New Features Update
December 2024 Feature Update
2min
we closed out 2024 with a host of new features that are designed to enhance our customer's ability to better leverage their nile access service and built in nile trust service security capabilities we’ve also ensured that many of these capabilities are automatically enabled, without the need for exhaustive software upgrades the goal is to provide better, more easily recognizable outcomes, such as security capabilities that are built in to better secure your data, endpoints, and users and troubleshooting features that are easy to use and greatly reduce manual interaction and cost of operations compared to legacy solutions for example, the dfs capability below is completely automated it is with pleasure that i announce the availability of zscaler sse integration it’s a big step forward as customers adopt a universal zero trust strategy that unifies the enforcement of policies for devices connecting remotely or when at corporate, branch, and affiliated sites we automatically identify the location of the zscaler instance, and tunnel traffic as part of our integration capability it’s a big differentiation compared to other vendors that reduce costs the remaining features highlight our ability to deliver on efficiency and ease of use objectives and customer’s needs video highlights > click here category feature/capability outcome (benefits) 1 trust service premium integration with zscaler sse that allows the forwarding of specified nile segments to the zscaler cloud https //nilesecure com/wp content/uploads/2024/12/zscaler nile solution brief v2 pdf · simple integration that leverages existing wan links · takes advantage of nile’s native segment of one device isolation · unifies remote and on prem policy enforcement without add on appliances it can easily apply uniform security policies across remote and on premises users for example, quickly apply a policy to forward all internet bound traffic from the employee segment to zscaler across the customer’s nsb instances the sse connectivity as a service is fully automated based on intent and is designed for resiliency 2 trust service core iot devices that do not support 802 1x can now use nile’s unique psk (upsk) capability https //docs nilesecure com/upsk and self registration#wjf5u includes the ability to revoke access should the key be compromised upsk is more secure than psk because each device is assigned its own unique key, preventing a single compromised credential from exposing the entire network it can now securely onboard iot devices (without radius support) using unique passphrases for connecting them to the internet 3 trust service core auth source support added for sso/802 1x and mac clients we also show the status details https //docs nilesecure com/single sign on sso#w24 5 some examples are “so session expired”, “sso initiated”, “admin enforced sso re authentication”, “sso user deactivated”, “sso pending”, “sso denied”, “sso approved”, “802 1x approved or denied” an alert is also sent to the siem (if available) it can now quickly see information regarding authentication sources for any sso/802 1x/mac end users to understand details about the status of the user to quickly resolve authentication issues 4 trust service core we’ve enhanced support for silent/passive devices that do not initiate any traffic unless solicited https //docs nilesecure com/passive device management and handling wired these devices are not detectable upon their first ever connection to the nile service as their mac and ip address cannot be learned for onboarding we can discover these devices automatically this capability is automatically available once nile software has been upgraded it can now quickly detect, approve and/or deny access for silent/passive devices, such as an iot device that uses a static ip and remains passive unless solicited this enhanced utility also runs a passive device discovery across the network, making migration to a nile service a smooth transition for these devices 5 trust service core this feature avoids showing rouge access point alerts in a one off situation when dealing with endpoints that may exhibit a behavior on the wired connection that matches one of the signatures of a potential wired rogue access point this is an enhancement to the existing wids wired rogue ap detection logic https //docs nilesecure com/widswips the capability automatically upgrades your security once nile software has been upgraded this reduces false positives and unnecessary rouge access point alerts due to wired endpoints matching the signature of a rouge access point 6 access service wireless devices that are not dfs capable will be detected and channel planner will influence channel allocations https //docs nilesecure com/channel planner rf optimization to aps that are a mix of dfs and non dfs channels this capability automatically enhances the performance of your network once nile software has been upgraded automatically improves the performance of non dfs device with a new device capability based smart dfs channel allocation can now handle situations where non dfs devices struggled to find a good ap to connect to in the past 7 access service setup as part of the nile service setup customers can now enter the exact address of sites https //docs nilesecure com/setup service areas#ffogy previously, if the address did not match an automated verification performed by nile there were issues this capability overrides the automated verification allow customers to easily enter their site/building address in the event the address cannot be automatically found by nile saves time and ensures all deployment locations(addresses) are accurate for time zone issues, shipping, and other requirements 8 access service visibility we continue to increase visibility and control capabilities to better display network behavior associated with end user devices to debug and troubleshoot ap details are now via the customer control center porta https //docs nilesecure com/access point details#y bnp l some examples are 1) tool tip on ap maps shows the ap name, serial number, status of ap, and channel band and utilization (per band) 2) location of nile ethernet device and port on which the ap is connected 3) ethernet uplink speed 4) maps are updated to reflect the selected time chosen in the “events & status” section it now has better data needed to troubleshoot end device connectivity issues for example by quickly seeing ap details, the port that the ap is connected and ethernet link speed you can quickly rule out basic connectivity issues 9 access service visibility we now show the signal strength of an ap over a period from our coverage graph https //docs nilesecure com/nile slas#iz1tt it teams can now quickly root cause any service issues related to coverage instead of relying on clients which may not always connect with the service, nile uses its sensors to measure and report the coverage 10 access service visibility show the reason for wireless client disconnects https //docs nilesecure com/wireless client connection history logs such as “eap reject” vs “eap timeout” when 802 1x authentication is used the information quickly shows the reason why a wireless client may be having disconnect issues for faster root cause analysis this saves time because detailed information is shown compared to a basic eap authentication failure message without any reason 11 access service alerts alert content https //docs nilesecure com/configure email notifications now includes a prominently displayed "for more information" link this will direct admins to a dedicated troubleshooting page with relevant details and steps to help resolve an issue quickly help it resolve issues by linking to troubleshooting guides and other useful information, without the need to find information by searching online 12 access service alerts trigger only one alert for internet down condition https //docs nilesecure com/customer infrastructure alerts#usifp as opposed to sending alerts for all affected devices such as switches, access points and sensors reduced alert noise during internet or power or nsb down situations 13 access service integration a simple user interface that enables quick integration between snowflake and nile https //docs nilesecure com/snowflake integration guide so that it can send end user device events, alerts, and audit events to snowflake the use of endpoint device events from nile shared with snowflake allows for better analytics, actionable insights, and reporting for customers to build and retain on their end 14 nile ai agent support customers receive quick answers and solutions from an ai support agent they can view their support tickets in the same view as their support chats, review their chats and ticket history without navigating away from nile portal instant resolution of queries about features and configuration settings or process with streamlined and intuitive chat experience customer will still have the ability to open tickets via email to support\@nilesecure com