Additional threat information is now available in Enterprise Threat Protector (ETP)

ETP administrators and viewers can now:

• View the threat name associated with a threat event.
• Filter threat events by its name and severity level. A Threat Name and Severity dimension is now available for this purpose.
• Search by the threat name on the Indicator Search page. In the search results, this page shows:
  • A description that details how the threat spreads and impacts a network.
  • Other names for the threat
  • Severity level
  • Threat type. For example, if it’s a worm, trojan, malware, or another threat type.
  • External links to resources on the Internet with more information.
  • A graph that illustrates the number of events generated by the threat in the last 24 hours, 7 days, 30 days, and this month.

This feature is currently in beta.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

Security templates now available. An ETP administrator can now apply a security template or a preset template to a policy configuration. This allows administrators to implement best practices when configuring policy actions. It also gives administrators a starting point to defining a policy.

When creating or modifying a policy, you can select one of these templates:

• Strict. Contains settings that block known and most suspected threat categories. This template applies settings that are a best practice for a policy.
• Monitor-only. Logs and reports threats but it does not block them. The Monitor-only template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.
• Custom. Let’s you define policy actions for known and suspected threats.

A security template defines settings for threat categories in the Akamai Security tab only.

Updates to delegated and tenant access. A delegated administrator can now:

• Add email address for communication emails and assign communication emails. A delegated administrator can assign these users to any communication email.
• View Security Connector activity.

A tenant administrator can now:

• Add emails address for communication emails and configure these users to receive communication emails for alerts and system issues.
• Schedule a report.
• View and analyze DNS event data on the Dashboard, Event Analysis, and DNS activity pages.

The data in a scheduled report and on these reporting pages are based on the locations the tenant administrator can access.

Source IP now a dimension for DNS activity: On the DNS tab of the Activity page, you can now report the top source IP addresses that generated DNS requests. Source IP is now available as a dimension or data type in all DNS activity menus.

Client Connector version 2.1.0 now in beta.

With Client Connector 2.1.0, administrators can now configure Client Connector to roll back to the previous approved version. Administrators can also allow end users to uninstall Client Connector on Windows machines. To enable these features, new configuration settings are available in Enterprise Threat Protector (ETP):

• Roll Back Client Connector. When enabled and the previous Client Connector version is approved, this setting automatically rolls back a Client Connector upgrade. Rollback is available with Client Connector version 2.1.0. You cannot roll back to a version that is earlier than 2.1.0.

• Allow Uninstall on Windows. When enabled, end users on Windows machines can uninstall Client Connector. If this setting is disabled, the entitlement code is required to uninstall Client Connector.

Client Connector 2.1.0 also includes these updates:

New “Protected by local network” status. When these specific conditions apply, Client Connector now indicates that a machine is protected by the local network:

1. Client Connector cannot send DNS requests to ETP because outbound UDP port 53 is blocked in the company firewall.
2. The DNS resolver in the local network is configured to forward requests to ETP.

New names for configuration settings. New names are now available in ETP for Client Connector configuration settings. The Enable User Control setting is now called Allow Users to Disable Client Connector. The Enable ETP Client setting is now called Enable Client Connector.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

New Acceptable Use Policy (AUP) categories. New AUP categories are available for administrators to control access to content. These categories include:

• Finance & Investing. Category for websites that allow users to manage finances and investments.
• Healthcare. Category for websites related to human health.
• IP Telephony. Category for websites that allow users to make phone calls through the Internet.

Bypass action available for AUP. If ETP Proxy is enabled, you can now select the bypass action for each AUP category or subcategory. The bypass action directs traffic to the origin IP address. It also bypasses the ETP proxy and TLS decryption.

Tenant access now available. An ETP super administrator can now enable tenant access and assign the tenant administrator role. This feature can be used by Managed Service Providers (MSP) to restrict and separate access of individual customers. A tenant administrator can:

• create locations, policies, and custom lists
• manage assigned location, policies, and custom lists
• view events and other reporting data based on the locations they can access

A tenant administrator cannot view locations, policies, and custom lists they did not create. They also cannot view other configuration areas of ETP such as the Utilities page. In previous releases, this administrator was called a strict delegated administrator.

New policy settings tab. A Settings tab is now available when creating or modifying a policy. This tab contains settings for ETP Proxy, inline payload analysis, browsing restrictions, and more. On the policy configuration page, these settings were previously part of the right pane that includes the policy name, description, and assigned locations.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

New user interface for a policy. A new user interface is now available for a policy configuration. Administrators can now more easily assign a policy action and the response that’s delivered to users. These changes apply:

• For an Akamai security category and a list in a policy, separate menus are provided to assign an action, the response to users, and a security connector.
• If you select the Block action, you can then select the block type in the Response to User menu. In this menu, you can select Error Page, a specific custom response, or if ETP Proxy is disabled, you can also select Refused Response. These settings allow you to apply the actions that were formerly called Block – Error Page, Custom – Response, and Block – DNS.
• To assign a Security Connector, you select the Block action and the Error Page response. After this is done, you can select a security connector from the Security Connector menu. These settings allow you to apply the action that was formerly called Block – Sinkhole. If you don’t want to assign a Security Connector to an Error Page response, in the Security Connector menu, you can select None.
• The Allow policy action is now available for custom lists and top-level domain (TLD) lists only.
• You can apply the same policy settings to all known and suspected threats associated with an Akamai security category, a custom list, or a TLD list.

For more information about configuring a policy, see the online help.

