehensive blocklist information by integrating with multiple CTI platforms.
• Offers a Risk Score based on various security evaluation criteria.
New Feature: SSL Certificate Monitoring
We have introduced SSL Monitoring, which continuously monitors the validity of SSL/TLS certificates and promptly detects tampering attempts to ensure secure communications. This feature helps prevent phishing and man-in-the-middle attacks caused by certificate tampering, providing users a safer browsing experience. Additionally, it monitors the certificate expiration dates, allowing users to prevent issues caused by expired certificates in advance.
•Monitors the validity of internal elements within the uploaded SSL certificates.
New Feature: DNS Records Monitoring
We have introduced DNS Monitoring, which ensures the integrity of DNS settings and records by monitoring for potential tampering. This feature helps prevent traffic interception and phishing site redirection and maintains domain trustworthiness by detecting any unauthorized changes to DNS records. In large organizations, where security and system operations are often managed separately, DNS record management can become complex. This can lead to situations where changes to DNS records are not timely reflected or properly managed. DNS Monitoring addresses these challenges by ensuring that DNS record updates are monitored and maintained effectively.
• Provides monitoring for selected DNS records by allowing users to upload their current DNS zone files.
Update Feature: Malware Scanner Engine Updated
The malware scanner engine has been updated to the latest version. This update includes enhanced detection algorithms,
allowing for identifying a broader range of threats, significantly improving malware analysis speed, and providing more detailed malware information.
2024-08-22 Release
✔ SIA
New Feature: URL Rewrite Update
The URL Rewrite feature has been added to Security Policies, allowing administrators to enforce specific modes or feature restrictions based on HTTP headers. For example, administrators can restrict YouTube viewing modes by using headers such as YouTube-Restrict: Strict or YouTube-Restrict: Moderate.
Usage Examples:
• Request URL Rewrite - Add headers such as X-Forwarded-For to effectively manage and monitor traffic.
• Response URL Rewrite - Add security headers like X-Content-Type-Options to protect users from harmful websites.
Update Feature: Enhanced Access Control Toward Public Internet
Access Control has been updated to now include not just context-based access control to corporate resources, but also control over public web access. When an Internet zone is specified in Access Control, it will be reflected in the control zone. Any Internet zone that is not specified will not be subject to control.
2024-08-12 Release
✔ SIA
UI/UX Improvements
The console's interface has been redesigned to provide a more intuitive and streamlined experience.
✔ SRA
New Feature: Device Posture Check(DPC)
In this release, we have added the Device Posture Check (DPC) capabilities in our Secure Remote Access (ZTNA) service. The updates include:
- Posture Checks by End-point Devices
- Available for Windows, macOS, Android, and iOS devices.
- Posture Check Attributes
- Antivirus: Checks whether antivirus software is enabled.
- File Path: Verifies the presence of specific file paths or files.
- Process: Confirms whether specific processes are running.
- OS Version: Checks the OS version and whether the latest patches are applied.
- Firewall: Verifies if the OS firewall is enabled.
- Certificate: Checks for the presence of specific certificates.
- AD Domain: Ensures that a user is a member of a specific Active Directory domain.
- Device Serial Number: Confirms if the device serial number matches an authorized serial number.
* Supported end-point devices and attributes table
2024-04-30 Release
✔ SIA
- Add Remote Browser Isolation
✔ SRA
- AIConnector Profile
- Automatic AIConnector Upgrade
- Lock AIConnector Switch
- Dynamic Connector lineup for RBI
2024-04-11 Release
✔ WAAP Enhance API Security
-
Enhanced UI convenience
- Add token validation
- Add payload validation
- Add access control
- Add block message
✔ WAAP Enhance Security Event
- Add IP Reputation Search to the detailed view of a security event.
