What’s New in Secure Access v13.50 / Insights for Network v4.10
Sections: Secure Access v13 Insights for Network v4 Lifecycle Announcements Maintenance Releases
AI-powered network security and vulnerability detection
As cyber threats become increasingly sophisticated, dynamic, and stealthy, relying on ‘one-size fits all’ static rules and known threat signatures needlessly exposes your network to zero-day vulnerabilities, network port-scanning, denial of service attacks and other malicious activities. And Insider threats, including data exfiltration, unsafe application usage, and risky web browsing behavior, continue to pose a major security risk for organizations.
The Secure Access SaaS platform leverages the power of Artificial Intelligence (AI) and Machine Learning (ML) to provide highly resilient, advanced threat detection combined with user and entity behavior analysis (UEBA).
Secure Access analyzes each device’s activity to establish a comprehensive baseline of normal network behavior for that device and user. Regardless of whether a device has Secure Access policies that route traffic inside or outside a tunnel, the new AI-powered network security and vulnerability detection capabilities continuously monitor all devices for deviations in behavior, analyzing network traffic, user behavior, application usage and data access patterns, including the following:
- Data exfiltration
- Unsafe application and web browsing behavior
- Malicious network port scanning
- New applications generating network traffic
- Denial of service attacks
- Device being used at unusual times
- Higher than expected network activity
- New network usage patterns
- Device acting as a server
- Device refusing server-like requests
- Device network usage is abnormal
Secure Access generates configurable alerts with rich context and direct links to detailed Insights for Network dashboards, empowering security teams to prioritize and investigate potential threats. As new threats emerge and user behavior evolves, Secure Access automatically modifies its baseline for each user’s device and potential threat profiles, ensuring your defenses remain continuously updated.
Benefits
- Faster threat detection: AI identifies zero-day threats and other vulnerabilities within minutes of suspicious activity so security teams can act quickly to isolate individual users, devices, applications and networks, preventing widespread impact and costly downtime.
- Protection for private and public networks: Detect and act on suspicious network activity even when a device has application and web browsing activity routed directly to the Internet, not routed through a tunnel to the organization’s internal security infrastructure.
- Reduced investigation time: Enable security teams to focus on the most critical threats by configuring categories of risk-based alerts that include quick links to context targeted analytic dashboards for investigations.
- Improved security awareness: Gain broad visibility into the organization’s global threat status, as well as deep dive into individual network flows by leveraging the 70+ customizable Insights for Network integrated dashboards.
Pricing & Packaging
Existing Secure Access SaaS customers will automatically receive the new AI-powered network security vulnerability detection and response as their SaaS environments are upgraded to Secure Access 13.50 and Insights for Network 4.10.
Secure Access v13.50
In addition to supporting Secure Access AI for SaaS customers, version 13.50 adds numerous significant improvements throughout the product.
Control access to Generative AI
Unfettered access to web applications featuring Generative AI capabilities can expose organizations to greater risk of privacy and intellectual property rights violations. Many organizations are creating corporate policies around which AI/ML technologies are sanctioned or prohibited. Secure Access v13.50 offers new policy controls specifically to block or allow access to web enabled or locally resident generative AI applications so administrators can easily leverage Secure Access policies to control which AI/ML solutions.
Control access to three new web content categories
Administrators can now use reputation policies to control access to websites featuring content promoting (a) self-harm, (b) Low-THC cannabis products, and (c) sites offering DNS over HTTPS support, causing organizations to lose visibility and control over DNS traffic and which can be used to evade web-content filters.
Automatically prune unused licenses
Administrators now can set a license utilization period to automatically reclaim infrequently used licenses for a new device's use. Pruned licenses are available and automatically assigned to new devices connecting to the pool. The pruning period can be set per device group or at a global level for between 45 and 365 days.
NAC usability improvements
Network Access Control policies configuration is easier to read and more flexible, adding support for an OR operator. Administrators transitioning between security packages can specify a rule that will evaluate as true if either the old package OR the new package is present.
Role-based access control improvements (RBAC)
Powerful new capabilities for customers with multiple administrators overseeing multiple pools, including MSPs (managed service providers).
- New ‘Hide’ option – Administrators can now hide settings from administrators who do not have permission to view or change the setting, simplifying, and streamlining console administration.
- Import/Export RBAC settings/roles – For administrators managing multiple pools, it is now possible to set RBAC policies on one pool, then export them to other pools, simplifying and consolidating management access.
- New “Servers” role – For deployments with multiple administrators sharing management responsibilities, a new ‘Servers’ role limits permissions to ‘view server status’ and ‘manage servers’ to designated administrators that have the role enabled.
Improved handling of deprecated platforms in policy
After support for a platform is deprecated (e.g., Windows CE) but is still referenced in an existing policy rule, the deprecated platform fields will be shown with a “(deprecated)” designation. The existing rule can still be edited and saved with the current, deprecated, choice. However, when creating a new rule, the deprecated choice will not be available.
Improved certificate handling at login
When automatic certificate selection is enabled, users will receive fewer prompts to resolve certificate conflicts at login leading to a more transparent login experience. We refined how user and device certificates are selected to improve automatic selection of the correct certificate at log in without user intervention. Certificates that have a hostname present in the DNS will be preferred to those that do not, and we improved the duplicate certificate detection logic so that it more reliably chooses the correct one.