Security Connector 2.5.0 now in beta. Security Connector version 2.5.0 is now in beta and available for upgrade or download. This version allows your organization to direct malicious HTTP and HTTPS requests to Security Connector. To try version 2.5.0, contact your Akamai representative.

Client Connector version 2.0.5 is now available

If you previously installed version 2.0.4 on end-user machines, you can upgrade Client Connector to version 2.0.5 or allow end users to upgrade the software. This new version of Client Connector is also available for download in Enterprise Threat Protector.

Version 2.0.5 includes:

New diagnostic tool. In the advanced Client Connector settings, end users can run the diagnostic tool to create a file that’s used by Akamai Support for troubleshooting purposes. The compressed or archive file contains logs, details of DNS queries, system configuration information, and network connection data. An IT administrator provides this file to Akamai Support when there’s an issue with Client Connector.
Minor bug fixes. This update resolves minor bugs in Client Connector version 2.0.4.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

New CSV files available for locations. On the Locations page, an administrator can now download a CSV file that lists all locations. An administrator can also now delete many locations in one operation by uploading a CSV that contains the locations they want to delete.

Custom list assignment for delegated and strict delegated administrators. A super administrator can now assign custom lists to a delegated administrator or a strict delegated administrator.

A delegated administrator can:

• create new custom lists
• manage the custom lists that are assigned to them
• associate these custom lists to a policy that they created or are allowed to manage

A strict delegated administrator can perform these operations as well. However, they cannot view the custom lists that they do not have permission to manage.

New user interface for scheduled reports. Administrators can now more easily create and manage settings associated with scheduled reports.

Dynamic DNS for locations (limited availability). Location page now indicates when the dynamic DNS domain associated with a location configuration is invalid or does not resolve to a valid IP address. If an administrator or ETP user is configured to receive communication emails about system issues, an administrator receives an email that lists locations with invalid DNS entries. An administrator can also generate a CSV that shows locations with these errors.

This feature continues to be in limited availability. For more information, contact your Akamai representative.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

Update to custom lists in a policy. All custom and top-level domains lists are no longer included in a policy configuration by default. Administrators can now assign individual lists to a policy.

New user interface for Custom Lists. A new user interface is available on the Custom Lists page (Configuration > Lists). In the new design, administrators can now associate domains and IP addresses to a custom list when creating the list. Likewise, administrators can now add top-level domains when creating a top-level domains list.

Strict delegated access. When enabled for an organization, an ETP super administrator can assign a strict delegated administrator role and the locations and policies the delegated administrator is allowed to manage. A delegated administrator with restricted access can:

• create locations and policies
• manage assigned location and policies
• view events and other reporting data based on the locations and policies they can access

A strict delegated administrator cannot view locations and policies they did not create. They also cannot view other configuration areas of the product such as the Utilities page.

Support for dynamic DNS in limited availability. Dynamic DNS for a location configuration is now in limited availability. When enabled for an organization, an administrator can configure a location with a persistent DNS hostname that resolves to dynamic IP addresses. To enable this feature, contact your Akamai representative.

Enterprise Threat Protector now protects your network from threats that target HTTP and HTTPS traffic

These features are available:

• ETP Proxy. Proxy server that intercepts suspicious HTTP and HTTPS traffic, examines the full URL in a request, and determines which websites are safe for end users to access. You can enable this feature in a policy configuration (Configuration > Policies). When ETP Proxy is enabled, you can select an action for risky domains and file sharing domains. Risky domains are domains that may be a threat because they are newly registered or discovered. File sharing domains are domains for file sharing applications or services.

• URL-based Threat Intelligence. ETP Proxy inspects the URL and, based on the policy configuration, blocks traffic that’s known to be a security threat. ETP can block traffic to a specific URL without blocking the entire domain. A new Classify policy action is also available for custom lists, risky domains, and file sharing domains. When a threat is detected, the Classify action assigns the corresponding policy action in the Akamai Security tab.

• HTTPS Traffic Analysis. ETP Proxy requires that you create an Akamai certificate or generate a certificate signing request that’s signed by your organization’s certificate authority (CA). These certificates function as TLS certificates for the ETP proxy to intercept suspicious traffic. If you are creating an Akamai certificate, you must install the root certificate on end-user machines. The certificate feature is available on the Utilities page (Configuration > Utilities > Certificates).

• Inline Payload Analysis. Feature offered with ETP Advanced Threat that enables ETP Proxy to scan downloadable content on a risky website or in a file sharing application. Multiple static analysis engines are used to scan documents and executables for zero-day threats and other attacks that are typically undetected by antivirus engines.

• New Reporting pages. New pages are available for reviewing ETP Proxy activity (Monitoring > Activity > Proxy) and network traffic that’s directed to ETP (Monitoring > Activity > Network Traffic).

• New Acceptable Use Policy (AUP). New categories and detailed subcategories are available in a policy configuration for administrators to control access to websites or specific website content.

Client Connector version 2.0.4 is now in beta and available for download. This version of Client Connector protects end-user machines that are on or off the corporate network.

If your organization previously installed version 1.3.1, you can upgrade to 2.0.4. To download and test 2.0.4:

1. In the Enterprise Threat Protector (ETP) navigation menu, select Configuration > Utilities.
2. Click the Client Connector tab.
3. From the Versions Management tab, hover over Client Connector version 2.0.4 for a Windows or Mac operating system and click the download icon.

After testing and approving the connector, an administrator can choose to force an upgrade on end-user machines or allow end users to initiate an upgrade. For more information, see the ETP online help or the Enterprise Threat Protector Client Connector Configuration Guide.