What’s New in Secure Access v13 and Insights for Network v4

Sections:      Secure Access v13      Insights for Network v4      Lifecycle Announcements      Maintenance Releases


Secure Access v13

Secure Web Gateway service*

26% of all successful attacks start with content received with a web browser[1].  The Secure Web Gateway service defends organizations from viruses, attacks, and unsafe content delivered through web browsers by safely inspecting and scrubbing web content in a cloud container before delivering it in an inoculated, safe format to the web browser.

The new service protects against browser-based vulnerabilities with four key security capabilities.

  • Antivirus Scans (AV) protect against malicious web content and files before they reach devices.
  • Remote Browser Isolation (RBI) blocks malicious code on web pages while still allowing sanitized content to be displayed on the device. The system provides multiple RBI protection levels providing with increasing security against malicious content.
  • Content Disarm/Reconstruct (CDR) removes active content from file downloads and protects against zero-day threats not detected by AV scans.
  • Data Loss Prevention (DLP) prevents inadvertent uploads of sensitive information.

These Secure Web Gateway capabilities are integrated in the Policy configuration menu in the Secure Access administrative console. There is no need to deploy or manage additional systems or products. The Secure Web Gateway service is licensable as a new subscription for all Secure Access Edge customers. 

New ZTNA Policy Capabilities*

Zero Trust Network Access (ZTNA) is an approach to network design that only allows users to access network resources under specific conditions and after they prove their identity. Easy-to-implement, zero-trust, security controls provide the visibility and control administrators need to enforce a strong security posture without reducing user productivity. We added the following new policy features:

  • New policy actions for Secure Web Gateway: The new policy actions support the New Web Gateway. The actions enable the Secure Web Gateway by hosts/websites or by web reputation with 5 protection levels.
  • New policy action to reauthenticate users after they roam between networks: Changing networks, (e.g., from Wi-Fi to Cellular) also changes the security context of a user’s connection to their network resources. In some circumstances, asking a user to reauthenticate is required by corporate standards or other external factors such as cyber risk insurance. New in v13 is a policy action that forces users to reauthenticate when they change networks.

New Mobile Router Support

Secure Access v13 features native diagnostics and telemetry gathering for the Sierra Wireless XR80 and XR90 trunk-mounted mobile routers. These routers are targeted at FirstNet subscribers and highly mobile grey-collar workers. Automatically gather performance and connectivity data when running network diagnostics and publish the data to Insights for Network.

Increased Control Over Device Naming Conventions

Some mobile devices restrict vendor’s access to user-configured device names and usernames as a method of promoting individual privacy. To assist administrators in clearly identifying devices and users, Secure Access v13 now does the following:

  • Captures and displays the device host name from the operating system. In Secure Access, the hostname is used in the Policy UI and in the device management UI to more easily and quickly identify devices of the same operating system and model to assign policy and track the device. As was the case previously, this value can be set or changed by a standard MDM/EMM or by a privileged user.
  • Captures and displays the name of the last user to authenticate using any given device when subscribing devices to a policy rule set. Often, the last user to authenticate will provide a clue to identifying the device even if the device name is generic.
  • These names are reflected in Insights for Networks dashboards.

General Server Improvements

  • Publisher Disk Utilization: If disk utilization on a healthy Secure Access Publisher is consistently high, it indicates that something is interfering w/ the normal data flow into Insights for Network or other publishing targets. New in Secure Access v13, the Secure Access administrative console now clearly displays the current disk utilization on the Publisher status page.
  • Faster Warehouse Status Updates: Starting with version 12.5, in a pool with multiple warehouses, each gateway has a ‘preferred’ warehouse to which it connects. If that warehouse is offline, for example during monthly maintenance windows, the status of that warehouse will be marked as degraded during the reboot cycle. Secure Access v13 shortens the interval at which the Secure Access gateway will poll the warehouse to determine when it is back online and ready to receive connections.

 

Insights for Network v4*

Dashboard data-level Role Based Access Control (RBAC)

Administrators can create roles within Insights for Network that will control what devices and/or users are visible when viewing dashboards.  This new Role Based Access Control feature provides essential security controls, as well as delivering a more audience-focused dashboard viewing experience. 

