Made by security engineers for security engineers, CyberSana is an open book.

Browse our product release notes for a detailed history of the development of our software that is changing the game in cybersecurity.

CURRENT GA (customer upgrades included in support)


  • Search enhancements
    •  Resolve uppercase hostname search capability
    • Added accounts as a metadata search field
  • Increase nanoprobe robot allotment from 1 to 20 audit checks at a time
  • Add backup partition usage pie chart
  • Resolved page display issue with latest boolean flag
  • Increased default password algorithm character length from 12 to 14
  • SSH button
    • Upgrade the SSH terminal emulator
    • Increased the terminal width length
  • Add Unable to identify and unable to connect devices to the Passwords and Devices tiles
  • All columns are now sortable in all screens
  • One-click copy to clipboard added to the Static Storage area
  • Rename Secure Storage to Static Storage



  •  Add advanced Check Point information to inventory report
  • Automatically expand the accordions when we search
  • Add new arbitrary device groups to the default admin view automatically
  • Allowed for weighted scores
    • Per rolled up facet
    • Passwords
    • Audits
    • Backups
    • Per device
    • HA devices have the same weight
  • Support for explicit Cisco enable and Check Point expert accounts
  • Introduction of a help section
  • Resolved bug with deleting devices we were unable to identify
  • Enhanced device error code status
  • Attach multiple quick display at a per device level
    • Status (Green or Red)
    • Passwords score
    • Audits score
    • Backups score
    • Device level score
  • Enabled selinux with install


  •  Notify user if PKI SSL certificate is not present
    • Removed SSH button from view
  • Updated weekly SOTU email to Monday mornings
  • Resolved issue with license updates
  • Added error message when a group, resource or item name already exists in Secure Storage area
  • Hid two-factor delivery methods when two-factor authentication was disabled for user
  • Separated Device from Passwords and moved to top menu navigation
  • Devices now display advanced info on top of basic
    • IPS
    • IPS profile
    • SNMP enabled
    • VPN enabled
    • Uptime
    • Serial number
    • # of CPUs
    • Memory
    • Comment
  • Updated verbiage in progressive reveal form from ‘Complete Audit’ to ‘Full Audit’ for clarity
  • Separated SMS and email two-factor nonce routines for availability
  • Resolved incorrect hyperlink IDs in the audit check history report
  • Fixed handlers down the stack for backup files
  • Display files in the repository more eloquently to the user
  • Fixed the ability to restore a deleted user
  • User authentication
    • Force entropy into zxcvbn
    • Allow for a trusted computer
    • Only trust one computer
    • Re-establish trust every 90 days
  • Switch password font to Consolas
  • Removed input validation constraint from mass static password update field
    • Added compatability disclaimer
  • Updated search API to include Check Point MDS Domains
  • Introduced device lock – one nanoprobe bot per device
  • Check Point device information gathering enhancements
    • Accounted for multiple highly available management servers
    • Accounted for multiple highly available log servers
    • Resolved Check Point product number to display number mapping issue
    • Gather IPS profile name
    • Pull policy name
    • Record policy install date and time
  • Update Check Point serial number command
    • Previous: dmidecode|grep “Serial Number”
    • New: dmidecode|grep “Serial Number” |grep -Ev “Serial Number: Not Specified|Serial Number: None”
  • Enhanced auto-device identification for ScreenOS
    • ScreenOS uses the get vrouter command



 Introduction of Secure Storage
– Store static accounts (vendor and internal websites, certificate passphrases, API keys)
Check Point Management Domain Server support
– Auto device identification
– Auto account identification
– Auto domain identification
– Display all domains in WebUI
Change SMTP username and password fields from required to optional
Add + symbol on dashboard overall score tile for user navigation to group scores
Navigational enhancements for Backups tile
Resolved inability to change operand in audit item
Enhanced email validation to accept vanity TLDs‍



SOTU – Weekly state of the union summary emails
Dual random administrator password export
Notification Center
Accounts removed outside of software
Relaxed input validation for audit checks – Added additional identifier for uniquely defined audit checks
Resolved permissions bug for auto-identification of Cisco firewalls
Ensured default tomcat configuration was overwritten for performance
Added input validation for filetype when uploading logo
Updated file permissions accordingly with setuid
Shored up confirmation dialog box across tiles for device deletion
Adjusted process flow for non-recurring scheduled items to exclude end date step
Expanded column width for backup date
Added manually refresh to dashboard score
Updated to new date picker for identical user experience
– Increased SSH wait seconds when sending enable password‍



