What’s New in Secure Access v13 and Insights for Network v4

Sections:      Secure Access v13      Insights for Network v4      Lifecycle Announcements      Maintenance Releases

---

Secure Access v13

Secure Web Gateway service^*

26% of all successful attacks start with content received with a web browser[1].  The Secure Web Gateway service defends organizations from viruses, attacks, and unsafe content delivered through web browsers by safely inspecting and scrubbing web content in a cloud container before delivering it in an inoculated, safe format to the web browser.

The new service protects against browser-based vulnerabilities with four key security capabilities.

• Antivirus Scans (AV) protect against malicious web content and files before they reach devices.
• Remote Browser Isolation (RBI) blocks malicious code on web pages while still allowing sanitized content to be displayed on the device. The system provides multiple RBI protection levels providing with increasing security against malicious content.
• Content Disarm/Reconstruct (CDR) removes active content from file downloads and protects against zero-day threats not detected by AV scans.
• Data Loss Prevention (DLP) prevents inadvertent uploads of sensitive information.

These Secure Web Gateway capabilities are integrated in the Policy configuration menu in the Secure Access administrative console. There is no need to deploy or manage additional systems or products. The Secure Web Gateway service is licensable as a new subscription for all Secure Access Edge customers. 

New ZTNA Policy Capabilities*

Zero Trust Network Access (ZTNA) is an approach to network design that only allows users to access network resources under specific conditions and after they prove their identity. Easy-to-implement, zero-trust, security controls provide the visibility and control administrators need to enforce a strong security posture without reducing user productivity. We added the following new policy features:

• New policy actions for Secure Web Gateway: The new policy actions support the New Web Gateway. The actions enable the Secure Web Gateway by hosts/websites or by web reputation with 5 protection levels.
• New policy action to reauthenticate users after they roam between networks: Changing networks, (e.g., from Wi-Fi to Cellular) also changes the security context of a user’s connection to their network resources. In some circumstances, asking a user to reauthenticate is required by corporate standards or other external factors such as cyber risk insurance. New in v13 is a policy action that forces users to reauthenticate when they change networks.

New Mobile Router Support

Secure Access v13 features native diagnostics and telemetry gathering for the Sierra Wireless XR80 and XR90 trunk-mounted mobile routers. These routers are targeted at FirstNet subscribers and highly mobile grey-collar workers. Automatically gather performance and connectivity data when running network diagnostics and publish the data to Insights for Network.

Increased Control Over Device Naming Conventions

Some mobile devices restrict vendor’s access to user-configured device names and usernames as a method of promoting individual privacy. To assist administrators in clearly identifying devices and users, Secure Access v13 now does the following:

• Captures and displays the device host name from the operating system. In Secure Access, the hostname is used in the Policy UI and in the device management UI to more easily and quickly identify devices of the same operating system and model to assign policy and track the device. As was the case previously, this value can be set or changed by a standard MDM/EMM or by a privileged user.
• Captures and displays the name of the last user to authenticate using any given device when subscribing devices to a policy rule set. Often, the last user to authenticate will provide a clue to identifying the device even if the device name is generic.
• These names are reflected in Insights for Networks dashboards.
  
  

General Server Improvements

• Publisher Disk Utilization: If disk utilization on a healthy Secure Access Publisher is consistently high, it indicates that something is interfering w/ the normal data flow into Insights for Network or other publishing targets. New in Secure Access v13, the Secure Access administrative console now clearly displays the current disk utilization on the Publisher status page.
• Faster Warehouse Status Updates: Starting with version 12.5, in a pool with multiple warehouses, each gateway has a ‘preferred’ warehouse to which it connects. If that warehouse is offline, for example during monthly maintenance windows, the status of that warehouse will be marked as degraded during the reboot cycle. Secure Access v13 shortens the interval at which the Secure Access gateway will poll the warehouse to determine when it is back online and ready to receive connections.

 

Insights for Network v4*

Dashboard data-level Role Based Access Control (RBAC)

Administrators can create roles within Insights for Network that will control what devices and/or users are visible when viewing dashboards.  This new Role Based Access Control feature provides essential security controls, as well as delivering a more audience-focused dashboard viewing experience. 

Secure Web Gateway dashboards

Seven new dashboards enable visibility into the impact and actions taken by the Secure Web Gateway to secure the web browsing in your deployment.

Secure Web Gateway Impact

A dashboard to quickly assess the general security posture of your deployment provided by Secure Web Gateway, and drill down to active and prevented threats.

Data Loss Prevention Summary

A dashboard displaying data loss prevention actions across connected clients. The data loss prevention action can be "Block" OR "Report" based on global setting. 

