Sections: Secure Access 12.50 Insights for Network 3.50 Secure Access Cloud and MSP Maintenance Releases
Absolute expands its ZTNA platform to detect, protect, and repair with new self-healing SaaS or On-prem infrastructure that supports both local and global organizations, tightened security controls, and expanded network and event visibility.
Absolute Edge, powered by Secure Access v12.50 and Insights for Network v3.50, adds support for new user authentication modes, adds resiliency for geo-dispersed deployments, bolsters security with new policy enforcement modes, and supports new ARM processors powering the next generation of mobile devices.
Key new features:
- SAML authentication support.*
- New active-active warehouse support–offers automated failover, self-healing, and improved distributed pool support.*
- New ZTNA policy action strengthens security by forcing user reauthentication when security contexts change.
- New ZTNA policy actions for enabling/disabling data collection improve compliance and enforcement.
- New visibility for ZTNA policy enforcement to evaluate the impact of applying ZTNA policies and make proactive security policy decisions.
- New resilient client option for Windows monitors, detects, and automatically repairs problems with client files and processes.
- Agent support for Windows 11*
- Client support for ARM processors on macOS and Windows devices.*
- Improved support for Intune autopilot with hybrid-domain joined machines.
- New and enhanced Insights for Network dashboards including 5G signal quality and network coverage, Wi-Fi signal quality mapping, and Secure Access connection status.
Secure Access v12.50
Support for Modern, Federated Authentication Solutions
SAML Authentication*
Organizations are adopting modern, federated, and cloud-hosted authentication solutions for both remote and on-premises personnel. Secure Access customers can easily convert all or some of their users or administrators to any standards-compliant SAML identity provider, gaining instant access to the out-of-band, multi-factor authentication options, federated identity management in the cloud, and other capabilities available from their chosen identity provider.
- Standards-compliant SAML authentication
- Supports MFA options like push notification, voice calls, or SMS available in your SAML provider’s solution
- Easy integration with cloud-hosted authentication solutions, regardless of where your Secure Access servers are deployed.
- Simplifies administrative access to the Secure Access console, consolidates account management into a single directory service and facilitates single sign-on for apps sharing that identity provider.
- Configurable “session token” option creates a persistent authentication session for a specific length of time, controlling how often users are prompted for SAML/MFA credentials.
- Map SAML groups defined in the IdP to Secure Access groups and leverage Secure Access Policy and Role-Based Access Controls to manage their access to Secure Access services.
Mutual Authentication Protects all Authentication Protocols*
Regardless of which authentication method you configure, Secure Access v12.50 now automatically protects all authentication exchanges between agents and server.
- AES encryption protects agent & server communications for all authentication methods
- Secure Access agents and servers automatically establish a mutually authenticated tunnel to positively identify the user’s device and the Secure Access server before authenticating a user.
- Protects against ‘pass the hash’ attacks on NTLM authentication exchanges.
Zero-Trust Policies
Easy-to-implement, zero-trust, security controls provide the visibility and control administrators need to enforce a strong security posture without reducing user productivity. This release offers greater visibility to blocked and allowed traffic, and fine-grained controls over what behavior is allowed, denied, routed, or optimized by policy.
Reauthenticate Policy Action
Re-challenge a user’s security credentials when the context changes. For example, if a user moves to a public, unsecured network or to a network they’ve never used before, Secure Access can ask them to reauthenticate before accessing allowed resources.
- Challenge for authentication credentials when security parameters such as time of day, network name, connection name, access point ID, the presence of external conditions, and the like change.
- Challenge the identity of the person in possession of the device.
- Mandate compliance with corporate security policies for authentication.
Control Data Collection and Privacy
To respect user privacy on COPE or BYOD devices, policies can now disable data collection. Disable data collection by policy conditions like time of day, network name, connection name, access point ID, the presence of external conditions, etc.
- Automatically disable/reenable data collection by policy to comply with relevant privacy regulations and agreements.
- Fine grained control to limit data collection to legitimate business purposes.
- Supports over 25 different policy conditions.
Set Interface Selection Preference – force traffic over a specific interface
Secure Access supports ordering the network interfaces in policies to solve routing issues caused by network interfaces that report inaccurate speeds.
