December 22, 2016
NAT Policy Management
Cisco Defense Orchestrator now supports reading, editing, searching, and creating NAT policies via an easy to use navigation wizard and advanced interface-based diagram, to show a full list of NAT policies (and their order) defined on an ASA device.
December 15, 2016
Obsolete Names (Objects) conversion
Your device's configuration contains legacy (obsolete) names ? Cisco Defense Orchestrator now enables, during objects issues resolution, to investigate across objects, object groups and now names to provide consistency across all objects used in policy and to assist with the conversion of names into object.
November 18, 2016
Fully Shadowed Rules Support
You can now filter and identify superfluous network policies that will never handle traffic intended, as all traffic is handled by a rule(s) up in rule set order. Upon making a change to network policies, CDO will alert in case rule edited or added is shadowed by a different rule.
November 8, 2016
On-Prem Secure Device Connector
Cisco Defense Orchestrator enables direct communication between CDO and supported devices and services. This communication is enabled by CDO Secure Device Connector (SDC) acting as proxy between remote location and CDO cloud services. This service is available now in two deployment models as follows:
On-Prem Secure Device Connector – On-prem Secure Device Connector is a pre-configured virtual appliance dedicated to the requested account.
Cloud Secure Device Connector – All cloud Secure Device Connectors are provisioned automatically and managed by Cisco Defense Orchestrator team.
September 29, 2016
Continuous capture of both application (layer7) and network (layer3) policy changes performed via Cisco Defense Orchestrator within a single view across on-boarded devices and services (ASA, FirePOWER, Umbrella - OpenDNS). New Change Log lists at-a-glance view of most recent changes, while further revisions can be sorted and filters by device, change status, user and more. New Change Log functionality enables organizations to:
- Before and after inline incremental view (diff) of a network and application policy change (new, edited, and deleted rule; on-boarded or deleted devices and services, and more)
- Detection of policy change conflicts (occurring outside of Cisco Defense Orchestrator) and overwriting to/from a device or service
- Be able to answer Who, What, and When during an incident investigation or troubleshooting
- Export to a common format or 3rd party monitoring systems
Note: Devices and services currently managed by Cisco Defense Orchestrator will initiate change log event collection only after first deploy or read. For more information, please navigate here.
Hit Rates. Cisco Defense Orchestrator now enable network operations users to evaluate policy rules outcome, on top of secure and scalable orchestration of policies, providing simple visualization for more accurate policy analysis and immediate actionable pivot to root cause, all in a single pane from the cloud. New Hit Rates functionality enable organizations to:
- Eliminate obsolete and never matched policy rules increasing security posture
- Optimize Firewall performance by instantly identifying bottlenecks as well as correct and efficient prioritization is enforced (most triggered policy rule prioritized higher)
- Maintain Hit Rates history information even upon device or policy rule reset for configured data retention (1 year)
- Strengthen validation on suspected shadow and unused rules based on actionable information. Removing doubt about update or delete of those
- Visualize policy rules usage in context to entire policy, leveraging pre-defined time intervals (day, week, month, year) and scale of actual hits (zero, >100, >100k, etc.), to evaluate impact on packets traversing the network
September 23, 2016
User interface redesign: Change to Light Theme
Redesign Cisco Defense Orchestrator user experience with a light brand new user experience theme making it more intuitive, self-explanatory, and Cisco style aligned. Try it out!
Multiple Objects Support
Cisco Defense Orchestrator object management now enables inline editing of object and object group value(s) as well as referencing multiple objects in a single access list parameter; automatically assigning to a user-defined object group (without the need for dm_inline_* object creation).
Approve or Reject Out-of-Band Policy Modifications
Enhanced policy orchestration enforcement by not only identifying a remote change performed or what the change was (on a device or service), but the ability to approve or reject identified out-of-band changes in real-time.
August 18, 2016
Delegated Admin Support
Delegated Admin Support. Cisco Defense Orchestrator enable managing more than a single account (tenant) per user for easier and faster pivot between assigned accounts, while maintaining account security and complete data separation between accounts (tenants).
Import & Export of Pre-Defined Templates
Enable Import Pre-defined Templates. Leverage pre-defined device configuration templates, either available in your organization or from a third-party, to enable the scalable orchestration of onboarding all devices and services in your organization.
Devices and Services Connection Status Management
Device Connection Status Evaluation. New "Reconnect" button added to enable continuous monitoring of devices and services availability state, and alert for any change or actions need to be taken automatically or on-demand (e.g. update device credentials, renew device certificate).
August 11, 2016
Enhanced Template Management
Manage Template Enhancements. When creating new or updating an existing device template configuration file, a Cisco Defense Orchestrator user can now easily search across a device configuration file and assign multiple values to new or existing parameters, for use across account’s devices. For further information on creating and managing template, navigate here.