Browser Sessions Summary

A dashboard to view Secure Web Gateway client web page visits while in different SWG profile access settings (isolate, inspect, allow, or deny modes).

Browser Sessions Security Audit

A dashboard to analyze Secure Web Gateway unsafe client browser sessions.

File Transfer Summary

A dashboard displaying an overview of Secure Web Gateway file transfer by action, user, device, profile, and status.

File Transfer Blocked

A dashboard that provides summary charts and a detailed log of all file transfer uploads and downloads blocked by Secure Web Gateway. 

Secure Web Gateway User Feedback

A dashboard displaying all user feedback sent from end-users to the Secure Web Gateway during protected browser sessions.  

 

Lifecycle Announcements

Minimum Supported Versions

We have updated the minimum supported version of Apple platforms. The new minimums versions are:

• iOS – 13.0, released on September 19, 2019
• macOS – 10.15, released on October 7, 2019

Other minimum versions of the client and server platforms remain unchanged.

• The minimum version of Android is 7.0, released in August of 2016.
• The minimum version of Windows clients is Windows 10, released in July of 2015.
• The minimum version of Windows servers is Windows Server 2016, released in October of 2016.

End of Sale and End of Life for Mobility v11.x and Mobile IQ v2.x

To assist customers in their long-range planning, Absolute Security is providing advance notice of End of Sale (EoS) and End of Life (EoL) for NetMotion Mobility v11.x and NetMotion Mobile IQ v2.x.

End of Sale (EoS) will occur after June 30, 2023 for Mobility v11.x servers and clients and Mobile IQ v2.x. After June 30, customers will only be able to purchase subscription licenses for newer versions of the software.

End of Life (EoL) will occur after February 29, 2024 for Mobility v11.x servers and clients, and Mobile IQ v2.x server. Customers running these versions with active maintenance agreements expiring after February 29, 2024 will continue to receive technical support. However, any defects, operating platform updates or security fixes will only be resolved by upgrading to the current software version.

Customers should plan to migrate to the latest software versions well before February 29, 2024.

 

Maintenance Releases

Secure Access 13.08
Secure Access 13.07
Insights for Network 4.04
Secure Access 13.06
Secure Access 13.05
Insights for Network 4.03
Secure Access 13.04 and Insights for Network 4.02
Secure Access 13.03
Secure Access 13.02 and Insights for Network 4.01
Secure Access 13.01

 

Secure Access 13.08

Android only: performance hotfix in Secure Access 13.08

Secure Access 13.08 is a client release for the Android platform only. This release fixes a bug causing a noticeable reduction of performance for uploads when compared to previous Android v13 releases.

Customers can download the latest Secure Access for Android client from the Google Play Store. For more information on this issue, review Known and Resolved Issues.

Secure Access 13.07

High Severity Vulnerabilities Addressed in Secure Access 13.07

Both the server and the Windows client contain vulnerabilities that could allow attackers with access to the desktop to elevate their level of privilege on the operating system. If an attacker has administrative access to the Secure Access Management interface, they could force another administrator to take an action during a subsequent session.

The highest severity rating of these vulnerabilities is 8.4, High.

In accordance with our disclosure policy, descriptions of vulnerabilities will not be released for at least 90 days to allow customers reasonable time to patch their systems.

Other client and server improvements in Secure Access 13.07 include:

• Improvements to Warehouse performance and stability.
• Improved logging of warnings caused by a planned upgrade.
• Improved client DNS handling.
• Stability improvements when upgrading/installing clients, using a docking station, or waking device from suspend mode.
• Improved client compatibility with Cisco RADIUS when using device authentication.
• Updated NAC compatibility with newer versions of antivirus products.

Absolute recommends that customers update their Secure Access servers and Windows clients to 13.07 as soon as possible.

Customers can download the latest Secure Access and Insights for Network from the Download Portal

For more information, contact securityresponse@absolute.com or nm-support@absolute.com

Insights for Network 4.04

Insights for Network 4.04 is a maintenance release addressing two recent Splunk CVEs.

The CVEs addressed in this release are:

CVE-2024-23675 and CVE-2024-23678. The highest severity rating for these CVEs is 7.5 – High

The internal architecture of Insights for Network provides partial mitigation for CVE-2024-23675, reducing its severity to a Low. CVE-2024-23678 is exploitable by attackers with permission to write a file to a disk on the Splunk server.

Absolute recommends that all on-premises customers upgrade to Insights for Network 4.04 for maximum protection. Insights for Network SaaS customers will be updated automatically during an upcoming maintenance window.

For more information regarding Insights for Network 4.04, or for general security questions, email securityresponse@absolute.com or nm-support@absolute.com

Secure Access 13.04 and Insights for Network 4.02

Secure Access 13.04

Secure access 13.04 is a client and server release with a server security fix and general improvements for both servers and clients.

