Ivanti upgrades Connect Secure with hardened system and gateway improvements

Ivanti released Ivanti Connect Secure (ICS) version 25.X. The update includes a modernized enterprise-grade OS, platform hardening, and gateway enhancements designed to reduce vulnerabilities, shrink attack surfaces, and improve resilience.

Enterprise security is central to Connect Secure 25.X. Many legacy software components have been rearchitected with security in mind. These enhancements include a secure web server and Web Application Firewall (WAF), Secure Boot protection, disk encryption, key management, and secure factory reset, to name a few. These features help to secure key aspects of the system, deterring external threats.

Connect Secure 25.X utilizes an enterprise-grade Oracle Linux (OL) operating system along with an updated kernel and refreshed tech stack that lays a foundation to deliver scalability and enterprise-grade performance in cloud, virtual and hardware form factors.

One of the most impactful security advancements is the hardening of the system using strong Security-Enhanced Linux (SELinux) enforcement, which can limit a threat actor’s abilities within the system. Together, these features deliver comprehensive, layered security designed to meet the evolving needs of today’s enterprise environments.

“In the past year, we’ve significantly advanced our Secure by Design strategy—translating our commitment into real action through substantial investments and an expanded security team dedicated to accelerating our initiatives and upholding industry-leading best practices,” said Mike Riemer, Ivanti’s SVP of Network Security Group (NSG) and Field CISO.

“This release stands as tangible evidence of our commitment. We listened to our customers, invested in both technology and talent, and modernized the security of Ivanti Connect Secure to provide the resilience and peace of mind our customers expect and deserve,” Riemer continued.

Ivanti Connect Secure product enhancements

Enable a modernized experience with a new operating system

• Stability and scalability: The new operating system and its tech stack offer stability and scalability across large deployments, ideal for demanding enterprise environments.
• Future-ready: Ongoing compatibility with the latest operating systems and third-party features and updates means customers’ systems stay supported.

Elevate customers security posture with hardening enhancements

• Strong enforcement: Connect Secure runs SELinux in “enforcing mode” by default, ensuring that critical system processes are continuously monitored and protected.
• Attack surface reduction: Connect Secure’s hardening enhancements ensure that the system remains locked down in the face of an active attack, thereby limiting the “blast radius” of such threats.
• Data protection: Built-in encryption safeguards help prevent data leaks and keep sensitive information secure.

Ensure uncompromised performance with gateway enhancements

• Faster, safer, smarter: The enhanced gateway provides protection against vulnerabilities while maintaining speed and high performance, ensuring that advanced security features do not come at the expense of system performance.

At the core of Ivanti’s development philosophy is its Secure Software Development Life Cycle (SSDLC), enabling the seven key elements of Secure Software Design: Security as Code (SaC), Secure by Default, Least Privilege, Separation of Duties (SoD), Minimize Attack Surface Area (ASA), Complete Mediation, and Failing Securely.

Additionally, Ivanti also follows their own strict Secure Application Development Standard, which mandates compliance with the OWASP Application Security Verification Standards (ASVS). Together, these frameworks ensure that every product feature is designed and implemented with security as a primary consideration, providing customers with solutions that meet the highest industry benchmarks.