2024-03-28 Release
✔ SIA
- v3.2.1 bug fix
- Add block page user option
- Add gateway connector
2024-02-29 Release
✔ SIA
- Add ATP to signature Mgmt
- Add ATP to report
- Add detailed view of audit log
- Add SaaS security analytics
2024-01-31 Release
✔ SIA
- Add SaaS Category DB
- Add ATP Inspection with Ailabs
- Add PII(Personally Identifiable Information) inspection
- Add logging action
- MFA apply user and usergroup
- Add Audit Log
2023-01-17 Release
✔ WAAP Enhance Activity Stream
- Display more detailed information in the activity log
✔ WAAP The root domain can also be assigned an ANAME or Alias
2023-12-06 Release
✔ SIA
- v3.1.1 bug fix
- Enhance Usability and Functionality
2023-11-15 Release
✔ SIA
- v3.1.0 bug fix
- Enhance Usability and Functionality
2023-11-02 Release
✔ SIA
2023-10-12 Release
✔ WAAP Add Slow DoS
✔ WAAP Add Forced Browsing
✔ WAAP Add Request Throttling
✔ WAAP Add Credential Stuffing
✔ WAAP Separate sorry page from health server checker.
- Change name of Sorry Page to Fallback Page
✔ WAAP Enhance Rate Limit
✔ WAAP Enhance User-Defined rule
- Add File Extension field to condition list
2023-08-02 Release
✔ WAAP Add CDN
✔ Billing Info Change the Pricing Policy
- Free, Essential, Business, Enterprise
✔ WAAP Rename WAF to WAAP
- WAAP : WEB Application & API Protection
✔ WAAP Add malicious bot detection function.
- Honeypot Trap: Sets the network connection system as bait to attract cyber attackers and identifies unusual approaches.
✔ WAAP Add Header based Client IP Identification & Custom Client IP Injection
✔ WAAP Enable asterisk(*) regular expression in Rate Limit
- An asterisk (*) matches zero or more characters, enabling the detection of URLs with the same pattern.
✔ WAAP Add request body to detail view of Security Event (Only for Enterprise Users)
2023-06-28 Release
✔ WAF Enhanced malicious bot detection function
- IP Reputation: Identifies and detects the Bot using Bot Management IP reputation information
- Rate Limit: This is a function that allows you to create and query threshold-based rules for repetitive access from the same client.
- Advance: You can choose how to automatically identify and mitigate malicious Bot's website visits to websites.
2023-01-02 Release
✔ WAF User interface changes a lot
✔ WAF Add User-Defined rule
✔ WAF Add API Security
✔ WAF Change Access Control Rule based
✔ WAF Added policy copy function by domain
✔ WAF Web security, detection function available
✔ WAF Enhanced stability and UI convenience
2022-04-27 Release
✔ WAF Web Cache
2021-11-16 Release
✔ WAF Error Clocking Detailed Settings
2021-11-02 Release
✔ WAF WAF Customize Block Page
2021-08-19 Release
✔ WAF WAF Login Enhanced Authentication
2021-08-01 Release
✔ SIA SIA SERVICE OPEN of ZTNA(SDP)
2021-02-15 Release
✔ WAF The feature to add new records has changed
When adding a record to DNS, "Name" cannot contain host.
✔ WMS Add Direct IP feature
When diagnosing, WMS accesses the server without going through a proxy such as WAF service.
✔ WMS API Updated
Added request body for new features.
2020-12-07 Release
✔ WAF WAF Detect Log UI Improvement
✔ WAF Add Stripe Korean Won Payment
2020-11-17 Release
✔ WMS Changed the service name WMD to WMS (Website Malware Scanner)
✔ WMS Add Screen switching feature
- This is a feature that protects website visitors from malicious infected pages.
- Based on the latest diagnosis results, malicious pages are redirected to safe pages.
- To collect malicious pages, you need to add the code to your site.
2020-10-12 Release
✔ WAF Add Server side loadbalancing(SLB) feature
- This feature is used when there are more than one origin server.
- When SLB is enabled, the dashboard displays server status information.
- When all servers become inaccessible, the Sorry page is responsed to the client.
✔ WAF Changing the setting value of a threshold-based policy
- You can set Period, Count, and Block Time in the DoS Detection policy.
- The maximum Period for the Brute Force Detection policy has been increased to 300.