- Fine-grained control over the order in which network adapters are used to route traffic on mobile clients.
- Override hardware vendors’ claims of performance with custom routing preferences.
Self-Healing and Super-Distributable
Active-Active Warehouses*
When Secure Access v12.50 is deployed with redundant warehouses, if any warehouse becomes unavailable, other warehouses in the deployment automatically take over without administrator intervention. Administrators no longer need to promote a secondary warehouse in the event of a failure.
- Secure Access pools are fault tolerant and automatically self-healing in the event of a warehouse failure.
- All warehouses are active-active backups for each other. If one goes offline, the others automatically take over and administrators are notified.
Improved Support for Geographically Distributed Pools*
The new active-active architecture now supports pools with up to 300 milliseconds of latency between warehouses. Support for higher latency enables using public networks–not just expensive, private circuits—to deploy a distributed pool for fault tolerance or geographically distributed teams between cities, countries, and continents.
- Supports distributed pools with up to 300 milliseconds of latency between zones.
- Increased fault-tolerance supports combining multiple smaller pools into a single pool with a single management UI
- More flexibility in designing for disaster recovery or global deployments
Encrypted Warehouse Communications*
Secure Access v12.50 now uses TLS encryption by default for communication between the warehouses and Secure Access Servers to ensure the confidentiality and integrity of the data-replication.
- Strong encryption, enabled between all v12.50 warehouses and NMSs.
- Secure data within and between data centers, regardless of their physical location.
5G Network Intelligence
Secure Access and Insights for Network are now fully 5G-aware. Secure Access agents collect and monitor 5G networks including signal quality, availability, technology generation (5G) and network technology (5G Sub6, 5GMM).
Note: Apple platforms do not provide cellular signal information.
- Track and analyze 5G network availability, coverage, signal quality and usage in Insights for Network.
Client Improvements
Ensure Secure Access Agent Health
Protect against malicious or inadvertent tampering with the Secure Access Agent. Beginning with Secure Access version 12.50, Secure Access agents are available in an optional Resilient version. The Resilient Secure Access Agent monitors device files and processes. If it detects tampering, the agent will automatically repair or reinstall itself using a known good copy from a trusted source in our cloud infrastructure.
- Continually monitor the state of the Secure Access Agent's health and automatically remediate as necessary
- Automatically restart if key processes aren’t running
- Automatically reinstall the agent in the case of file corruption
Automatically Detect Authentication Certificates
When presented with multiple choices for authentication certificates, Windows users often struggle to choose the correct one. With Secure Access 12.50, administrators can easily pre-select the proper user or device authentication certificate and minimize the chance that users select the wrong certificate and fail to authenticate.
- Pre-configure the Secure Access 12.50 client for Windows to automatically use the correct certificate
- Supports multiple criteria for matching certificates and wild card logic when specifying certificate attributes
- Configure new Windows certificate matching criteria from the Secure Access administration console
Windows 11 Support
Secure Access 12.50 supports the latest version of Microsoft’s Windows desktop operating system. Leverage Secure Access to improve your productivity on Microsoft’s newest platform for enterprises with the only VPN available that has been designed specifically with mobile workers in mind, providing seamless remote access in a way that actively improves the employee experience.
ARM Platform Support
The Secure Access v12.50 agent supports ARM processors in Windows and Apple device tablets and laptops that offer low power consumption and powerful mobile computing.
Near line-speed macOS downloads
We tripled the performance to near line-speed when downloading large files that are split-tunneled (local proxy) outside the VPN. (Up to 900 Mbps under ideal circumstances.)
Enhanced Drop-ship Deployment Options
Administrators can now drop-ship new Windows laptops to end users and script the initial configuration process. Improved support for Hybrid/Azure AD Join with a VPN when using Microsoft Intune. This allows for “zero-touch” remote deployment of Windows PCs using Windows Autopilot or other Windows system management tools.
Insights for Network v3.50
Visibility of ZTNA policy enforcement
New and enhanced dashboards provide visibility into traffic policy-blocked to hosts/websites, addresses/ports, and web reputation. Administrators can now evaluate the impact of applying Secure Access ZTNA policies and make proactive security decisions.
