Good morning all, as some of you are waking up today you will see this little nugget.
I like Ivanti Connect (Pulse was a better name), but I am fairly sure management will want us to start looking at other options. The software in the last 3 years seems to have taken a beaten in terms of active exploits. I have lost all faith in them and it’s time to rip that bandage
What would you all recommend for a VPN appliance, which can grant access like pulse did? (Open Source or Paid)
every manufacture you can think of had it in the past.
check the vendor time between finding issue until it is fixed is short as possible. as alternatives if you have the money i would implement zero trust solution like cloudflare, perimeter 81.
Today? They sent us a mail on the 10th, which is when we applied mitigations as instructed. They have a package you can use to scan your appliance for “rogue” files. I’d recommend doing that if you haven’t patched yet. As for your “other brand” question, I’d recommend searching any appliance you find with terms like: “CVE” , “RCE” and “Hacked”. You should find out pretty fast that they pretty much all get “pwned” in the end. If you didn’t receive a notification from Ivanti around the 10th, I’d look into that. (is your company / contact information up2date at Ivanti?). Good luck in your search! We’re keeping Ivanti for now. Though I know they knew around December 3rd, which I do consider important information.
A shame no one seems to have alternatives, and it depends on your use case.
There’s plenty of VPN alternatives, if all you’re looking for is a remote access solution for employees with company devices. If you want all the reverse proxy / resource rewriting functionality that’s more complicated.
Happy with Palo Alto Globalprotect VPN, speeds are good, management options are comprehensive. Client is reasonable, not too many helpdesk calls, sessions survive HA failover.
Any thoughts on people moving away from VPN toward cloud remote access security - like ZTNA+SASE+SDWAN and getting faster+secure internet?
What about this?
Why though? Every VPN vendor out there is experiencing Zero Days. Ivanti gave a 3 minute mitigation step and went public within two weeks of knowing the threat actor was on systems. You don’t get that from other vendors who wait months before going public with Zero Days at this caliber.
What other vendors have had as many Zero Days as Ivanti in the past year? No one that I’m aware of. I think we’re talking 4-5 in the past 12-14 months which is ridiculous.
It doesn’t help that Ivanti bought ICS as Pulse Secure, when a solution codebase changes hands, there’s always a little bit (sometimes a lot) of intelligence that gets lost in translation. No documentation is perfect.
Also, did they ever release an actual patch for CVE-2023-46805?