What’s New in Absolute Secure Access v13

Recently I wrote about NetMotion Mobility’s acquisition by Absolute Software. Absolute Secure Access (formerly NetMotion Mobility) is an enterprise VPN and Zero Trust Network Access (ZTNA) solution that includes fine-grained policy enforcement to restrict network access based on a wide range of parameters, including IP address, protocol, port, application, time of day, location, and type of network (e.g., wired, Wi-Fi, wireless, etc.), available bandwidth, battery level, and more. It also includes integrated Network Access Control (NAC), which administrators can use to inform access policy decisions based on device security and configuration posture. Now, Absolute has created its first major release since the acquisition – Absolute Secure Access v13.

Secure Web Gateway

Absolute Secure Access is already the most comprehensive and compelling enterprise VPN and ZTNA solution available today. With the release of Absolute Secure Access v13, the solution now includes cloud-based Secure Web Gateway integration, providing administrators with increased visibility and control of web traffic outside the tunnel. Not all web traffic must flow through the secure web gateway. Administrators can use policy to selectively route web traffic through the secure web gateway to meet their requirements.

Enhanced Security

The secure web gateway feature of Absolute Secure Access v13 includes the following enhanced security features.

Web Filtering

The secure web gateway allows administrators to restrict access based on web category (e.g., gambling, malware sites, personal storage, etc.). Administrators can allow or deny access based on risk level or use the destination’s categorization to take policy action to restrict access further or require additional authentication.

TLS Inspection

The secure web gateway can terminate HTTPS (SSL/TLS) sessions to perform traffic inspection and granular content categorization based on the full URL. The TLS inspection certificate is added dynamically to the local computer certificate store.

Virus Scan

The secure web gateway performs malware and virus scans on web content and files, preventing users from downloading malicious software.

Remote Browser Isolation

Remote Browser Isolation (RBI) executes web browsing sessions on a remote, isolated system to prevent potential malware threats. It enhances security by ensuring malicious content is contained and executed away from the user’s device.

Content Disarm and Reconstruction

Content Disarm and Reconstruction (CDR) is a security feature that eliminates dynamic content from downloaded files and guards against zero-day vulnerabilities undetected by antivirus scans.

Data Loss Prevention

Data Loss Prevention (DLP) is designed to prevent sensitive or confidential data from being leaked, accessed, or shared inappropriately, ensuring data security and compliance with regulations.

Policy Enhancements

Absolute Secure Access policies now include actions that can be taken based on information from the secure web gateway. For example, if a user visits a risky category like Malware Sites, additional security features such as antivirus scan, CDR and DLP enforcement, and RBI can be enforced. In addition, administrators can now force reauthentication when users roam between networks.

Summary

Absolute Secure Access v13 significantly upgrades previous versions of Absolute Secure Access and NetMotion Mobility. The security enhancements associated with the new secure web gateway service will tremendously increase an organization’s security posture and eliminate the need for additional web security solutions. Absolute Secure Access has powerful security enforcement technologies with policy and NAC to ensure the highest level of security for today’s mobile workforce.

Learn More

Are you interested in learning more about Absolute Secure Access? Would you like a demonstration of this enterprise VPN and Zero-Trust Network Access solution? Fill out the form below, and we’ll provide more information.

Microsoft Entra Global Secure Access

Last week Microsoft introduced new Security Service Edge (SSE) capabilities as part of the Microsoft Entra suite of technologies. Included in these announcements, Microsoft introduced the public preview of two new secure remote access technologies – Microsoft Entra Internet Access and Microsoft Entra Private Access. The latter of these will particularly interest Microsoft Always On VPN administrators in some deployment scenarios.

Microsoft Entra Internet Access

Microsoft Entra Internet Access is a new Secure Web Gateway (SWG) cloud service solution designed to protect users from threats on the public Internet. Features include web content filtering, malware inspection, TLS inspection, and more. In addition, Entra Internet Access can protect Microsoft 365 applications. Azure Conditional Access policies can be enforced for Internet traffic. Network conditions are now included with Azure Conditional Access, which can further protect against attacks by requiring access from specific trusted or compliant networks. Today, the public preview is available for Microsoft 365 scenarios only. Internet traffic and other SaaS applications will be available later this year.

Microsoft Entra Private Access

Microsoft Entra Private Access is a Zero Trust Network Access (ZTNA) cloud service solution that leverages the Azure Application Proxy access model. With Azure App Proxy, administrators can easily publish private, on-premises web applications by installing the connector on an on-premises server. Administrators can leverage Azure AD authentication and conditional access policies to ensure device compliance or enforce multifactor authentication (MFA), if required. Microsoft Entra Private Access extends the capabilities of the Azure Application Proxy to support TCP and UDP-based applications.

Private Access vs. Always On VPN

Microsoft Entra Private Access will be a compelling alternative to Always On VPN in the future. Specifically, organizations using native Azure AD join devices could benefit tremendously from this technology. Microsoft Entra Private Access is much simpler to implement than Always On VPN and requires no on-premises infrastructure other than the Azure Application Proxy connector. Using Microsoft Entra Private Access also means that no inbound access from the Internet is required, making the solution inherently more secure and reducing the public attack surface. For organizations using hybrid Azure AD join, Always On VPN continues to be the best Microsoft solution for these scenarios.

References

Microsoft Entra Expands into Security Service Edge (SSE)

Microsoft Entra – Secure Access for a Connected World

Microsoft Entra Internet Access Preview

Microsoft Entra Private Access Preview

What is Zero Trust?

What is Zero Trust Network Access?

What is Security Service Edge (SSE)?

What is Secure Access Service Edge (SASE)?

What’s the Difference Between SSE and SASE?

Contact Us

I’ve had the privilege of participating in the private preview for Microsoft Entra Internet Access and Private Access. If you’d like to learn more about these technologies and how they can help your organization, fill out the form below, and I’ll provide more information.