CyFIR has been on a rapid development pace since version 2.3, which many of our customers are currently running. From CyFIR 2.4 through 2.5.4, new features, functionality, and bug fixes have appeared that make version 2.5.4 the time to switch if you haven’t already.
Updated CyFIR Smart Agent Platforms
As operating systems evolve, so too must CyFIR Enterprise to stay on top of changes to the operating system, memory protection, file systems, and more. Since version 2.3, we have added CyFIR Smart Agent support for:
- CentOS 7.7, CentOS 8, CentOS 8.1
- Debian 9.10, Debian 10.1
- Mint Linux 19.2, Mint Linux 19.3
- MacOS 10.15 (Catalina)
Unfortunately, as operating systems age and are no longer supported by their manufacturers, CyFIR must occasionally also de-support those operating systems due to the unavailability of installation patches, security patches, and our ability to obtain engineering support from those corporations. The following operating systems were de-supported during this cycle:
- Ubuntu 14.04 (de-supported in version 2.5.4)
Please note that with the next major release of CyFIR (2.6 and later), we will be removing support for macOS 10.9 (Mavericks), macOS 10.10 (Yosemite), macOS 10.11 (El Capitan), and macOS 10.12 (Sierra) in order to concentrate on current, Apple-supported versions of macOS such as High Sierra, Mojave, and Catalina. At that time, if you have Apple computers on those operating system platforms, you may wish to delay upgrading CyFIR beyond 2.5.X until you are ready to bring your Apple computers to a more current operating system level. However, you may wish to upgrade those operating systems quickly, as Apple no longer provides updates or security patches for those older versions.
Please note that the upcoming macOS 11 “Big Sur” release in the Fall/Winter of 2020 will eliminate the use of macOS kernel extensions (KEXTs). Most security software vendors, CyFIR included, are redesigning macOS support to function without the use of KEXTs, and we will release support for macOS 11 in the future. Please do not upgrade a system to macOS 11 “Big Sur” without uninstalling the CyFIR Smart Agent first.
Linux-Based CyFIR Core and CyFIR API Enhancements
CyFIR’s core has moved to an entirely Linux-based server platform for lower total cost of ownership, ease of setup, and enhanced interoperability. In version 2.5.4, we have significantly expanded the CyFIR API to include endpoint searching, including the new regular expression search feature. For more information, please see the CyFIR REST API Reference Guide. CyFIR Server, CyFIR Proxy, and the CyFIR REST API Gateway all now run atop RHEL Server 7 or CentOS Server 7. CyFIR has moved from the Microsoft SQL Server database platform to the Linux PostgreSQL platform as well.
Because of the significant changes to CyFIR’s platform architecture, moving to version 2.5.4 will require you to uninstall your current agents, build the new version 2.5.4 platform, and then reinstall the updated agents to your 2.5.4 platform. In-line/cross-platform upgrading is not supported in this release. Please contact CyFIR Support at email@example.com if you require assistance or further information.
CyFIR now offers the following (among other enhancements):
- CyFIR Investigator is now 64 bit (2.4.1)
- Automatic snapshots can be saved for offline Smart Agents (2.4.1)
- CyFIR Investigator does not require Administrator privileges to run (2.4.1)
- Windows Agents can be installed, uninstalled, updated, and reloaded using the Command Prompt and Windows PowerShell (2.4.1)
- When acquiring files from an endpoint, the Investigator can now preserve the file path during acquisition and create a password-protected ZIP archive (great for securing malcode for further analysis!) (2.5)
- The System Runtime Explorer now provides information on sockets opened by a process (2.5)
- Searching by Hash Values and Regular Expressions has been added to Enterprise-wide search. Regular Expression searching can be applied to files and the Windows Registry, Enterprise-wide
- macOS Safari Browser Data Support (2.5.4)
- Microsoft Edge Browser Data Support (2.5.4)
- Updated and Improved Support for Internet Explorer, Google Chrome, and Mozilla Firefox Browsers (2.5.4)
- Multiple File Masks can be specified during an Enterprise search
- Search by File Paths
For more information, or to request support during your transition to the Linux-based server platform, please contact us at firstname.lastname@example.org.