Nebula Policies.png

August 28, 2025

New Brute Force Protection policy setting

Improvements

Introduced a new policy setting for Brute Force Protection called “Use event tracing for detecting inbound connections” that uses a less verbose method (event tracing) for logging purposes

Features and Improvements

  • Enhanced heuristics for search hijacking prevention in Browser Phishing Protection to reduce false positives.
  • Improved copy and updated illustration in search hijacking prevention toasts for greater legibility.

Issues Fixed

  • NDEV-19481: Resolved an issue where the Browser Phishing Protection extension did not honor policy settings after 60 minutes.
SAM Scores.png

August 18, 2025

Security Advisor improvements

Improvements

We updated the scoring logic in several Security Advisor categories to provide more accurate and reliable assessments.

Features and Improvements

  • Updated the Firewall Management and DNS Filtering Security Advisor scores to exclude servers.
  • Expanded DNS Filtering score to cover the following security categories: New, Newly Seen, Parked & For Sale Domains.

Issues Fixed

  • No fixes this release.
Ignored Vulnerabilities.png

August 14, 2025

Ignore Vulnerabilities

New Feature

We’ve added two powerful features to help Admins manage vulnerabilities more efficiently: Ignore Vulnerabilities and Resolved Vulnerabilities. These updates give you greater control, reduce noise, and provide clearer insight into remediation progress.

BPP SAM.png

New Feature

Browser Phishing Protection Security Advisor Score Factor

Security Advisor now includes a score factor for Browser Phishing Protection. This new score factor evaluates and assigns a score based on the effectiveness of your Browser Phishing Protection Policy settings and provides recommendations to improve the score.

Features and Improvements

  • Ignore Vulnerabilities: Admins can now dismiss vulnerabilities that are non-applicable, low risk, or already mitigated, without losing the ability to track them later on the Ignored Vulnerabilities tab.
    • Targeted prioritization: Exclude specific vulnerabilities from active views and reports.
    • Bulk actions: Ignore multiple vulnerabilities at once to speed up workflows.
    • Audit-ready logging: All ignored vulnerabilities remain visible and fully logged for traceability.
  • Resolved Vulnerabilities: A new Resolved Vulnerabilities tab in the console shows a real-time list of remediated vulnerabilities, keeping your historical view complete.
    • Visibility: Track resolved vulnerabilities inside Nebula.
    • Real-time updates: See remediation progress as it happens.
    • Audit support: Access resolved item history for compliance and reporting.
    • Best practice alignment: Maintain full lifecycle records of vulnerabilities.

Issues Fixed

  • NDEV-19533: Resolved an issue with Email Security where an email domain could not be re-added when it was previously deleted.
release-1-080725.png

August 7, 2025

Application Block: Block by Category

Improvement

Admins can now block entire categories of applications, such as VPN Clients, Messaging Tools, or Remote Access Apps, with just a few clicks. This new feature makes it easier to apply broad, consistent security policies without needing to manually maintain long lists of individual applications or vendors.

Features and Improvements

  • No additional features this release.

Issues Fixed

  • NDEV-19110: Resolved an issue where selecting a vulnerability from the Security Advisor did not filter the Vulnerabilities page by that specific vulnerability.
  • NDEV-1962: Resolved an issue where the Security Advisor incorrectly showed that a module already owned was available for purchase.