Zenarmor 1.18 has arrived, and it is one of the most feature-packed releases yet! In this release, we are one step closer to achieving our goal of delivering a truly remarkable Secure Access Service Edge (SASE) product to help address the security concerns of an ever-expanding hyper-distributed, remote workforce making use of our industry-first Plug & Secure Anywhere approach to network security.
To achieve this, Zenarmor 1.18 has become more organization-focused and user-centric with the ability to create central organization-based security policies not just around device categories or networks but also around the users and groups assigned to these devices. To achieve this, we have introduced new Identity & Access Management (I&AM) and Single Sign-On (SSO) capabilities and an all-new organization dashboard giving you complete control and visibility of your gateway and endpoint deployments.
Speaking of endpoint deployments, as of this release, you will now be able to deploy Zenarmor natively on Microsoft Windows devices, affording you additional deployment possibilities. Users can now benefit from Zenarmor’s great protection locally on their Windows endpoint, regardless of which network they are connected to, true on-the-go security without being tethered to a VPN, more to come on this shortly.
So without further ado, let's jump straight into the details.
All-New Organization Dashboard and Reporting
A truly great SASE product is nothing without a single, fully integrated, and intuitive dashboard. As of Zenarmor 1.18, for all subscribers with an SSE license and above, you will now be able to enroll your organization into Zenconsole to make use of this dashboard. The organization dashboard offers a birds-eye view of your global organization deployment. This dashboard has been designed to give you a high-level overview of your gateway and endpoint deployments, as well as the ability to use it to identify any immediate high-level threats that may be actively impacting a specific gateway, endpoint, or region, allowing you to act quickly to investigate the potential threat further.
In addition to this high-level network visibility, we have further enhanced our built-in reporting functionality to be more user-centric, meaning you will be able to view reports around specific users and user groups and not just devices as seen in previous releases.
Because this release allows for multiple gateway and endpoint deployments within a single organization, we have included a means for all gateways and endpoints, regardless of their location, to stream reporting data back to Zenconsole, where a consolidated organization-wide report is made available, including all the great filtering capabilities you should already be accustomed to, giving you complete visibility of your network and users regardless of how distributed your organization may be.
If you are an MSP/MSSP the new organization dashboard delivers enhanced multi-tenancy capabilities where you can enroll multiple organizations under one account and manage each organization on an individual basis through Zenconsole. You also have the ability to invite administrators from each organization, respectively, and provide them with roles that define the level of control they have over the organization.
Figure 1: Organization selection menu
While we understand that our latest SSE subscription, which includes TLS inspection, CASB, and now our new organization dashboard, may not be for everyone, rest assured that for those on Business, Home, and Free subscriptions, your Zenconsole experience will remain unchanged. We do, however, encourage you to reach out and try our SSE subscription; we have a lot to offer.
Figure 2: The Organization Dashboard
Enhanced Identity & Access Management Capabilities
Exploring the new organization dashboard further, we have included a new settings menu that allows you to not only manage basic organization settings, like users and groups, but also includes our latest Identity & Access Management capabilities. As mentioned before, this release is all about creating security policies around signed-in users and their groups, and to make this possible, we have included the following new authentication methods:
- Built-In Authentication: This is a basic user/password-based authentication built into Zenconsole and is ideal for smaller organizations that don't make use of identity providers like Azure Entra ID, Okta, and Google Cloud Identity, etc.
- Generic SAML 2.0: This is for bigger organizations that make use of Azure Entra ID and other SAML 2.0 capable identity providers. Right now we only support Entra ID, Okta, and Google providers; however, more customizable options will follow in future releases.
- Google Cloud Identity: For organizations that make use of the Google Workspace ecosystem, Zenarmor 1.18 is fully integrated with Google and allows for not only the authentication of users but also the importing of users and groups into Zenconsole. SCIM and LDAP functionality will be implemented for other providers in a future release.
Using one of the above authentication methods, you can easily enforce network control based on users and groups. As of this release, you can enforce SSO before a user accesses the network either through a browser-based, agentless authentication process initiated by your gateways or if you are using the native Windows Zenarmor application, users will need to sign in to the application before accessing the network.
Both of these enforcement mechanisms can be used simultaneously across endpoints and gateways, giving you the ultimate control over your organization's users and groups.
Figure 3: Identity & Access Management Settings
Figure 4: Generic SAML 2.0 settings configured using Azure Entra ID as the IdP.
Organization-based policies for Gateways and Endpoints
Now that we have covered the new organization dashboard as well as Zenarmor's latest user authentication capabilities, it only makes sense to introduce Zenarmor's latest organization-based policies.
In order to accommodate Zenarmor’s latest Windows endpoint application as well as our user-focused enforcement approach, some slight changes needed to be made to how we create policies in Zenconsole. All policies are now created at an organizational level and not at a gateway level, as seen in previous releases. These organization policies can then be applied to either all gateways or all endpoints, or select gateways or select endpoints, or all gateways and all endpoints combined. That was a mouthful, however, I am sure by now that you can tell you have a lot of flexibility as to how you deploy your policies.
You will also notice in this release some slight UI changes in the policy menu with an added focus on creating policies around users and groups, additional filtering capabilities, etc., however, rest assured all the previous matching criteria are still available.
Figure 5: Organization policy creation menu.
Figure 6: New policy configuration menu.
Deploying Zenarmor on Windows Endpoints
Dashboards, SSO, and policies aside, we have saved the best new capability of this release for last, the all-new Windows native Zenarmor application! We have taken all the greatness of the Zenarmor engine and ported it to run on Windows.
This means that you now have the ability to carry the Zenarmor engine and the great security we offer on your Windows laptop. Regardless of the network you are connected to, you will be secured because the Zenarmor engine performs all inspection locally on the Windows endpoint, which also means you no longer have to backhaul all your traffic via a VPN to have an on-prem Zenarmor gateway inspect your network traffic.
In some cases, you may choose not to deploy Zenarmor on a perimeter gateway considering that all inspection and control is now available on your endpoints, which opens additional deployment options that were never possible with previous releases of Zenarmor.
So you may be asking, How do you control Windows endpoint deployments? All configurations are done via your Zenconsole organization dashboard, and policies are automatically pushed to all targeted endpoints. Reporting data is streamed back from each endpoint to Zenconsole. It's really as simple as that.
As part of our Plug and Secure approach to SASE and how we intend to secure distributed and remote workforces, Zenarmor’s Window application is a major step forward in bringing the network edge closer than ever before to endpoints without the shortcomings often associated with cloud-only SASE solutions, such as additional latency, PoP outages, and other unnecessary complexities that degrade the overall user experience.
If you are a Mac user and feeling left out, don't worry, a native Zenarmor application for MacOS is coming soon, we are just ironing out the bugs.
Figure 7: Zenarmor Native Windows Application running on Windows 11 Pro.
Wrapping things up.
We have been working really hard behind the scenes to bring you this latest major release of Zenarmor 1.18, and we truly hope that you enjoy using it as much as we enjoyed creating it. We appreciate every single one of you that have supported us and helped us get to this point in our long development journey.
If you would like to see a full list of all the additions, changes, and bug fixes, please feel free to have a look at our release notes.
We encourage you to follow us on social media and keep an eye on your mail as we have some exciting new additions planned for our next release, including Zero-Trust Network Access (ZTNA) as a VPN replacement and MacOS support, to name a few.
We wish you all the best!