Important: Secure Access 13.04 Server Security Update – The management interface of all supported versions of Mobility and Secure Access servers prior to version 13.04 is vulnerable to CVE-2023-44487 (CVSS 7.5, High). Attackers with access to the Mobility or Secure Access administrative console from the network can execute an unauthenticated server resource exhaustion denial of service (DoS) by sending specially crafted HTTP/2 data to the administrative console. This is a DoS attack; tunnel security is unaffected.

The attack can be mitigated by installing the update, placing the administrative console behind a security layer such as a Web Application Firewall capable of blocking HTTP/2 traffic, and / or following our recommendations for securely configuring network access to the administrative console.

Absolute recommends that customers update their Secure Access servers to 13.04 as soon as possible.

For more information, contact securityresponse@absolute.com or nm-support@absolute.com

Other client and server updates in 13.04 include:

• Support for MacOS14
• Support for Android 14
• New support for customer generated certificates when configuring SAML authentication
• New options for iOS device name management
  • New WorkSpace One ‘AppConfig’ support for device names
  • iOS 17 devices not under MDM management are no longer automatically named ‘localhost’
• New support for user name / password configuration as an iOS Vendor Key / AppConfig key:value pair
• Improved logging of errors and warnings on pool components

Insights for Network 4.02

Important: Insights for Network Security Update: Insights for Network 4.02 is a maintenance release addressing recent Splunk CVEs for Splunk Enterprise servers prior to version 9.0.6.

Splunk CVEs addressed in this release are:

SVD-2023-0802, SVD-2023-0803, SVD-2023-0804, SVD-2023-0805, SVD-2023-0806, SVD-2023-0807

The highest score for the CVEs addressed in this release is 8.8, High

Absolute Recommends that customers update their Insights for Network servers to 4.02 as soon as possible.

For more information, contact securityresponse@absolute.com or nm-support@absolute.com

 

Secure Access 13.03

Version 13.03 is a client-only release that addresses two client issues which could result in client disconnects.

• 13.03 for iOS addresses an issue in 13.02 for iOS that caused MDM-configured per-app tunnels to disconnect.
• 13.03 for Android addresses an issue on some devices where the best network interface could not be properly determined.

For more information on these issues, review Known and Resolved Issues.

 

Secure Access 13.02 / Insights for Network 4.01

Secure Access 13.02 and Insights for Network 4.01 are general maintenance releases providing functional improvements and addressing defects from earlier releases.

Secure Access 13.02

Secure Access 13.02 contains several improvements for both server and client components including:

• OpenSSL and play services library updates for Android
• New support for the Assured Wireless AW12 high-powered mobile router
• Secure Access publisher performance improvements
• Minor bug fixes for policy and NAC

For more information on issues addressed in 13.02, review Known and Resolved Issues.

Insights for Network 4.01

Insights for Network 4.01 is a maintenance release addressing recent Splunk CVEs specific to Splunk Enterprise servers prior to version 9.0.5.1.

While the internal architecture of Insights for Network protects against exploitation of these CVEs, Absolute recommends that all customers upgrade to Insights for Network 4.01 for maximum protection.

Splunk CVEs addressed in this release are:

CVE-2023-32710, CVE-2023-32711, CVE-2023-32709, CVE-2023-32706, CVE-2023-32707, CVE-2023-32708, CVE-2021-21419, CVE-2021-28957, CVE-2022-24785, CVE-2022-31129, CVE-2022-32212, CVE-2015-20107, CVE-2021-3517, CVE-2021-3537, CVE-2021-3518, CVE-2023-22941, CVE-2023-22940, CVE-2023-22939, CVE-2023-22938, CVE-2023-22937, CVE-2023-22936, CVE-2023-22935, CVE-2023-22934, CVE-2023-22933, CVE-2023-22932, CVE-2023-32717, CVE-2023-32716, CVE-2023-32712

The highest severity rating for these CVEs is 8.8 – High

For more information regarding Insights for Network 4.01, or for general security questions, email securityresponse@absolute.com or nm-support@absolute.com

 

Secure Access 13.01

Secure Access 13.01 is a client only maintenance release for macOS addressing an issue that could cause macOS clients to disconnect with reason 15 after an upgrade to v13.00.

 

[1] 2022 Data Breach Investigations Report - https://enterprise.verizon.com/en-gb/resources/reports/dbir/

* Policy capabilities are available only in Secure Access Edge (formerly known as NetMotion Complete)

* Insights for Network is packaged with Secure Access Edge (formerly known as NetMotion Complete)