What’s New in Secure Access v13 and Insights for Network v4

Sections: Secure Access v13 Insights for Network v4 Lifecycle Announcements

Secure Web Gateway service^*

26% of all successful attacks start with content received with a web browser[1]. The Secure Web Gateway service defends organizations from viruses, attacks, and unsafe content delivered through web browsers by safely inspecting and scrubbing web content in a cloud container before delivering it in an inoculated, safe format to the web browser.

The new service protects against browser-based vulnerabilities with four key security capabilities.

Antivirus Scans (AV) protect against malicious web content and files before they reach devices.
Remote Browser Isolation (RBI) blocks malicious code on web pages while still allowing sanitized content to be displayed on the device. The system provides multiple RBI protection levels providing with increasing security against malicious content.
Content Disarm/Reconstruct (CDR) removes active content from file downloads and protects against zero-day threats not detected by AV scans.
Data Loss Prevention (DLP) prevents inadvertent uploads of sensitive information.

These Secure Web Gateway capabilities are integrated in the Policy configuration menu in the Secure Access administrative console. There is no need to deploy or manage additional systems or products. The Secure Web Gateway service is licensable as a new subscription for all Secure Access Edge customers.

New ZTNA Policy Capabilities*

Zero Trust Network Access (ZTNA) is an approach to network design that only allows users to access network resources under specific conditions and after they prove their identity. Easy-to-implement, zero-trust, security controls provide the visibility and control administrators need to enforce a strong security posture without reducing user productivity. We added the following new policy features:

New policy actions for Secure Web Gateway: The new policy actions support the New Web Gateway. The actions enable the Secure Web Gateway by hosts/websites or by web reputation with 5 protection levels.
New policy action to reauthenticate users after they roam between networks: Changing networks, (e.g., from Wi-Fi to Cellular) also changes the security context of a user’s connection to their network resources. In some circumstances, asking a user to reauthenticate is required by corporate standards or other external factors such as cyber risk insurance. New in v13 is a policy action that forces users to reauthenticate when they change networks.

New Mobile Router Support

Secure Access v13 features native diagnostics and telemetry gathering for the Sierra Wireless XR80 and XR90 trunk-mounted mobile routers. These routers are targeted at FirstNet subscribers and highly mobile grey-collar workers. Automatically gather performance and connectivity data when running network diagnostics and publish the data to Insights for Network.

Increased Control Over Device Naming Conventions

Some mobile devices restrict vendor’s access to user-configured device names and usernames as a method of promoting individual privacy. To assist administrators in clearly identifying devices and users, Secure Access v13 now does the following:

Captures and displays the device host name from the operating system. In Secure Access, the hostname is used in the Policy UI and in the device management UI to more easily and quickly identify devices of the same operating system and model to assign policy and track the device. As was the case previously, this value can be set or changed by a standard MDM/EMM or by a privileged user.
Captures and displays the name of the last user to authenticate using any given device when subscribing devices to a policy rule set. Often, the last user to authenticate will provide a clue to identifying the device even if the device name is generic.
These names are reflected in Insights for Networks dashboards.

General Server Improvements

Publisher Disk Utilization: If disk utilization on a healthy Secure Access Publisher is consistently high, it indicates that something is interfering w/ the normal data flow into Insights for Network or other publishing targets. New in Secure Access v13, the Secure Access administrative console now clearly displays the current disk utilization on the Publisher status page.
Faster Warehouse Status Updates: Starting with version 12.5, in a pool with multiple warehouses, each gateway has a ‘preferred’ warehouse to which it connects. If that warehouse is offline, for example during monthly maintenance windows, the status of that warehouse will be marked as degraded during the reboot cycle. Secure Access v13 shortens the interval at which the Secure Access gateway will poll the warehouse to determine when it is back online and ready to receive connections.

Dashboard data-level Role Based Access Control (RBAC)

Administrators can create roles within Insights for Network that will control what devices and/or users are visible when viewing dashboards. This new Role Based Access Control feature provides essential security controls, as well as delivering a more audience-focused dashboard viewing experience.

Secure Web Gateway dashboards

Seven new dashboards enable visibility into the impact and actions taken by the Secure Web Gateway to secure the web browsing in your deployment.

Secure Web Gateway Impact

A dashboard to quickly assess the general security posture of your deployment provided by Secure Web Gateway, and drill down to active and prevented threats.

Data Loss Prevention Summary

A dashboard displaying data loss prevention actions across connected clients. The data loss prevention action can be "Block" OR "Report" based on global setting.

Browser Sessions Summary

A dashboard to view Secure Web Gateway client web page visits while in different SWG profile access settings (isolate, inspect, allow, or deny modes).

Browser Sessions Security Audit

A dashboard to analyze Secure Web Gateway unsafe client browser sessions.

File Transfer Summary

A dashboard displaying an overview of Secure Web Gateway file transfer by action, user, device, profile, and status.

File Transfer Blocked

A dashboard that provides summary charts and a detailed log of all file transfer uploads and downloads blocked by Secure Web Gateway.

Secure Web Gateway User Feedback

A dashboard displaying all user feedback sent from end-users to the Secure Web Gateway during protected browser sessions.

Minimum Supported Versions

We have updated the minimum supported version of Apple platforms. The new minimums versions are:

iOS – 13.0, released on September 19, 2019
macOS – 10.15, released on October 7, 2019

Other minimum versions of the client and server platforms remain unchanged.

The minimum version of Android is 7.0, released in August of 2016.
The minimum version of Windows clients is Windows 10, released in July of 2015.
The minimum version of Windows servers is Windows Server 2016, released in October of 2016.

End of Sale and End of Life for Mobility v11.x and Mobile IQ v2.x

To assist customers in their long-range planning, Absolute Software is providing advance notice of End of Sale (EoS) and End of Life (EoL) for NetMotion Mobility v11.x and NetMotion Mobile IQ v2.x.

End of Sale (EoS) will occur after June 30, 2023 for Mobility v11.x servers and clients and Mobile IQ v2.x. After June 30, customers will only be able to purchase subscription licenses for newer versions of the software.

End of Life (EoL) will occur after February 29, 2024 for Mobility v11.x servers and clients, and Mobile IQ v2.x server. Customers running these versions with active maintenance agreements expiring after February 29, 2024 will continue to receive technical support. However, any defects, operating platform updates or security fixes will only be resolved by upgrading to the current software version.

Customers should plan to migrate to the latest software versions well before February 29, 2024.

[1] 2022 Data Breach Investigations Report - https://enterprise.verizon.com/en-gb/resources/reports/dbir/

* Policy capabilities are available only in Secure Access Edge (formerly known as NetMotion Complete)

* Insights for Network is packaged with Secure Access Edge (formerly known as NetMotion Complete)