Improved iOS vendor key and app config options
Administrators can now pre-configure VPN profiles with usernames, passwords and domain names to simplify and streamline authentication. For EMM/MDMs that support vendor key pairs, we added new vendor keys that support use of these authentication parameters for iOS and iPadOS VPN profiles.
Improved load balancing after failover
Improved the load balancing to distribute clients more evenly between servers when one or more servers are unavailable. Now, each client gets a randomized list of available servers to which they can connect.
Simplify packet captures
Administrators can now leverage the Management Tool on the server to capture packets on the local interfaces for support cases – it’s no longer necessary to install a separate utility to do packet captures. The output of the new functionality is a standard PCAP file and is written out to a local directory.
Multilingual server / console multi-language support
There is a single server installation package that supports both English and Japanese. And the administrative console also supports switching between English and Japanese. Administrators can switch between them by simply changing the display language in their browser.
Enhanced data gathering for Zebra and Honeywell devices on Android 10 and above
In Android 10 and above, Google blocked collecting of IMEI, ICCID, IMSI, MEID, and ESN device identifiers on consumer-grade devices. Android clients now support collecting those data elements on Zebra and Honeywell devices using vendor-specific APIs.
Insights for Network v4.10
Dashboard-level Role Based Access Control (RBAC)
Added the ability to hide sensitive data and secure visibility to specific dashboards based on an individual console user’s role. Administrators can create roles to control which dashboards are visible within the console.
Network security vulnerability dashboards
Five new dashboards enable visibility into suspicious network activity and potential threats detected by the new AI-powered detection in the Secure Access SaaS platform.
Network Vulnerabilities Summary
Displays a high-level summary of the actions being taken by Secure Access to detect, alert and report on suspicious network and application activity.
Suspicious Network Traffic
Shows potential network traffic vulnerabilities and can be filtered to isolate specific suspicious activity categories, such as possible data exfiltration, unsafe destinations, possible DOS against a device, and devices acting as servers. Charts detail the percentage of vulnerabilities by category, and an over-time graph displaying vulnerabilities by category.
Suspicious Network Traffic by Device
Security teams wanting to see specific devices that are demonstrating suspicious network activity can rely on this new dashboard to visualize the impact on the organization overtime. The dashboard includes a detailed data table for each device that can be drilled-down to expose device-specific suspicious activity.
Vulnerability Details
When suspicious activity is detected, this dashboard provides the ability to investigate and see critical details, including a line-by-line history of the suspicious application flows. Location relevant threats, such as unsafe web destinations, also map the remote host location(s).
New Applications Detected
Secure Access detects the first time an application generates any traffic–a good indicator of potential malware and zero-day attack. This dashboard exposes all new application traffic detected for a specific device, group of devices, and across the entire organization.
Other Enhancements
KML exports signal quality metrics
Cellular signal quality metrics displayed within the Device Activity dashboard map are now included in the KML export for use with third party mapping tools.
English-Great Britain (EN-GB) Locale support
Customers that configure Windows to use the “en-GB” locale will now see date formatting correctly within dashboards.
Lifecycle Announcements
- Beginning with Insights for Network 4.10, Microsoft Server 2016 is no longer supported. Customers are advised to upgrade their OS prior to installing 4.10. For information on upgrading Insights for Network, review the documentation (insert hyperlink when new one is available).
- After December 2024, the minimum supported version of Android for Secure Access clients will be Android 9.
Insights for Network 4.11
Insights for Network 4.11 is a maintenance release providing the following enhancements:
- General security improvements
- Improvements to translations
Secure Access 13.51
Secure Access 13.51 is a maintenance release for the Windows server, iOS client platforms.
Windows Server Updates:
- Publisher stability & performance improvements
- Virtual address (VIP) management improvements
- SaaS specific updates
iOS Client Updates:
- Fixes for issues that could cause connection attempts to fail after an upgrade or fresh install
- Other general improvements & bugfixes
Secure Access 13.52
Secure Access v13.52 is a maintenance release for the Android and macOS client platforms.
Android client updates include:
- Support for Android 15 platform
- Fix for potential routing issue when routing traffic outside tunnel
macOS client updates include:
- Improved overall performance, control, & security via extended system permissions
- Support for all IP network traffic including inbound & local network traffic (which was previously limited)
- Support for configuring policy by Application name enabling more granular security posture control
- Support for reporting network flows by Application name
NOTE: Upgrading macOS clients to version 13.52 requires an additional deployment step and will not be published to the App Store at this time. To ensure the best upgrade rollout experience & download the update please read the macOS client upgrade advisory in our Knowledge Base.
Insights for Network 4.12
Insights for Network 4.12 is a maintenance release addressing nine recent Splunk vulnerabilities. The issues addressed in this release are:
CVE-2024-45731, CVE-2024-45733, CVE-2024-45738, CVE-2024-45740, CVE-2024-45741, CVE-2024-45736, SVD-2024-1005, SVD-2024-1012, and SVD-2024-1007
The highest severity rating for these CVEs is 8.8, High.
Absolute strongly recommends that all self-hosted customers upgrade to Insights for Network 4.12 for maximum protection. For more information or for general security questions email [email protected] or [email protected]