Secure Web Gateway dashboards

Seven new dashboards enable visibility into the impact and actions taken by the Secure Web Gateway to secure the web browsing in your deployment.

Secure Web Gateway Impact

A dashboard to quickly assess the general security posture of your deployment provided by Secure Web Gateway, and drill down to active and prevented threats.

Data Loss Prevention Summary

A dashboard displaying data loss prevention actions across connected clients. The data loss prevention action can be "Block" OR "Report" based on global setting. 

Browser Sessions Summary

A dashboard to view Secure Web Gateway client web page visits while in different SWG profile access settings (isolate, inspect, allow, or deny modes).

Browser Sessions Security Audit

A dashboard to analyze Secure Web Gateway unsafe client browser sessions.

File Transfer Summary

A dashboard displaying an overview of Secure Web Gateway file transfer by action, user, device, profile, and status.

File Transfer Blocked

A dashboard that provides summary charts and a detailed log of all file transfer uploads and downloads blocked by Secure Web Gateway. 

Secure Web Gateway User Feedback

A dashboard displaying all user feedback sent from end-users to the Secure Web Gateway during protected browser sessions.  

 

Lifecycle Announcements

Minimum Supported Versions

We have updated the minimum supported version of Apple platforms. The new minimums versions are:

  • iOS – 13.0, released on September 19, 2019
  • macOS – 10.15, released on October 7, 2019

Other minimum versions of the client and server platforms remain unchanged.

  • The minimum version of Android is 7.0, released in August of 2016.
  • The minimum version of Windows clients is Windows 10, released in July of 2015.
  • The minimum version of Windows servers is Windows Server 2016, released in October of 2016.

End of Sale and End of Life for Mobility v11.x and Mobile IQ v2.x

To assist customers in their long-range planning, Absolute Software is providing advance notice of End of Sale (EoS) and End of Life (EoL) for NetMotion Mobility v11.x and NetMotion Mobile IQ v2.x.

End of Sale (EoS) will occur after June 30, 2023 for Mobility v11.x servers and clients and Mobile IQ v2.x. After June 30, customers will only be able to purchase subscription licenses for newer versions of the software.

End of Life (EoL) will occur after February 29, 2024 for Mobility v11.x servers and clients, and Mobile IQ v2.x server. Customers running these versions with active maintenance agreements expiring after February 29, 2024 will continue to receive technical support. However, any defects, operating platform updates or security fixes will only be resolved by upgrading to the current software version.

Customers should plan to migrate to the latest software versions well before February 29, 2024.

 

Maintenance Releases

Secure Access 13.07
Insights for Network 4.04
Secure Access 13.06
Secure Access 13.05
Insights for Network 4.03
Secure Access 13.04 and Insights for Network 4.02
Secure Access 13.03
Secure Access 13.02 and Insights for Network 4.01
Secure Access 13.01

 

Secure Access 13.07

High Severity Vulnerabilities Addressed in Secure Access 13.07

Both the server and the Windows client contain vulnerabilities that could allow attackers with access to the desktop to elevate their level of privilege on the operating system. If an attacker has administrative access to the Secure Access Management interface, they could force another administrator to take an action during a subsequent session.

The highest severity rating of these vulnerabilities is 8.4, High.

In accordance with our disclosure policy, descriptions of vulnerabilities will not be released for at least 90 days to allow customers reasonable time to patch their systems.

Other client and server improvements in Secure Access 13.07 include:

  • Improvements to Warehouse performance and stability.
  • Improved logging of warnings caused by a planned upgrade.
  • Improved client DNS handling.
  • Stability improvements when upgrading/installing clients, using a docking station, or waking device from suspend mode.
  • Improved client compatibility with Cisco RADIUS when using device authentication.
  • Updated NAC compatibility with newer versions of antivirus products.

Absolute recommends that customers update their Secure Access servers and Windows clients to 13.07 as soon as possible.

Customers can download the latest Secure Access and Insights for Network from the Download Portal

For more information, contact [email protected] or [email protected]

Insights for Network 4.04

Insights for Network 4.04 is a maintenance release addressing two recent Splunk CVEs.

The CVEs addressed in this release are:

CVE-2024-23675 and CVE-2024-23678. The highest severity rating for these CVEs is 7.5 – High

The internal architecture of Insights for Network provides partial mitigation for CVE-2024-23675, reducing its severity to a Low. CVE-2024-23678 is exploitable by attackers with permission to write a file to a disk on the Splunk server.

