The following enhancements were made in previous releases of BMC Helix Cloud Security.
September 2020: 15 September, 2020
This release of BMC Helix Cloud Security includes the following features and enhancements:
BMC Helix is a portfolio of SaaS offerings delivering service and operations management that is fast, accurate and cost-effective, across multi-cloud, multi-device, and multi-channel environments. BMC Helix services are delivered from your cloud location of choice and receive the benefits of BMC's world-class SaaS Operations team and processes. For more information,BMC Helix Portal. BMC Helix Cloud Security is available as a service on BMC Helix Portal.
New policy for the Microsoft Azure connectors
A new BMC Azure Benchmark - Virtual Machines policy is now available for Microsoft Azure connector. It contains the following rules:
- Ensure Boot Diagnostics is enabled
- Ensure Guest OS monitoring is enabled
If you are configuring the connector for the first time, select the policy while onboarding the connector. If you have an Azure connector running already, you can assign the connector to this policy. Go to the Policy Details > Execution Schedule tab to assign a connector to the policy. For details, see Managing-policies.
This policy is available for both Microsoft Azure cloud and on-premises connectors. Remediation actions are available for violations associated with these policies.
A new CIS Microsoft Azure Foundations Benchmark policy v1.1.0
The earlier CIS Microsoft Azure Foundations Benchmark policy is deprecated, and a new CIS Microsoft Azure Foundations Benchmark v1.1.0 policy is available in this release. This policy is available for both Microsoft Azure cloud and on-premises connectors. To use the new policy, onboard the connector again and select the policy. The "9.8 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored)" rule always compares an existing python version with latest python version.
The following rules are indeterminate in this policy:
- 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests
- 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied
Due to limitations in the Microsoft Azure APIs, you need to run these rules manually.
For details, see Azure-Cloud-Connector and Azure-On-Premise-Connector.
Auto-installation of RSCD Agent and Smart Agent using the Microsoft Azure connecto
In this release, you can download and install the Remote System Call Daemon (RSCD) and Smart Agent for Microsoft Azure using the Azure cloud and on-premises connectors.
For more information, see RSCD-Agent-and-Smart-Agent-Installation-for-Azure-connectors.
Updates to the RSCD and Smart Agent installer for the AWS connectors
In this release, the following new parameters are added to the RSCD and Smart Agent installer for the AWS connectors:
- Enroll Interval Minutes
- Enroll As
- Tunnel Enable
These parameters are available when you install the RSCD and Smart Agent using AWS cloud or on-premises connectors. For more information, see RSCD-Agent-and-Smart-Agent-Installation-Help.
The BMC EC2 RSCD Discovery policy is renamed to BMC EC2 RSCD Discovery 1.1.0. To use the new policy, onboard the connector again and select the policy. For details, see Managing-policies.
February 2020: Release 2020/02/21 00:00
This release of BMC Helix Cloud Security includes the following features and enhancements:
| |
|---|
| BMC Discovery(On-Prem) With this release , BMC Helix Cloud Security support integration with Cloud Security and Cloud Cost with BMC Discovery(On-Prem Collector)(hosted on AWS or on on-prem). BMC Helix Cloud Security has launched an Discovery On Premise connector. This will allow users to see the security posture of the business service. User should be able to report, notify, set exceptions on business service. |
Event Driven Compliance(AWS) | - Support for more AWS resources
With this release, BMC Helix Cloud Security Support more AWS resources like IAM Password Policy, IAM Policy, Elastic Block Store (EBS),Elastic Search (ES),Relational Database Service (RDS), CloudTrail, Key Management Service (KMS),Virtual Private Cloud (VPC),Elastic Compute Cloud (EC2),Elastic Load Balancer (ELB). BMC Helix Cloud Security scan for newly discovered resource or changes made to existing resource. Any changes to a resource should trigger a scan specific for that resource and flag if it is non-compliant. - API to trigger Compliance scan for specific resource(AWS)
With this release, BMC Helix Cloud Security Support API to trigger compliance scan for specific resource(AWS). As a CloudOps engineer, whenever a new configuration for a specific resource is pushed or a new resource is created in a cloud environment through a DevOps pipeline, then CloudOps engineer able to call an API from a DevOps pipeline to scan the same specific resources for any misconfiguration. |
Compliance On Google Cloud | - For GCP Connector Single Policy Support For CIS
With this release, BMC Helix Cloud Security Support For GCP Connector Single Policy Support For CIS. BMC Helix Cloud Security supports single benchmark for CIS GCP benchmarks instead of service specific benchmarks. With this release, BMC Helix Cloud Security Support for GKE(Google Kubernetes Engine). Create/Update GCP policies and remedial actions in BMC Helix Cloud Security as per the final benchmark released by CIS for GKE. |
Release updates in 2019
November updates
Following features are available in this release of Cloud Security:
| |
|---|
Managing Remedy Single Sign On | Remedy Single Sign-On (Remedy SSO) is an authentication system for a multi software environment that enables users to present credentials for authentication only once. After Remedy SSO authenticates the users, they can gain access to any other application with automatic authentication without providing the credentials again. |
October updates
Following features are available in this release of Cloud Security:
| |
|---|
Cloud Security integration with BMC Discovery | - With this release , TSCS support integration with BMC Discovery . This will allow users to see the security posture of the business service. User should be able to report, notify, set exceptions on business service.
