Trellix Release 11.0.0 for Network Security (NX) and NDR Sensor will be available for download today. Customers can access directly via the Dynamic Threat Intelligence (DTI) cloud, while offline customers can obtain the release through the designated offline portal.
Trellix Release 4.0.0 for NDR Console (formerly Network Investigator, Investigation Analysis) will be made available today via secure file download.
Trellix NDR Console 4.0.0 Release brings powerful new features, impactful enhancements, and significant detection and response capabilities. Explore what's new below and check out the full Release Notes for all the latest fixes and upgrades.
- Rich analyst experience with enhanced workflows and new views, synchronized filtering across alerts data, analyst springboards, and risk-based severity scoring for alerts
- Improved asset visibility with risky assets and risky conversations
- Comprehensive Integrations with SIEM, Splunk, Tenable, and on-premise ePO
- Attack Path Discovery to identify the riskiest assets and attack paths an attacker may use to compromise them
- Selective Packet Capture for live on-demand full packet capture
- Network Detection and Response Console (NDR Console) capabilities can be enabled through licensed NDR Product Editions, including Essentials, Core, and Enterprise. Existing Network Forensics customers who have the Network Investigator (NI / IA) will default to NDR Essentials
- Expanded threat detection capabilities like identifying communication with newly registered domains and known malicious domains, DNS and ICMP tunneling, phishing attempts (exfil / credential steal), SSL anomalies, Tor activity, and lookups / detections of suspicious URLs
- Integration with Trellix WISE (GenAI) solution
- Integration with Global Threat Intelligence (GTI) to determine the reputation of URLs
- Revamped UI with addition of many new widgets and improved page layouts
Network Security (NX) and NDR Sensor Release 11.0.0 includes various fixes in addition to the new features and enhancements described below; please refer to the Release Notes for a complete list of all the fixes.
New features and enhancements in Network Security 11.0.0:
- Base Platform upgrade to AlmaLinux 9.2 for security hardening, enhanced stability, and performance
- The OpenSSL library is upgraded to version 3.1.x to strengthen security, enhance performance, and extend cryptographic functionality
- Multiple vulnerabilities are addressed in Release 11.0
- Integration with Private Global Threat Intelligence (pGTI) to perform reputation lookup for files and URLs
- Support for regex pattern matching for URLs in custom allowed list and blocked list
- Ability to add URLs, MD5 or SHA-256 hashes, and regex URLs to both the custom allowed and blocked lists via the third-party feeds tab in the Network Security Web UI
- Virtual NX 10500V can be deployed on KVM hypervisor in L3 mode, with a maximum of two pairs of SR-IOV monitor interfaces
- IPv6 support for SSL intercept
- Support for IPv6 addresses in alert policy exceptions
- Configuration management for PCAP artifacts, and options for PCAP backup and cleanup
- TAXII 2.1 / STIX support for ingesting IOCs through TAXII server for IOC based detections
- Support up to 30Gbps in NDR Sensor Flare mode on NX 8600
- Network Security (NX) 11.0 can be deployed as a NDR Sensor providing essential network visibility, threat detection, and response capabilities. Network Security (NX) can be converted to NDR sensor by ordering and installing the NDR License on NX 8600 or Virtual NX 10500V
Managed Defense compatibility:
Managed Defense customers should not upgrade to these releases without prior coordination with your Managed Defense Consultant (MDC).
Notes:
Network Detection and Response Console 4.0 is compatible with Packet Capture 6.2 or newer. You can upgrade your NDR Console appliance (formerly Network Investigator) to release 4.0.0 from release 3.1 or later. To ensure optimal performance, Trellix recommends upgrading to the latest releases.
Network Security 11.0 releases require a reboot to take effect. Trellix OS Releases 10.0 and 11.0 will not be supported on x400 appliances, NX 10550, and VX 12500 platforms. You can upgrade your Network Security (NX) to release 11.0 from version 9.1.0 or later. If your Network Security (NX) is managed by a Central Management appliance, the Central Management appliance must be running Trellix OS 11.0 before upgrading the managed appliance(s).
After Network Security (NX) / NDR Sensor upgrade to version 11.0, certain processes will be in a pending state until new security content is downloaded and installed. The security content is downloaded and installed automatically for online customers. Offline customers must manually download and install the new security content after upgrading appliances to version 11.0.
Before upgrading your Network Security appliances to Trellix OS 11.0, modify any custom YARA rules to YARA 4.5.0.
Trellix strongly recommends automatic downloading of Guest Images in order to maintain the most recent version. Automatic downloading is enabled by default. The update to GI Bundle 24.0702 will therefore occur automatically on version 11.0 systems unless automatic GI updates are disabled. If automatic downloading is not enabled, enable it with the command fenet guest-images auto enable. Running an outdated version of Guest Images results in a loss of performance and detection capability.
For further details on the features and fixes included in this release, as well as for information on how to upgrade, please log in to the Trellix Customer Support Portal using your Trellix support credentials and refer to the documents
- Network Security (NX) and NDR Sensor 11.0 Release Notes
- Network Detection and Response Console 4.0 Release Notes