In Hall 7, Stand 7-612 with modern operating system and SELinux optimisations

The redesign of Ivanti Connect Secure helps customers improve their security posture, increase control and performance, and future-proof their network security infrastructure.

Ivanti, a global IT and security software company, has released version 25.X of Ivanti Connect Secure (ICS). This marks a significant milestone in the company’s evolution towards redefining VPN security. The new ICS version includes a modernised enterprise operating system (OS), platform hardening and gateway-level enhancements. The aim is to minimise the impact of vulnerabilities, reduce attack surfaces and increase operational resilience.

In line with its 2024 commitment, Ivanti has implemented a comprehensive architectural overhaul of ICS. The result is a modern, resilient solution based on secure-by-design principles. The company has made targeted investments in hardening ICS appliances, modernising the operating system, and integrating security mechanisms at all levels of development. This positions Ivanti’s VPN solutions at the forefront of modernising secure access infrastructures.

Connect Secure 25.X focuses on enterprise security: many outdated software components have been completely redesigned with security in mind. These include a modern, secure web server and web application firewall (WAF), secure boot protection, hard disk encryption, key management and secure factory settings. These features secure key areas of the system and make external attacks much more difficult.

Connect Secure 25.X is based on an enterprise-grade Oracle Linux (OL) operating system with an updated kernel and a modernised technology stack. This combination provides a stable foundation for scalable, high-performance deployments in cloud, virtualisation and hardware environments. A key advancement is the hardening of the system through Security-Enhanced Linux (SELinux). These protective mechanisms significantly limit the options available to potential attackers. Together, these features provide a comprehensive, multi-layered security architecture designed to meet the changing demands of modern enterprise environments.

‘Over the past year, we have significantly advanced our “secure-by-design” strategy, putting our commitment into practice through significant investments and an expanded security team that consistently adheres to our initiatives and industry-leading best practices,’ said Mike Riemer, Ivanti’s SVP of the Network Security Group (NSG) and Field CISO. ‘This release is clear evidence of our commitment. We have listened to our customers, invested in technology and skilled personnel, and further developed the security of Ivanti Connect Secure to ensure the resilience and reliability our customers expect.’

Product enhancements in Ivanti Connect Secure:

• Modernised user experience with new operating system
  • Stability and scalability: The new operating system with a modern technology stack offers maximum stability and scalability for large deployments, ideal for demanding enterprise environments.
  • Future-proof: Ongoing compatibility with the latest operating systems and third-party features and updates ensures that customer systems remain modern and supported.
• Strengthened security through comprehensive hardening measures
  • Consistent enforcement: Connect Secure runs in SELinux ‘Enforcing Mode’ by default, ensuring that critical system processes are continuously monitored and protected.
  • Reduced attack surface: Connect Secure’s hardening measures ensure that the system remains isolated even during active attacks and that the ‘blast radius’ of potential threats is significantly limited.
  • Data protection: Integrated encryption protects against data leaks and keeps sensitive information secure.
• Unrestricted performance through gateway optimisations
  • Faster, more secure, more intelligent: The improved gateway offers strong protection against vulnerabilities without compromising speed and performance – advanced security features do not come at the expense of system performance.

At the heart of Ivanti’s development philosophy is the Secure Software Development Life Cycle (SSDLC), which enables the seven key elements of secure software design: Security as Code (SaC), Secure by Default, Least Privilege, Separation of Duties (SoD), Minimize Attack Surface Area (ASA), Complete Mediation and Failing Securely. In addition, Ivanti follows its strict internal standard for secure application development, which requires compliance with the OWASP Application Security Verification Standards (ASVS). These frameworks ensure that every product feature is designed and implemented with security as the top priority, providing customers with solutions that meet the highest industry standards.