|
June updates
Following features are available in this release of Cloud Security:
| |
|---|
Event Driven Compliance for BMC Helix Cloud Security | - With this release, TSCS Support Event-Driven Compliance for AWS Cloud Connector. This feature will enable TSCS to scan for a newly discovered resource or changes made to an existing resource for S3 and Security Group. With this capability, It will be ensured that any new resources deployed or existing resources modified in the cloud are compliant to the security configuration as per the latest CIS standards.
|
May updates
Following features are available in this release of Cloud Security:
| |
|---|
White Label Support for BMC Helix Cloud Operations | |
Following features are available in this release of Cloud Security:
| |
|---|
| - As part of this change, user will be able to onboard the Kubernetes connector. For more details, please refer this page.
|
| - As part of this change, user will be able to onboard the OpenShift connector. For more details, please refer this page.
|
April updates
Following features are available in this release of Cloud Security:
| |
|---|
Azure Cloud Connector Support for Remediation | - As part of this change, user will be able to remediate the non-compliant resources with Azure Cloud Connector. For more details, please refer this page.
|
Single Policy Support for Docker | - As part of this change, we have single policies for CIS Docker benchmarks instead of separate policies for each resource type.
|
Following features are available in this release of Cloud Security:What's new
| |
|---|
Azure Cloud Connector Support for Compliance | - As part of this change, user will be able to scan the non-compliant resources with Azure Cloud connector. For more details, please refer this page.
|
March updates
Following features are available in this release of Cloud Security:
| |
|---|
| - As part of this change, User will be able to download RSCD Agent directly from the BMC Helix Cloud Security UI.
|
Following features are available in this release of Cloud Security:
| |
|---|
| - As part of this change, we have single policies for CIS AWS benchmark instead of separate polciies for each resource type.
- As part of this change, all the below resource types are merged into Single resource type viz. “Account: Global Configurations"
Same can be seen on Dashboard page, Resources page, Violations page & Remediations page: - IAM: IAM Password Policy
- IAM: IAM Roles
- IAM: IAM Support Policy
- AWSConfig:Management Tools – AWS Config
|
| All the new connector (except server connector) download now support Open JDK 11.0.2 and will also reflect in the connector prerequisites. |
Following features are available in this release of Cloud Security:
| |
|---|
| BMC Helix Cloud Security now supports public access BLOCK policies across all buckets that AWS has recently released. |
February updates
Following features are available in this release of Cloud Security:
| |
|---|
| BMC Helix Cloud Security now support releases in GDPR Articles 30, Articles 32, Articles 24 & 25. This includes 14 New GDPR AWS policies. |
| BMC Helix Cloud Security now support PCI DSS v3.2.1.Which includes 14 AWS Policies. User can download benchmarks from https://www.pcisecuritystandards.org/, Which includes 14 New PCI AWS Policies. |
Following features are available in this release of Cloud Security:
| |
|---|
| With this release, a Cloud Ops engineer will be able to see more information on a violation and remedial action that will be taken when remediation is triggered for that violation. |
January updates
Following features are available in this release of Cloud Security:
| |
|---|
| With this release, the Resources representation in BMC Helix Cloud Security and BMC Helix Cloud Cost would be similar. We also show Accounts Column and Accounts Filter in Dashboard, Resources, Violation and Remediation Pages. |
Release updates in 2018
December updates
Following features are available in this release of Cloud Security:
| |
|---|
| BMC Helix Cloud Security now supports integration with Remedy so that user can create change ticket for every remediation that takes place either automatically or manually. For more details, please refer to: Creating Change |
Following features are available in this release of Cloud Security:
| |
|---|
Content update for AWS CIS 1.2 | BMC Helix Cloud Security is Now AWS CIS Compliance content 1.2 Compliant. User needs to use latest permission JSON to get all Rules working as expected. For more details refer to : Minimum-Permissions-for-AWS-Connector |
October updates
| |
|---|
| This version of BMC Helix Cloud Security has enabled a new feature to create and manage 'Incidents' on violations to alert users when policies are not adhered to. For more details, please refer to: Creating Incident |
| BMC Helix Cloud Security has launched an Orchestration connector to facilitate incident creation. For more details, please refer to: Orchestration-Connector |
| |
For a list of all open issues, see Known-and-corrected-issues.
| |
|---|
| TSCS UI filters were not applied correctly in violations section. |
| Approval page showed inconsistent behavior. |
| CP Cloud connector lambda logs showed some errors after successful run. |
| Incorrect remediation Status was displayed on Remediation Page in TSCS UI. |
| Disabled option was removed from all configuration tab filters on Remediation History page in TSCS UI. |
| Scanned non-compliant resources triggered remediation and showed status under Violations L3 page but the remediation status was not displayed in Resources L3 page. |
| Schema credentials were not encrypted. |