Client Connector version 2.0.5 is now available

If you previously installed version 2.0.4 on end-user machines, you can upgrade Client Connector to version 2.0.5 or allow end users to upgrade the software. This new version of Client Connector is also available for download in Enterprise Threat Protector.

Version 2.0.5 includes:

New diagnostic tool. In the advanced Client Connector settings, end users can run the diagnostic tool to create a file that’s used by Akamai Support for troubleshooting purposes. The compressed or archive file contains logs, details of DNS queries, system configuration information, and network connection data. An IT administrator provides this file to Akamai Support when there’s an issue with Client Connector.
Minor bug fixes. This update resolves minor bugs in Client Connector version 2.0.4.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

New CSV files available for locations. On the Locations page, an administrator can now download a CSV file that lists all locations. An administrator can also now delete many locations in one operation by uploading a CSV that contains the locations they want to delete.

Custom list assignment for delegated and strict delegated administrators. A super administrator can now assign custom lists to a delegated administrator or a strict delegated administrator.

A delegated administrator can:

• create new custom lists
• manage the custom lists that are assigned to them
• associate these custom lists to a policy that they created or are allowed to manage

A strict delegated administrator can perform these operations as well. However, they cannot view the custom lists that they do not have permission to manage.

New user interface for scheduled reports. Administrators can now more easily create and manage settings associated with scheduled reports.

Dynamic DNS for locations (limited availability). Location page now indicates when the dynamic DNS domain associated with a location configuration is invalid or does not resolve to a valid IP address. If an administrator or ETP user is configured to receive communication emails about system issues, an administrator receives an email that lists locations with invalid DNS entries. An administrator can also generate a CSV that shows locations with these errors.

This feature continues to be in limited availability. For more information, contact your Akamai representative.

Enterprise Threat Protector (ETP) now includes these features and enhancements:

Update to custom lists in a policy. All custom and top-level domains lists are no longer included in a policy configuration by default. Administrators can now assign individual lists to a policy.

New user interface for Custom Lists. A new user interface is available on the Custom Lists page (Configuration > Lists). In the new design, administrators can now associate domains and IP addresses to a custom list when creating the list. Likewise, administrators can now add top-level domains when creating a top-level domains list.

Strict delegated access. When enabled for an organization, an ETP super administrator can assign a strict delegated administrator role and the locations and policies the delegated administrator is allowed to manage. A delegated administrator with restricted access can:

• create locations and policies
• manage assigned location and policies
• view events and other reporting data based on the locations and policies they can access

A strict delegated administrator cannot view locations and policies they did not create. They also cannot view other configuration areas of the product such as the Utilities page.

Support for dynamic DNS in limited availability. Dynamic DNS for a location configuration is now in limited availability. When enabled for an organization, an administrator can configure a location with a persistent DNS hostname that resolves to dynamic IP addresses. To enable this feature, contact your Akamai representative.

Enterprise Threat Protector now protects your network from threats that target HTTP and HTTPS traffic

These features are available:

• ETP Proxy. Proxy server that intercepts suspicious HTTP and HTTPS traffic, examines the full URL in a request, and determines which websites are safe for end users to access. You can enable this feature in a policy configuration (Configuration > Policies). When ETP Proxy is enabled, you can select an action for risky domains and file sharing domains. Risky domains are domains that may be a threat because they are newly registered or discovered. File sharing domains are domains for file sharing applications or services.

• URL-based Threat Intelligence. ETP Proxy inspects the URL and, based on the policy configuration, blocks traffic that’s known to be a security threat. ETP can block traffic to a specific URL without blocking the entire domain. A new Classify policy action is also available for custom lists, risky domains, and file sharing domains. When a threat is detected, the Classify action assigns the corresponding policy action in the Akamai Security tab.

• HTTPS Traffic Analysis. ETP Proxy requires that you create an Akamai certificate or generate a certificate signing request that’s signed by your organization’s certificate authority (CA). These certificates function as TLS certificates for the ETP proxy to intercept suspicious traffic. If you are creating an Akamai certificate, you must install the root certificate on end-user machines. The certificate feature is available on the Utilities page (Configuration > Utilities > Certificates).

• Inline Payload Analysis. Feature offered with ETP Advanced Threat that enables ETP Proxy to scan downloadable content on a risky website or in a file sharing application. Multiple static analysis engines are used to scan documents and executables for zero-day threats and other attacks that are typically undetected by antivirus engines.

• New Reporting pages. New pages are available for reviewing ETP Proxy activity (Monitoring > Activity > Proxy) and network traffic that’s directed to ETP (Monitoring > Activity > Network Traffic).

• New Acceptable Use Policy (AUP). New categories and detailed subcategories are available in a policy configuration for administrators to control access to websites or specific website content.

