Agent Policy now supports Patch Management as a new Action to be deployed to selected endpoint devices. Through Agent Policy you can also associate a Patch Management configuration to be installed to the devices within the Agent Policy Group.

Ivanti Neurons for Patch Management provides zero trust security capabilities and brings a continuous vulnerability management experience to help organizations manage vulnerabilities from detection through to remediation.

Learn more about Agent Policy and Patch Management.

Associating a Patch Management configuration to an Agent Policy Group can also be performed directly from within Ivanti Neurons > Patch Management > Patch Settings, so that configuring and deploying patch management can all be performed using a single user workflow. This is achieved via the Associations tab within the Patch Management settings.

Learn more about Patch Settings.

A specific Deployment Representative can now be assigned as the Elected Scanner, to perform discovery scans on each configured IP Range. This ensures discovery will find all subnet devices for organizations that have separate sites or segregated networks. Furthermore, subnet configured scanners will ensure active scans return the MAC address, and NetBIOS name, of the discovered devices, without the need for additional remote inventory or SNMP Scans.

Performing a remote inventory, or SNMP scan, alongside the active scan will return MAC address and NetBIOS information.

Learn more about Discovery Scans.

Connect to Ivanti Cherwell Service Management to import devices from Cherwell Service Managements CMDB and further increase visibility of your entire hardware estate.

For the table view of a query, you can now change the number of results shown per page.

Internet latency is now introduced as a new standalone sensor that queries the internet latency across all you devices.

The event log details query can be accessed via the Count column that is present on the Event Log Summery query. The UI when configuring parameter on the event log details has been improved so that all records are available in the Windows Event Viewer.

Improvements to the Server State stage; you can now identify devices where the service is not found by using the Category column. In order to take advantage of this in existing Neurons workflows that are using this stage, you need to delete and re-add the stage from the Neurons workflow.

New supersedence logic has been introduced so that when breaking updates are made to stages, we will honor the previous version of the stage in the existing workflows, but the ability to save the Neuron workflow will be blocked until the existing stage is deleted and re-added from the library.

Ivanti Endpoint Manager is no longer a pre-requisite for this smart advisor. The Ivanti Neurons agent will now also populate the Device Stability Smart Advisor.

Machine Learning Lab is the new centralized location to train and deploy machine learning models. Take advantage of the advancement in Machine Learning without the data science expertise. We have selected and implemented the machine learning algorithm, you simply provide the data to train the models.

The first model available in this release is Ticket Classification. Once a model is trained and deployed, Ivanti Neurons for ITSM can automatically categorize your incidents.

Key features:

• Create and train new models by uploading training data and optional stop words.
• Evaluate model accuracy.
• Deploy trained models.
• View a list of models you have trained or deployed.

Learn more about Machine Learning Lab

Ivanti Neurons for Patch Management is a cloud patching solution. It combines the asset information and device risk insights of Ivanti Neurons with risk-based prioritization and comprehensive patch management capabilities to drive an adaptive security strategy. The cloud patching solution is available for your Windows-based machines and includes the ability to patch products from both Microsoft and third-party vendors. The key patch management features include:

• The ability to assess the risk posture of the devices in your environment using the Endpoint Vulnerability component.
• The ability to gather and aggregate data in order to manage, prioritize, and streamline your patching environment using the Patch Intelligence component.
• The ability to drill into your recent deployment operations to identify trends, zero in on exceptions and quickly troubleshoot any issues using the Deployment History component.
• A multi-function Ivanti Neurons agent that safeguards your devices. Upon installation, the agent will perform a patch scan of each device and report the results to the Ivanti Neurons Platform, providing immediate visibility into the risk posture of each device.
• The ability to create one or more custom patch configurations that define how patches will be deployed by your agent machines.

If you are a new customer, you can immediately begin using the cloud workflow. If you are an existing customer using an Ivanti on-premise patching solution, you can begin your journey to the cloud using a hybrid approach. You simply configure a connector that will import your on-premise data into the Ivanti Neurons Platform. This enables you to view, monitor and manage both your cloud and on-premise machines from a single web interface. You can transition the management of your devices from the on-premise patch management console to the cloud at your own speed.