Absolute recommends that all on-premises customers upgrade to Insights for Network 4.04 for maximum protection. Insights for Network SaaS customers will be updated automatically during an upcoming maintenance window.

For more information regarding Insights for Network 4.04, or for general security questions, email [email protected] or [email protected]

Secure Access 13.06

Medium Severity Vulnerabilities Addressed in Secure Access 13.06

The management interface of Secure Access prior to version 13.06 has multiple vulnerabilities that could allow attackers with administrative access to control other logged-on administrators' sessions provided the attacker had knowledge of (or access to) the Secure Access management interface. Attackers with access to the Secure Access administrative console could also corrupt the Secure Access warehouse database.

The highest CVSS v3.1 score for these vulnerabilities is 6.5, Medium.

Taken together, the vulnerabilities fixed in this release are serious and should be patched as soon as possible.

In accordance with our disclosure policy, descriptions of vulnerabilities will not be released for at least 90 days to allow customers reasonable time to patch their systems.

For v13.x customers: The attacks can be mitigated by installing the update and following our recommendations for securely configuring network access to the administrative console.

For v12.x and v11.x customers: A security update is not planned for previous version of Secure Access. Please upgrade to the most recent Secure Access version to maximize the security posture of your deployment.

Absolute recommends that customers schedule a maintenance window to update their Secure Access servers to 13.06 as soon as possible.

Customers can download the latest Secure Access and Insights for Network from the Download Portal

 

For more information, contact [email protected] or [email protected]

 

Secure Access 13.05

Critical Secure Access Server Security Update for ALL Customers

The Publisher component of all versions of Secure Access / NetMotion Mobility prior to v13.05 is affected by CVE-2023-46604 (CVSS 9.8, Critical).

The CVE describes a remote code execution vulnerability in Apache ActiveMQ. Attackers with network access to the Publisher may be able to take control of the Publisher server and gain Windows system level permissions. In the typical deployment, the most likely attack vector is that of an insider attack.

For v12.x and v13.x customers: The attack can be mitigated by installing the update and following our recommendations for securely configuring the Secure Access pool.

For v11.x customers: The Analytics module, an optionally licensed feature of Mobility v11.x, is also affected by this CVE. Attackers with network access to the server hosting this feature may be able to gain Windows system permissions.

End of Life for the Analytics module was announced in October of 2020 and took effect in September of 2021. As previously announced, the remaining v11.x product will be End of Life in Feb 2024.  Version 11 license holders who are still running the Analytics module should either uninstall the Analytics module or upgrade to version 13.x.   

Absolute recommends that customers update their Secure Access servers to 13.05 as soon as possible.

Customers can download the latest Secure Access and Insights for Network from the Download Portal

 

Insights for Network 4.03

Insights for Network 4.03

Insights for Network 4.03 is a maintenance release addressing one reported customer issue and two recent Splunk CVEs.

The customer reported issue resolved in this release is:

MIQ-10867 – Logged in console users assigned either the built-in “Admin” role or the built-in “Unrestricted Viewer” role would see the following error on some dashboard panels: TypeError: Cannot read properties of undefined (reading 'report')

The CVEs addressed in this release are:
CVE-2023-46213 and CVE-2023-46214. The highest severity rating for these CVEs is 8.0 – High

The internal architecture of Insights for Network protects against exploitation of CVE-2023-46213, but not CVE-2023-46214. Note: CVE-2023-46214 can only be exploited by attackers with a valid login to the Insights for Network server.

Absolute recommends that all on-premises customers upgrade to Insights for Network 4.03 for maximum protection. Insights for Network SaaS customers will be updated automatically during an upcoming maintenance window.

For more information regarding Insights for Network 4.03, or for general security questions, email [email protected] or [email protected]

 

Secure Access 13.04 and Insights for Network 4.02

Secure Access 13.04

Secure access 13.04 is a client and server release with a server security fix and general improvements for both servers and clients.

Important: Secure Access 13.04 Server Security Update – The management interface of all supported versions of Mobility and Secure Access servers prior to version 13.04 is vulnerable to CVE-2023-44487 (CVSS 7.5, High). Attackers with access to the Mobility or Secure Access administrative console from the network can execute an unauthenticated server resource exhaustion denial of service (DoS) by sending specially crafted HTTP/2 data to the administrative console. This is a DoS attack; tunnel security is unaffected.