Client Connector version 2.0.4 is now in beta and available for download. This version of Client Connector protects end-user machines that are on or off the corporate network.

If your organization previously installed version 1.3.1, you can upgrade to 2.0.4. To download and test 2.0.4:

1. In the Enterprise Threat Protector (ETP) navigation menu, select Configuration > Utilities.
2. Click the Client Connector tab.
3. From the Versions Management tab, hover over Client Connector version 2.0.4 for a Windows or Mac operating system and click the download icon.

After testing and approving the connector, an administrator can choose to force an upgrade on end-user machines or allow end users to initiate an upgrade. For more information, see the ETP online help or the Enterprise Threat Protector Client Connector Configuration Guide.

In a policy configuration, new categories and detailed subcategories are available for ETP administrators to control the websites and content that end users can access in the corporate network.

ETP now includes a new and improved user interface when configuring or modifying a location or policy. On the Locations or Policies pages, administrators can also now search for locations or policies.

Client Connector area of the Utilities page now includes a new Reports subtab that contains more data about Client Connectors. In addition to pie charts that show errors and installed Client Connectors, a table is now available to show device information, software version, and the current status of installed Client Connectors. Administrators can also filter this data based on time, such as the most current data or data that was reported in the last day or month.

ETP super administrators can now assign the delegated administrator role to ETP users. When enabled for your organization, this feature is available from the Delegated Access tab on the Utilities page (Configuration > Utilities). To enable this feature, contact your Akamai representative.

ETP super administrators can now assign specific locations to alert notification recipients. This allows administrators to define the locations that these recipients can receive information about. When enabled, this feature is available from the Communication tab of the Utilities page (Configuration > Utilities). To enable this feature, contact your Akamai representative.

When ETP Proxy is enabled, you can select to allow or examine risky domains and file sharing domains. Risky domains are domains that may be a threat because they are newly registered or discovered. File sharing domains are domains of file sharing applications or services. You can select to Allow or Classify traffic to these domains.

The Classify action examines the full URL of a request. If a threat is discovered, a corresponding threat category is assigned to the URL. You can assign the Classify action to custom lists, risky domains, and file sharing domains.

ETP Proxy requires that you create an Akamai certificate or generate a certificate signing request to submit a subordinate certificate that’s signed by your organization’s certificate authority (CA). These certificates function as TLS certificates for the ETP proxy to intercept suspicious traffic. ETP now allows you to generate and submit certificates in binary (.der) format.

If ETP Proxy is enabled, administrators can select different logging levels to define some of the data that’s reported for HTTP or HTTPS traffic in ETP. This setting is available in a policy configuration. The default logging mode provides details that’s most helpful for investigating events.

ETP now includes a delegated administrator role. After this role is assigned to a user in Luna Control Center, an ETP super administrator can grant a delegated administrator access to specific locations and policies, allowing the delegated administrator to manage assigned locations and policies.

A delegated administrator can:  

• Add new locations and policies
• Deploy configuration changes that they applied or were applied to the locations and policies they manage
• View settings associated with most configuration features in ETP, such as custom lists and quick lists
• Schedule a report. Report results show data based on locations a delegated administrator can access
• View and analyze event and activity data based on assigned locations
• Download Client Connector and view reporting data that’s associated with Client Connector installations
• Grant or revoke Akamai Support Access

An ETP super administrator can assign a delegated administrator access to locations or policies on the new Delegated Access tab of the Utilities page (Configuration > Utilities). This tab is available to ETP super administrators only.

A new deploy window is available for configuration changes that are pending deployment. Prior to this release, there were different deployment options for custom lists, quick lists, policies, and locations. In this release, a Pending Changes tab is available on the right side of the configuration pages. ETP administrators click this tab to view all submitted configuration changes that are not yet deployed to the ETP network. Administrators can select specific changes they want to deploy or they can deploy all changes. Information about changes is also listed, such as what changed and who made the change.  The Pending Changes window also offers:

• A revert option to undo or delete a pending change. Any change that is reverted returns a configuration to its last deployed state.
• When deploying a change, administrators can comment on the changes they are deploying. These comments appear in the new Deployment History tab on the Utilities page.

ETP now allows super administrators to rotate a Client Connector entitlement code in case the original entitlement code is compromised. If alerts are detected within a five minute period of sending out an alert notification, users are now notified about these additional alerts after the five minutes. Prior to this release, users were not notified about the alerts that occurred during this period.  The ETP reporting pages include the following improvements:

• Filter Editor now appears at the top of page when a user scrolls past it. This ensures that Filter settings are always accessible to users who are analyzing data on the Event Analysis and Activity pages.
• Report viewers can filter data based on whether there is a correlation between security connector events and threat events.
• A menu with convenient options is available from certain fields on the Event Details window. For example, if a user clicks a Resolved IP address,  a menu appears with actions for this data such as adding the IP address to the Include filter.
• New Detection Method dimension is available to show events that were detected at the time of access (inline) or were discovered later in log data based on behavior (lookback).