Patch Intelligence has moved from Ivanti Neurons Platform > Software menu, to the new Patch Management menu.

Available menu options are license dependent. Customers that have purchased Patch Intelligence will only see Patch Management > Patch Intelligence. Customers that have purchased Patch Management will see Patch Management > Endpoint Vulnerability, Patch Intelligence, Deployment History and Patch Settings.

New Management column in the Patch Detail > Unpatched Devices tab provides the name of the agent managing the device, which will either be; a supported Connector, or Ivanti Neurons. If a device is managed by multiple Connectors, it will display the most recent patch status. Having multiple Connectors reporting on a device can provide conflicting information due to differing schedules, deployment results, and assessment results. We recommend managing endpoint devices with a single Connector and are indicating in the UI that multiple connectors are reporting for a device.

Learn more about Patch Details.

Scopes define the devices and users Ivanti Neurons members can see and manage. Once an Ivanti Neurons Administrator assigns a scope to a member, that member will only see the devices and users the scope allows.

Use scopes to define which devices and people members can see and manage. Administrators can create a scope containing a static list of devices or they can create a scope that works dynamically based on filters.

Learn more about Access Control.

App Registrations is a new authentication mechanism to allow selected Ivanti applications to securely connect to Ivanti Neurons in order to interact with specific APIs. The initial supported integration is Ivanti-hosted Cherwell Service Management.

Learn more about App Registrations.

When adding an Azure SSO client secret, you can now specify a Client Secret Expiry Date. Reminders will be sent via email and UI banner ahead of the secret expiring, to prompt administrators to take action and review before the secret expires and interrupts service. A banner will be shown and email sent to users with the admin role, 28 days before the expiry. Further emails will be sent 7 days prior, and a day before expiry.

Learn more about how to Update Client Secret.

The agent client is a multi-function program that safeguards an endpoint device. It tracks the status of the machine and performs actions that are configured by the program administrator. It can perform periodic scans to detect all missing patches and product levels, and it can deploy any missing patches and product levels in order to close security holes in the software.

Learn more about Agent Client.

Improvements to the import templates, which make importing contract and transaction records simpler and more robust.

Performance improvements, faster connection remote control connection times to a device.

UI design enhancements.

Target specific areas of an organizational network in which to find devices, using just a single agent, across different subnets. This helps in the situation where an IT administrator does not want to install a Deployment Representative on every subnet, or, if there are subnets without any Windows devices, where it is not physically possible to install the Deployment Representative.

Network Targeting enables IT Admins to manually create IP address ranges or import an existing list of known ranges from a file, to minimize administrative overhead. Active, Remote Inventory and SNMP scans can be started, stopped, or automatically scheduled, for each individual network segment. Active scans now utilize ICMP to enable device discovery across subnets, all from a single Deployment Representative, to alleviate load on the network and reduce ongoing maintenance.

To learn more, see Discovery Scans.

Previously, multiple Policy Groups were processed sequentially, which could result in impeded deployments of agent and capabilities to endpoints if the processing of an earlier Policy Group became stalled. In addition, devices not showing a state of ‘complete’ could not be removed from those Policy Groups, causing further obstruction.

With Concurrent Deployment, Policy Groups are now processed simultaneously to ensure rapid and accurate deployment of agent and capabilities to endpoints. Devices can also now be removed from Policy Groups irrespective of their state.

Settings for both active and passive discovery have been updated to give a much cleaner experience and delineate between the two different types of discovery methods. Previously, the use of pop-out panels for Discovery Settings restricted space. In addition, the user workflow could be interrupted if the user needed to add credentials as part of the configuration.

The UI has been re-worked to include full-screen configuration, future proofing the solution for additional discovery options. In addition, in-line creation of Credentials is now possible, allowing the user workflow to remain uninterrupted.