New Connection Status History dashboard
A new Secure Access Connection Status History dashboard compliments the Secure Access Connection Status dashboard by providing more granular filtering and the ability to export all data to CSV, XML and JSON files. This allows administrators to better analyze Secure Access Agent usage history, including identifying when mobile users are actively connected and working remotely.
New Insights for Network Access Audit dashboard
Administrators can now see a history of every dashboard that has been viewed, who viewed that dashboard(s), when viewed, and what specific filters were applied.
Enhanced dashboards
5G Network Reporting
Insights for Network shows 5G-specific data on dashboards that display cellular coverage, signal quality and usage. Dashboards with maps include Technology Generation (5G) and Network Technology (5G Sub6, 5GMM), as well as signal quality.
Wi-Fi Signal Quality Mapping
The Device Details dashboard provides a visual map of a device’s movement and signal quality when connected to Wi-Fi networks. Customers can use this dashboard to identify problem Wi-Fi access points and poor Wi-Fi coverage areas.
Option to Display and Export More Data
Several dashboards with tables are no longer restricted to 1,000 rows. Customers with more than 1,000 devices and/or users can now view and export all the data.
Filter to Display all Carriers in Cellular Coverage Maps
The Cellular Coverage Map dashboard can now be filtered to show an individual carrier or all carriers on a single map. This is helpful for customers that rely on multiple carriers and want to better understand their end user’s overall experience.
Display PCI and Cell ID
Dashboards that display cellular telemetry data now include the Physical Cell Identifier (PCI) and Cell ID, when available. Customers can use this information to work with their cellular providers on improving service and coverage.
Personalize Wi-Fi Network BSSID Names
Insights for Network administrators can now create a look-up table to map non-friendly Wi-Fi BSSID names to user-friendly names displayed in dashboards. This makes it easier for customers with many Wi-Fi access points to quickly identify an access point that may be having problems.
New Server Connections Over Time Chart
The Deployment Status dashboard now includes a line chart that displays the number of Secure Access Agent connections to each Secure Access Server over a selected time. This helps Secure Access administrators determine if the Secure Access Servers are properly loaded and identify any historical outages.
Updated Carrier Definitions
The Cellular Coverage Map has an updated list of carriers to reduce “unknown” carrier color assignments.
Include Grid Cell Statistics in Cellular Coverage Map KML Exports
The Cellular Coverage Map can be exported to a Keyhole Markup Language (KML) formatted file for use in 3rdparty mapping tools. Insights for Network now includes the actual grid cell statistics to display in the KML imported map.
Administrative and Management Enhancements
Improved Console SSO Log-Off Experience
Insights for Network now provides the option to configure where the user’s browser is redirected after log-off to reduce user confusion after console log-off.
License Management Enhancements
More information about applied licenses appears in the Insights for Network Management tool and Licensing dashboard, making it easier for customers to view their license history and better understand when subscription licenses expire.
Self-Hosted Map Tile Servers
The maps displayed in several Insights for Network dashboards are generated by an Internet- hosted map tile server (Microsoft Bing maps). Customers that do not want to permit Internet access to the Insights for Network server can now manually configure Insights for Network to render maps using a self-hosted map tile server.
Secure Access Cloud and MSP Enhancements
Automated Server Deployment
Secure Access v12.50 contains new installer features for scripting server deployments and upgrades. Managed Service Providers (MSPs) and other organizations that frequently install or upgrade Secure Access infrastructure can integrate those operations into their existing Ansible or other automation environments to reduce human error and scale deploying infrastructure.
Custom Domains for Secure Access Cloud Deployments
Customers deploying to Secure Access cloud can choose custom domain names, simplifying, access and configuration of their cloud subscription.
- Choose your custom name and simplify access to the cloud environment for example – customer_name.on.netmotioncloud.com
- Create a name that’s easy for end users and administrators to recall and use.
Full Insights for Network Scalability in NetMotion Cloud
For customers with large SaaS deployments, the Secure Access Cloud platform supports up to 30,000 devices in Insights for Network. Insights for Network in Secure Access Cloud offers all the capabilities of our on-premises product with full scale in a managed cloud environment.
- Scale parity between Insights for Network and Secure Access Cloud
- Insights for Network in Secure Access Cloud also supports large, on-premises Secure Access pools.
___________________________________________________
* Feature also available in Absolute Core.