• Access prohibited message:
  When an end user attempts to access a malicious or suspicious domain that is directed to the security connector, a Website Access is Prohibited message now appears.  
• Factory reset option removed from Web Console:
  A factory reset option is no longer available in the Web Console. This option is also not supported on Security Connector version 1.1.0 or 2.1.0.

To upgrade to Security Connector version 2.2.0, click the upgrade icon that is associated with the security connector (Utilities > Security Connector) in Enterprise Threat Protector (ETP). If you upgrade from version 2.0.0 and ETP indicates that the security connector was only upgraded to version 2.1.0, click the upgrade icon again to automatically install version 2.2.0.

Enterprise Threat Protector (ETP) now includes the following updates:

Enterprise Client Connector version 1.3.1 is now in beta and available for download. This version of Client Connector includes the following:

• Protection on or off the corporate network: Regardless of network conditions, Client Connector protects end user machines that are on or off the corporate network.
• Auto Upgrade: Client Connector now supports automatic upgrade. In ETP, administrators can choose to force an upgrade on end user machines or allow end users to initiate an upgrade when it’s available.
• Optimized Internet routing: Client Connector sends requests to the ETP DNS servers in the closest geographical region. As a result, ETP returns the IP address of the origin server that is in proximity to the client connector, allowing Client Connector to connect to local websites through the best-performing path.
• Support for split DNS and split VPN network topologies: Client Connector now supports complex network topologies, including a split DNS or split VPN topology.
• Improved Client Connector user interface: The client connector user interface has been redesigned. In addition to improving the overall appearance of the client connector, an icon now allows end users to access the application from a Windows toolbar or Mac menu bar.
• Installation and Error Reports: Reports are now available on the Client Connector tab of the Utilities page (Configuration > Utilities) where the client connector software is downloaded in ETP. Administrators now see the total number of deployed client connectors and any detected errors. A CSV report is also available for download that contains additional information about deployed client connectors, including the overall status.
• Network configuration of internal IP addresses and DNS suffixes: When configuring Client Connector, administrators can also provide internal IP addresses and the DNS suffixes of domains that end users can access while they are protected by Client Connector. Options are available for administrators to add the IP address ranges or blocks that are reserved on the Internet for private or internal networks as defined by RFC 1918 and RFC 4193. The new Network Configuration tab is available on the Utilities page and accessible from the Configuration area of the Client Connector tab.

Advertisement domains removed from Privacy category of Acceptable Use Policy (AUP) To resolve an issue with custom Error pages in Enterprise Threat Protector, advertisement domains were removed from the Privacy category of the AUP. If the Privacy AUP category is blocked in a policy, this change reduces or eliminates the number of alerts that are based on this category.

This change is a temporary solution. Akamai plans to improve AUP services and eventually restore domains in the Privacy category. If you have any questions or concerns, please contact technical support.

Enterprise Threat Protector (ETP) now includes the following enhancements:

• Custom Sinkhole is now Custom Response: A custom sinkhole is now called a custom response. This feature is accessible from the new Custom Responses tab of the Utilities page (Configuration > Utilities). Administrators no longer configure this feature on the Enterprise Security Connector tab.

• New Custom – Response policy action: A Custom – Response action is now available for custom responses. This policy action blocks malicious or suspicious requests and directs the request to the IP address of the custom response device that’s associated with the policy. When configuring a policy, administrators can select this policy action, assign a custom response, and if necessary, manage custom responses. The Block – Sinkhole policy action now exclusively redirects traffic to Enterprise Security Connector.

• Scheduled report improvements: The user interface for configuring a scheduled report is now improved. Administrators can select to enable or disable individual scheduled reports, identify the administrators who created or modified the report, more easily add email addresses for report notifications, and configure the report output format. Scheduled reports are now available in HTML or text format.

• Alert notifications now available in text format: In addition to HTML format, alert notifications are now available in text format. When enabling email addresses for alert notifications, an ETP administrator can now select the format for all alert notification emails.

• Enhanced UI for Security Connector and threat event correlation: When viewing correlated Security Connector and threat events, separate windows are now provided with detailed information. For example, viewing a correlated threat event from the Security Connector tab of the Activity page (Monitoring > Activity) opens a window where threat information is provided. If you choose to view correlated Security Connector events from the Threat Events tab of the Event Analysis page, data about all associated Security Connector events is shown. In each of these windows, report viewers can also download event data to a CSV file.