As promised, our brief hiatus (to carry out some re-architecture in preparation for the summer rush is now complete. As outlined below, we're now starting to roll out functionality from the production line.
85% of our migration to SQL is now complete (yes, it's the year 2025🤦♂️), and we’re finally cooking with gas, as they say. We’re almost through the last of our technical debt, so things should be much smoother sailing from here.
This was actually a major release that had been stacked up behind the main agent release we rolled out in recent weeks. With over 76 items included, it was no small feat—huge thanks to the team!
Below are the items available to play with now, and what is coming out in the very near future. I’m off for a short camping trip and on my return, we will look to start releasing more and more items we have stacked up. We'll also be reworking the menu system slightly to better reflect the new functionality that's on the way.
Items available now for you to start playing with:
💣 Agent Self Destruct:
Agent Self Destruct can be accessed by navigating to the Cyber Heal page, selecting the devices you wish to remove the RoboShadow Agent from, and clicking the Self Destruct button.
The Agent Self Destruct commands can be monitored on the Cyber Heal commands tab. We’d love to hear your feedback.
📍Benchmarks & Config Data now populated:
Your Benchmarks and Config data should now be populated. We are just tidying up the GUI and we will put it into production, but you should all have data flowing correctly into Cyber Benchmarks. We have AutoFix for Benchmarks also done, which is currently in sea trials, so it won’t be long before we add this for you. Once we get this bedded in and everyone is happy with it, we will then add more benchmarks to get to a CIS Level 1 type level and the core counters needed for the main major Compliance Frameworks.
☢️ Nuke Old Profiles available to try:
This is now available on the Cyber Heal page within the device (click the right-hand arrow next to a device), select the User Profile tab and use the Delete Profile button next to the profile you wish to delete. Currently, this will just allow you to select a profile and effectively nuke it (and the user profile vulnerabilities). Once you’re all happy with this, we will add it to AutoFix and remove old profiles no longer used with vulnerabilities, so please give us as much feedback on this as possible.
👤Tenancies Refactor Complete:
We have fully refactored the database to bring the code in line with DDD best practices. This has allowed us to add a fair number of quality-of-life changes when setting up and managing a Tenancy, including little things like being able to permission users during the invite process, adding organisations directly into the Tenancy, and new users being greeted with their invite during sign-up (no more looking through menus to join). We are still waiting on the real-time updating of permissions when a Group is modified, but all of the backend work has been completed, and we are just waiting on the last few frontend changes to remove this issue.
🔄Active / Passive Scanning:
Active / Passive Scanning is now available on the External Scanner – OWASP scans.
o When OWASP Active Scan is selected, it actively sends crafted payloads to discover vulnerabilities. Simulates attacks: tries to exploit issues like SQL injection, XSS, CSRF, etc., and you can enable this on each Website Scan.
o When OWASP Active Scan is not selected, a Passive Scan will be run. Observes traffic without altering requests. Safe and non-intrusive.
📶 LAN Scanner Quick Scan:
LAN Scanner Quick Scan is now available here. This will quickly detect devices on the network. Does not scan for open ports, vulnerabilities, or CVEs.
🤖 Update to AI Pentest Models:
We have done an update to our AI Pentest Models which can be found here. As mentioned in our last email, this is ready to come out of beta now, so if you could give us some feedback on these new models that would be great.
📈Agent Consistency Check:
We've built an Agent Consistency Check into the new agent (which is now nicely bedded in), so all data uploads to us should now be smoother and more reliable. If you notice any data inconsistencies at all, please let us know.
🎟️Kaseya BMS Added to PSA Integrations:
Kaseya BMS is now available in the PSA list. This will be available from the PSA Integrations page. Please let us know how you get on with it; as usual, there is a bedding-in period with the PSA integrations.
⏰Time Series Data:
We’ve just gone live with the first use of our new time series data engine. The previously inconsistent CVE graph on the home dashboard and vulnerability page has now been replaced with data powered by this new engine.
o This is a 'map-reduce'-style technology, which is new to us as a team, so we’re still bedding it in. Soon, we’ll be rolling out time series data access across the entire platform. We’ll also be introducing an 'Overall Score' within the time series data to give you a clearer view of your security posture.
👁️🗨️ Dark Web Scanner Beta:
The beta of the Dark Web Scanner is up and running. This is just using “Have I Been Pwned” type data as a test and will just report on your logged-in account. However, once people have had a play with that, we will then enable users to run the scan over all your 365 email addresses. If you have ideas or data sources for further dark web scanning, please feel free to send them over and we will take a look.
💻 SSL Integration into External Scanner:
We have now started to add this onto the External Scanner “New Scan” GUI. This will just start a separate SSL scan when you kick off an External Website Scan; however, we will look to integrate this into the rest of the external scanner over the next couple of releases.
Current Items In "Sea Trials" (Very close!):
• Windows Update into AutoFix
• Cyber Reporting to Backend
• Intune Risky Sign-in Dashboard
• Payments V2 (long-awaited payments refactor to iron out current payment issues)
• Authenticated External Scan
What We Are Still Working On (Available in 3–6 Weeks):
• Automated Attack Surface Scanner into RoboGuard
• Windows Apps / User Apps into Core Reporting
• New Mac Agent and data integrated into platform
• Cyber Essentials Report (start of compliance export roll-out)
• End of Life Software
• New Mac Agent (very exciting, as 8 weeks after that, the Linux agent will be done)
• Magic Fix Buttons – complete magic fix to cover 3rd Party Apps / Windows Updates / Benchmarks / Windows Firewalls etc.
• Ninja PSA Service Desk Integration
As always, please feel free to get in contact with myself or the team if you have any questions: terry@roboshadow.com
I’m lucky to have worked in technology all over the world for large multi-national organisations, in recent years I have built technology brands and developed products to help make technology that bit easier for people to grasp and manage. By day I run tech businesses, by night (as soon as the kids have gone to bed) I write code and I love building Cyber Security technology.
