Recommendations
Warning
CAUTION
In the event of a solution update from version 2.3.x to version 2.6.8, please refer first to the following warning.
Updating built-in security policies and agent pools
Before updating an existing environment to this new version of SES Evolution, you must:
- Read this section carefully,
- Read the section Explanations on usage carefully,
- Carefully read the Known problems section of the KnowledgebaseStormshield (English only - logins identical to those in your MyStormshield client area).
Built-in rule sets provided by Stormshield are automatically updated in the administration console when the solution is updated. However, this is not the case for built-in security policies. When necessary, you must manually update your policies in the console if any of the rule sets that they contain have a green arrow, as described in step 4 of the procedure below.
The following are the major steps involved in updating policies and the pool to this new version:
| 1 |
Updating SES Evolution via the Installation Center |
| 2 | Updating security policies to use the latest versions of rule sets |
| 3 | Creating a test agent group |
| 4 | Selecting pilot agents for the test group and monitoring their behavior for several days |
| 5 |
Updating all agents to version 2.6.8 |
We recommend that you follow the detailed procedure below for the update:
-
If there are unsaved changes in your administration consoles, save them and shut down the consoles.
-
Follow the procedure for updating SES Evolution solution components via the Installation Center, as outlined in the Installation Guide.
-
Once the update via the Installation Center is complete, open the consoles again to finalize the update. A message will warn you that the security policies are not using the latest version of the rule sets. Policies were not automatically updated in order to prevent compatibility issues with agents in versions lower than version 2.6.8.
-
Select a console. In the console's Security > Policies menu, a green arrow pointing upwards flags policies not using the latest version of certain rule sets.
Duplicate a policy containing a green arrow, such as the default policy, for example. -
Select the copy of the policy and click on Edit.
-
Rename the policy by adding the version number "2.6.8" for example.
-
Select the most recent rule set version available for all rule sets containing a green arrow.
-
Save the policy.
-
From the Environment > Agents menu, duplicate one of your production agent groups to test deployment in version 2.6.8 with the new updated policy.
-
In the Policies tab, select the policy created earlier.
-
Ensure that the software version selected in the Version section of the Settings tab is 2.6.8.
-
Save the new group.
-
You will now select one or several agents in your initial group, which will be used as pilot agents. From the Agents tab of the initial group, select the pilot agents and click Move agents to. Select the new test group.
-
From the Security > Deployment menu, click on Deploy to deploy the changes to your environment.
-
After the pilot agents have reconnected to the agent handler, the workstations must be restarted. After restarting, ensure that the agents have indeed switched to software version 2.6.8 and that they are using the new policy.
Test the behavior of the pilot agents for several days. Once you are sure that they are running properly, you can update all the agents in the pool. There are two ways to do so:
-
Select the new policy and software version 2.6.8 in your production agent groups. If you choose this option, remember to delete the test group.
- or -
-
Duplicate all your production groups and update them, then delete older groups if necessary.
If there is a need for agents to downgrade to an earlier version after updating to version 2.6.8, the version would no longer be compatible with the policies that contain version 2.6.8 features. We recommend that you then move the affected agents back to their original group.
Implementing security policies
With version 2.6.8, Stormshield provides version 2407a of the security configuration. This default configuration includes policies as well as protection rule sets and shared audit rule sets. You can use these rule sets in your own policies.
You can refer to the release notes regarding version 2407a of the security configuration by going to Downloads in your MyStormshield client area, then SES Evolution Security resources.
To build your policies, you can follow the recommendations mentioned in the release notes on the security configuration relating to the order of sets and the sets to use in your policies.
For more information, refer to the sections
Updating the operating system on workstations
Before updating the Microsoft operating system on workstations that host SES Evolution agents, ensure that you have the most recent Stormshield rule sets. If not, you need to download the latest rule sets