Trellix: Intrusion Prevention System 11.1 Update 8 Certification Software Release

The following Trellix Intrusion Prevention System (IPS) software are now available:

• IPS Manager / Central Manager – 11.1.19.61 (Windows and MLOS)
• Certification NS-Series Sensors – 11.1.17.63 (NS9600, NS9500, NS9300, NS9200, NS9100, NS7600, NS7500, NS7350, NS7250, NS7150, NS5200, NS5100, NS3600, NS3200, NS3100)

The release offers new capabilities including:

• Advanced SSL decryption:
  • Powered by Mira Security, enabling SSL inspection on all major IPS form factors in proxy mode. Integration with Mira on physical (NS9500, NS7500, NS3600, NS7600, NS9600, NS9600 Stack), virtual (VM600, VM5000), and cloud (AWS, Azure) environments
  • Support for Jumbo SSL, ECDSA certificates, and 4K RSA key decryption
• Hardware expansion:
  • Supports 4x100/40G PFO modules and power monitoring on NS3600
• Improved detection with NDR and IPS Manager:
  • SMB and DCERPC metadata forwarding for richer behavior analytics and detections
• EO-14028 attestation gaps:
  • Addressed EO-14028 attestation gaps related to third-party SW framework Java Struts that have reached EOL used on IPS Manager by migrating to Web Services and ExtJS framework
• Performance improvements:
  • Partitioning of high volume data (alert,pkt log) tables to enable pruning at a very fast rate
• Cloud enhancements:
  • Packet capture support for AWS and Azure cloud sensors for forensics investigations
• Support for wider range of malicious file types for malware detection and classification

For a full list of changes, see the following documentation:

• IPS 11.1.19.61-11.1.17.63 Manager-NS-series Certification Release Notes
• Trellix Intrusion Prevention System 11.1.x Certification Guide

The software is available on the Product Downloads site.