2020-09-21 Release
✔ WAF Add detect log excel download feature
- Added the feature to download detect logs as an Excel file.
2020-08-13 Release
✔ WAF Add JS Challenge policy
- The JS Challenge policy has been added to the user defined tab of the policy.
Upon receipt of the HTTP request, the WAF responds with Javascript challenge script, which can only be interpreted in a web browser. It allows access to the actual website only when interpreting this script, and it defends automated attacks such as bots that cannot be interpreted.
2020-03-02 Release
✔ AIONCLOUD Change UI Design
- Improved overall UI design.
- The pages are sorted by service.
✔ SWG SWG Service Launch
It has launched client security service SWG(Secure Web Gateway).
✔ WAF Add domain permissions by member
2020-01-20 Release
✔ WAF Add ldap injection policy
The ldap injection policy has been added to the security tab of the policy.
✔ WMD WMD UI changed
- Changed "Site Map View"
- Add Sitemap Option in "Site Management > Add site"
- Diagnose only newly added or changed URLs.
- Changed "Diagnosis Status > Report"
2019-10-30 Release
✔ WAF Add AIONCLOUD DNS Sever
- If you change your name server to the ones provided by AIONCLOUD, you can register root-domain.
- DNS management screen has been added in domain info. You can register or delete DNS records.
✔ WAF Add API
The API for DNS services has been added. Details can be found in API DOCS.
2019-09-30 Release
✔ Billing Info Add modify the payment information
- You can check the current card information in the 'Information menu' and click 'Change' to modify the card information.
- In 'Payment Information', you can check payment information based on service use and payment history by period. You can change the item by clicking 'Change'.
- The function to select the product has been added. If you change the product it will be changed on the 1st of next month.
✔ Billing Info Change payment method(Stripe)
- The function to modify card information has been added. You can edit your credit card information
- The function register payment information has been added.
After you register your card information, the fee for this month's use will be paid on the 1st of next month. The fee for this month's use will be calculated according to the number of days. - The charge based on the traffic has been added to the product
2019-08-30 Release
✔ WAF Add BPS graph
The site Dashboard's UI page has been better. and you can view the BPS graph.
✔ WAF Add Auto generate monthly report function
If you check "Auto generate monthly report", the report will be generated automatically on the first day of each month.
✔ WAF Add EC Private Key supports
✔ WMD Add API
The WMD service's API has been added. Details can be found in API DOCS.
✔ WMD Add Report
Excel file were added for type of report file.
2019-07-19 Release
✔ WMD Improvement of site map's UI
Changed the site map's UI look better. and you can view the start time and create time.
✔ WMD Improvement of diagnosis report's UI
- "View Threat Info Only" function add. If you check this, you can only see threat information.
- Added Host, URI items to threat information.
✔ WMD Add notification email setting.
You can set up multiple emails to receive notifications about malicious information detection.
✔ WAF WMD bug fixes
Minor bug fixes
2019-06-21 Release
✔ My Page Add Member menu
The invited member shares the data of your account.
✔ WAF Add API
The WAF service's API has been added. Details can be found in API DOCS.
✔ WMD Improvement of Report
Revised the report to make it look better.
✔ WAF WMD bug fixes
Minor bug fixes
2019-05-24 Release
✔ WMD 'Diagnosis level' function add
When you start 'Diagnosis', you have the 3 option of a diagnostic level to choose from.
The level option sets the diagnostic time for individual URLs.
the 3 options are quick (1 second), normal (10 seconds), and deep (30 seconds).
The reason for setting the url diagnosis time is to detect the type of malicious code that is running for a certain period of time to avoid detection such as APT solution.
✔ WMD 'Diagnosis abort' function add
When the diagnosis is in progress, the 'diagnosis start' button is changed to the 'diagnosis abort' button so that the diagnosis can be canceled.
✔ WMD 'Remaining time' check function add
'Remaining time' can be checked in Current diagnosis info of Dashboard menu.
✔ WMD 'Report' view function improving
'Report' can be checked in diagnosis progressing.
✔ WAF WMD bug fixes
Minor bug fixes