The attack can be mitigated by installing the update, placing the administrative console behind a security layer such as a Web Application Firewall capable of blocking HTTP/2 traffic, and / or following our recommendations for securely configuring network access to the administrative console.

Absolute recommends that customers update their Secure Access servers to 13.04 as soon as possible.

For more information, contact [email protected] or [email protected]

Other client and server updates in 13.04 include:

  • Support for MacOS14
  • Support for Android 14
  • New support for customer generated certificates when configuring SAML authentication
  • New options for iOS device name management
    • New WorkSpace One ‘AppConfig’ support for device names
    • iOS 17 devices not under MDM management are no longer automatically named ‘localhost’
  • New support for user name / password configuration as an iOS Vendor Key / AppConfig key:value pair
  • Improved logging of errors and warnings on pool components

Insights for Network 4.02

Important: Insights for Network Security Update: Insights for Network 4.02 is a maintenance release addressing recent Splunk CVEs for Splunk Enterprise servers prior to version 9.0.6.

Splunk CVEs addressed in this release are:

SVD-2023-0802, SVD-2023-0803, SVD-2023-0804, SVD-2023-0805, SVD-2023-0806, SVD-2023-0807

The highest score for the CVEs addressed in this release is 8.8, High

Absolute Recommends that customers update their Insights for Network servers to 4.02 as soon as possible.

For more information, contact [email protected] or [email protected]

 

Secure Access 13.03

Version 13.03 is a client-only release that addresses two client issues which could result in client disconnects.

  • 13.03 for iOS addresses an issue in 13.02 for iOS that caused MDM-configured per-app tunnels to disconnect.
  • 13.03 for Android addresses an issue on some devices where the best network interface could not be properly determined.

For more information on these issues, review Known and Resolved Issues.

 

Secure Access 13.02 / Insights for Network 4.01

Secure Access 13.02 and Insights for Network 4.01 are general maintenance releases providing functional improvements and addressing defects from earlier releases.

Secure Access 13.02

Secure Access 13.02 contains several improvements for both server and client components including:

  • OpenSSL and play services library updates for Android
  • New support for the Assured Wireless AW12 high-powered mobile router
  • Secure Access publisher performance improvements
  • Minor bug fixes for policy and NAC

For more information on issues addressed in 13.02, review Known and Resolved Issues.

Insights for Network 4.01

Insights for Network 4.01 is a maintenance release addressing recent Splunk CVEs specific to Splunk Enterprise servers prior to version 9.0.5.1.

While the internal architecture of Insights for Network protects against exploitation of these CVEs, Absolute recommends that all customers upgrade to Insights for Network 4.01 for maximum protection.

Splunk CVEs addressed in this release are:

CVE-2023-32710, CVE-2023-32711, CVE-2023-32709, CVE-2023-32706, CVE-2023-32707, CVE-2023-32708, CVE-2021-21419, CVE-2021-28957, CVE-2022-24785, CVE-2022-31129, CVE-2022-32212, CVE-2015-20107, CVE-2021-3517, CVE-2021-3537, CVE-2021-3518, CVE-2023-22941, CVE-2023-22940, CVE-2023-22939, CVE-2023-22938, CVE-2023-22937, CVE-2023-22936, CVE-2023-22935, CVE-2023-22934, CVE-2023-22933, CVE-2023-22932, CVE-2023-32717, CVE-2023-32716, CVE-2023-32712

The highest severity rating for these CVEs is 8.8 – High

For more information regarding Insights for Network 4.01, or for general security questions, email [email protected] or [email protected]

 

Secure Access 13.01

Secure Access 13.01 is a client only maintenance release for macOS addressing an issue that could cause macOS clients to disconnect with reason 15 after an upgrade to v13.00.

 

[1] 2022 Data Breach Investigations Report - https://enterprise.verizon.com/en-gb/resources/reports/dbir/

* Policy capabilities are available only in Secure Access Edge (formerly known as NetMotion Complete)

* Insights for Network is packaged with Secure Access Edge (formerly known as NetMotion Complete)

Financial Services