DefensX now helps protect users from sponsored search ads that may lead to malvertising, impersonation, or malware delivery campaigns. Since paid search results often appear at the top of search pages, attackers may abuse sponsored placements to mimic trusted brands and redirect users to malicious or deceptive websites.

When a user clicks a sponsored result on Google Search or Bing Search, DefensX detects the ad-based navigation and blocks access before the page loads. A clear warning informs the user about the potential risk and encourages them to continue with organic search results instead.

This protection can be managed at the policy level under Adware Blocker / Malvertising Protection, with dedicated controls for Google Search and Bing Search. This allows organizations to apply sponsored search ad protection according to their security requirements and reduce user exposure to threats commonly delivered through paid search advertising.

Support access is now guided by the DefensX Customer Success Agent, powered by Nexi AI, our new in-product assistant built to help users reach the right information faster.

With this update, the previous Create Ticket button in the lower-right corner has been replaced by the Support button in the upper-right corner of the console. When users open the agent and enter a question, it provides AI-assisted guidance based on DefensX Knowledge Base articles and frequently asked questions.

If additional help is needed, users can continue from the same conversation by selecting Submit as a ticket. This keeps the support flow simple and efficient by combining quick self-service answers with a clear path to the DefensX Support team.

Audit logs now capture the remote IP address associated with each action, enriched with location data to provide greater visibility into where activity is originating.

When reviewing audit log entries, each record will display the resolved City and State alongside the remote IP, powered by GeoIP Database. This makes it easier to spot unusual or unexpected activity at a glance during security reviews and investigations.

Customers can now be created in a trial state via the API, automatically transitioning to a billable account once the trial period ends.

When using the POST /customers endpoint, setting "trial": true in the request body will create the customer in trial mode, enabling automated onboarding flows to be fully managed through the API from trial creation to active billing.

For environments using both SAML integration and the Teams feature, it is now possible to automatically assign admin users to DefensX Teams by mapping a SAML attribute.

This functionality is currently documented for Okta and Duo SAML integrations in the knowledge base: https://kb.defensx.com/docs/categories/62-Identity-Providers/topics/3ab53de4-fceb-4052-b273-7f02ac9d6794#_enabling_the_teams_mapping

When Teams Mapping is enabled, admin users’ team assignments are automatically updated on each login based on the teams defined in the configured SAML Identity Provider.

Category-based actions are now supported in both and

Previously available in Web Filtering, this capability is now extended to provide unified category-driven enforcement across additional inspection layers.

With this enhancement, administrators can:

• Define actions based on URL/Domain categories

• Improve policy precision and consistency

• Apply structured enforcement across credentials and files

This update enhances overall policy flexibility while keeping configuration straightforward.

Customer admins can restrict log access for all other stakeholders, including DefensX and MSP teams. Alternatively, they can limit access only for DefensX admins while still allowing MSP admins to view logs for troubleshooting purposes.

User group synchronization between your Identity Provider (IdP) and DefensX is now supported during SAML SSO login, for both new and existing users.

To enable this feature in the DefensX Backend, go to Settings → SAML SSO Integration and update the configuration:

Additionally, ensure that group claims are configured in your IdP so that user group information is included in the SAML SSO assertion.

DefensX now includes native Dynamic DNS (DDNS) provider capabilities, removing the need for third-party DDNS services.

Previously, you could assign dynamic hostnames from external DDNS providers as deployment IPs in the DefensX Backend. These hostnames were periodically resolved, and policy rules were automatically updated on DefensX Anycast servers.

With this update, you can now create and manage your own Dynamic DNS records directly within DefensX. All records are hosted under the subdomain, ensuring DNS-based policies stay aligned even when public IP addresses change.

For detailed setup instructions, see the Knowledge Base article on configuring DDNS in DefensX.

We've significantly improved the hostname search capabilities in log analysis, giving you more control and precision.

Examples of supported search behaviors:

This enhancement lets you easily switch between exact match, contains, and wildcard domain searches, making it faster and more intuitive to find what you’re looking for.