SSH button enhancements
Resolved device editing restraint with and without comments present
Download all approved audit checks from the cloud upon installation
Added new administrator process step to initial setup wizard
Incorrect backup score calculation when device has not been backed up in a sub-group
Fixed issue when adding a new device to multiple groups, it loses access to the ‘All Devices’ group
Update typo in audit logging
UX changes to Global Operations
– Audit breadcumbs adjustment
– File repository delete button progressive reveal enhancement
– Added schedule job history with the ability to edit a previously ran job
– Broke out ‘Mass Update’ into ‘Transfer Files’ and ‘User Input’
Check Point
– CPMI root user discovery enhancement
– Highly available cluster information updates
– Resolved extraneous postfix “user” in automatic account discover for SPLAT
– allow for account management from superuser account
– Change from commit and-quit to commit when saving changes
Introduction of device operation statuses for nanoprobe bot
Performing Backups
– Check Point Gaia
– Check Point SecurePlatform (SPLAT)
– Check Point IPSO
– Cisco ASA
– Juniper ScreenOS
– Juniper JunOS
Device information gathering enhancements
– Juniper JunOS uptime display formatted
– Juniper ScreenOS memory and CPU
– Check Point Gaia memory and CPU
– Check Point SPLAT memory and CPU
– Check Point IPSO memory and CPU
– Cisco ASA memory and CPU



Added hourly device availability health check
Resolved password history account state issue
Device information refresh set to 7 days from original discovery date
Account information refresh set to 1 day from original discovery date
Hash out old passwords in the log files when updating
Reduce two-factor SMS nonce timeout from 120 minutes to 10 minutes
Add cool verbiage for two-factor SMS
Encrypt all session cookies
Encrypt all sessions
Invalidate sessions if user closes browser
Increase dashboard load times to under a second
Force user password rotation every 90 days
Add mitigate links to individual audit checks
Move multiple dashboard items to make more sense
Added SMTP setup process step to initial setup wizard
Re-engineered all progressive reveal forms
Audit check qualifiers
– High availability
– Check Point management
– IPS enabled
– Running VPNs
– SNMP enabled
– Auto-cascade software version
– Auto-cascade hardware version
Device information gathering enhancements
– Juniper JunOS IPS, SNMP, and VPN status
– Juniper ScreenOS SNMP, and VPN status
– Check Point Gaia IPS, SNMP, and VPN status
– Check Point SPLAT IPS, SNMP, and VPN status
– Check Point IPSO IPS, SNMP, and VPN status
– Cisco ASA IPS, SNMP, and VPN status
– Resolve HA account display issue
Check Point
– Updated onboarding order of operation to Device ID => Gaia => Management Server => Account Discovery for CPMI root user
– Gaia change shell to expert and log back in to continue discovery
– Split Gaia into All, R77 and above and R76 and below qualifiers
RedHat Linux support
– Auto device discovery
– Auto account disovery
– Add/update/remove accounts
– sudo “root” access
CentOS Linux support
– Auto device discovery
– Auto account disovery
– Add/update/remove accounts
– sudo “root” access‍



Ability to mass update accounts to a static password
Added user command input feature
Added file transfer via SCP feature
Resolved auto-complete/search function rendering issue
Resolved memory leak bug for crypto functions
Resolved stalled password updates for accounts with previous null passwords
Insert status categories for display in audit homepage
Move from open/close carets to +/- for accordions
Resolved user attribution issue when submitting audit requests
– Add audit check history report
– Fix technology shank in ‘Access Audit’ and ‘Mass Update’ reports
Baseline Security Audit Feature
– Update command output in audit to text area to capture multi-line output
– Introduce ‘Mitigate’, ‘Ignore’ and ‘Recheck’ buttons for individual audit items
– Created default audit checks
– NTP, DNS, Management IPs, Timezone, domain name and login banner
– Check Point
– SecurePlatform (SPLAT) wasn’t auto-identified with crypto library updates



Change spinning logo from gif to css
Lock down web server to only permitted IPs controlled by user‍



License restriction
Introduce SSH button feature
Add an alternative phone number for the user two-factor
Additional accordion level for drill-down navigation
Pop-up window account name identification
Check Point
– Added mapper to translate hardware shortcodes to model numbers
– Removed regex ‘/’ string from hardware model
– Moved to stricter commands for OS identification
– Massaged output for ScreenOS hostname, serial number, software vesion, hardware model and uptime‍


Initial MVP!

Auto-discover device types
Auto-discover administrator accounts
Add/update/delete administrator accounts
Resolve pen test results
– cron expression injection
– multiple sql injection
– XSS for elevation
– username enumeration
– Implement CSRF