To learn more, see Discovery Settings.

Connect to Google Chrome Enterprise to increase visibility of your Google Chrome OS environment and provide a centralized management console to make your frontline analysts even more efficient.

The Google Chrome OS connector can both import all your Google Chrome OS devices into Neurons for complete visibility with your other IT devices and enables analysts to manage these Google Chrome OS devices without having to log into Google Chrome Enterprise. Actions like rebooting, moving the machine to another OU, or wiping the device, are all supported.

Connect to Qualys to increase visibility into device vulnerabilities across your environment and start the process of vulnerability lifecycle management to ensure your environment is fully secure.

Qualys provides in-depth device vulnerability results that help illuminate gaps in your security attack vector. Once these vulnerabilities have been uncovered, you can leverage Ivanti Security Controls or Ivanti Endpoint Security for Endpoint Manager to address those vulnerabilities.

Connect to Ivanti Endpoint Security to increase visibility into installed and missing patches per device. Leverage the insights of Ivanti Neurons for Patch Intelligence to prioritize vulnerabilities based on active risk exposure, reliability and compliance to achieve faster SLAs and improve operational efficiencies.

You can now create an alert on application errors. This alert allows you to automatically monitor application crashes that occur on client devices.

A new sensor has been introduced that allows you to view Edge browser extensions that are installed on your client devices.

A new sensor has been introduced that allows you to view Firefox browser extensions that are installed on your client devices.

We have expanded our self-heal toolbox of actions with new delete file and folder stages to allow straightforward removal of content from Mac or Windows endpoints.

We have enhanced the Filter result stage to allow the filtering of both passed-through properties of Edge Intelligence backed queries, as well as custom queries via a new ‘custom property’ entry in the properties list.

We have enhanced our Teams Beta stage to allow messages to be sent to a preset recipient, or to be sent to the initiator of a custom action from the device view.

Machine Learning Lab is the new centralized location to train and deploy machine learning models. Take advantage of the advancement in Machine Learning without the data science expertise. We have selected, implemented the machine learning algorithm, you simply provide the data to train the model.

The first model available in this release is Ticket Classification. Once a model is trained and deployed, Ivanti Neurons for ITSM can automatically categorize your incidents.

Machine Learning Lab features:

• Create and train new models by uploading training data and optional stop words
• Evaluate model accuracy
• Deploy trained model
• View a list of models you have trained or deployed

Addition of macOS patches in the All Patches and My Environment tabs of Ivanti Neurons for Patch Intelligence. In addition to adding the macOS patches, the user interface was updated to reflect support for multiple platforms. These updates include the addition of a Platform column to the All Patches and My Environment grids that can be used to filter by Windows and macOS. To learn more, see Patch Summary.

You can now use the macOS insights in Ivanti Neurons for Patch Intelligence to protect your organization from security threats, and evolving risks, by reducing time to patch and prioritizing the most critical patches for deployment.

Enhancement to the workflow for renewing expired client secrets when using Microsoft Azure SSO. It is now possible to reset the client secret without needing to re-apply the whole configuration. To learn more, see Update Client Secret.

As part of our continuous endeavor to maximize security of Ivanti Neurons we have enhanced our anti-automation attack controls. This is subject to a phased roll-out and may result in users needing to perform Captcha based anti-bot verification upon Ivanti Neurons login.

Typically, most of your contract data will be imported into Ivanti Neurons for Spend Intelligence from spreadsheets. However, from this release, you can also create, update, and delete contracts manually from the Contracts dashboard in the License Manager component. To learn more, see Contracts.

The existing feature that enables you to create, update, and delete transactions manually has also been enhanced by providing a list of matching vendors to choose from when you start typing in the Vendors field. This helps you to enter consistent vendor names that match vendors in the Ivanti SKU Library.

Scopes define the devices and users Ivanti Neurons members can see and manage. Once an Ivanti Neurons administrator assigns a scope to a member, that member will only see the devices and users the scope allows.