What's New in Version 6: Higher Security, New Hybrid Multicloud Uses
Can you believe we’re already in July? It’s been a long couple of months, but for our part, the Zentera team has been hard at work delivering new features and enhancements for our customers. We’re already on version 6.2 of CoIP Access Platform and well on our way toward completing the features for 6.3. So while these features have been available for a few months now, it’s never too late to review the major advances now available in release 6 of CoIP Access Platform.
Advanced Security Filters
The latest release of CoIP Access Platform supports completely overhauled security filters, making it easy to secure an end-to-end application connection. Administrators can easily define applications, endpoint, and services with tenant-wide scope, and apply those filters to the application profile in a firewall-style prioritized list of permit/deny actions.
Customers can use the security filters to interlock applications on either side of the CoIP WAN - for example, locking down a server application so it can only be accessed with a specific set of clients. The filters use a defined fingerprint that ensures the provenance of the applications involved. It essentially provides an application-aware Layer 7 inline on each connection – only with capabilities that are far more precise and less computationally-intensive than deep packet inspection.
In release 6, we’ve completely upgraded all of the control plane and data plane connections to use TLS 1.3. While customers could already use CoIP to wrap application traffic in dynamic, per-application, end-to-end encrypted tunnels, release 6 enables admins to drop older, insecure ciphers such as SHA-1, RC4, DES, and AES-CBC, increasing the overall application security. Additionally, TLS 1.3 supports higher speed handshakes, reducing the connection setup time for dynamic connections.
As always, CoIP Access Platform supports mutual authentication on all connections.
Remote Internet Gateway
Release 6 also supports a Remote Internet Gateway connection on a Gateway Proxy. “What is that,” you ask, “and why would I need one?” Good question!
Many customers have well-developed security procedures for handling outbound traffic from their on-premises environments. Web proxies, next-generation firewalls, and other security controls are used to provide visibility and control over outbound connections to the open Internet.
Once on-prem workloads migrate to a cloud environment, lines of business admins are faced with a challenge: it’s simple to set up a gateway and hop out to the Internet from the cloud service provider, but it’s much harder to reproduce the same level of security controls that existed in the on-prem environment. It’s possible to build the same controls yourself, define the operational procedures, and get the setup approved by the compliance team… but isn’t that a lot of work for some periodic software updates?
Instead, it can be a lot easier to direct all Internet-bound traffic back to the corporate premises and let the existing controls handle the traffic. This is easily done by configuring the cloud Gateway Proxy as the Internet Gateway, and setting up a Remote Internet Gateway connection back on-prem. Traffic headed toward the corporate network is filtered with the same Advanced Security Filters, allowing you to restrict access to a certain set of cloud VMs, and on specific ports. It’s quite an elegant solution for an often-ignored problem.
Upgrading to 6.2.1
Current Zentera customers can access the upgrade packages through the support portal at support.zentera.net.