Enterprise Threat Protector (ETP) now includes the following enhancements:
Integration of Nominum Data: Enterprise Threat Protector now benefits from threat data generated by Nominum, the carrier DNS-based security and services innovation leader that was recently acquired by Akamai. Nominum’s carrier-grade DNS software currently resolves over 1.7 trillion daily DNS requests for carriers worldwide. The addition of this data allows ETP to identify more threats in an enterprise network.
On the first day of this release, you will see an increased number of offline events as this additional intelligence is expected to discover more events from the last 7 days.
DNS Exfiltration Security List: ETP now offers a DNS Exfiltration Security List and a new DNS Exfiltration category for custom lists. The DNS Exfiltration Security List identifies domains that serve as a communication channel over DNS and may be used to steal sensitive data or allow malware to communicate outside the network.
This data was previously part of the Command and Control (C&C) Security List. By default, the new DNS Exfiltration list uses the same policy action as the C&C Security List as long as the C&C list does not use the Block – Error Page or the Block – Sinkhole policy action. The Block – Error Page and the Block – Sinkhole actions do not prevent DNS exfiltration because a malicious communication channel can be created when domains are resolved to a custom error page, sinkhole, or Enterprise Security Connector. As a result, if these actions are configured for the C&C list, the new DNS Exfiltration list is assigned the Block – DNS action.
With this release we are enforcing access and permissions on recurring reports in the Billing Center. Going forward, when a user creates a new recurring report via the Billing Center API V2, every time the report runs, there will be a check to see if the creator still has access to the contracts or Reporting Groups on the report. If the creator loses access to one or more contracts/Reporting Groups on the report, it will be automatically suspended for all users. The report creator will receive an email notification of this suspension similar to this: “Your recurring report entitled: prefetching migration demo has been automatically suspended by Akamai.”. The user can then edit the report in the Billing Center, to update the report and reschedule it.
This change ensures continued security and better adherence to the access rules on the account. This release does not affect the existing recurring reports on the Billing Center.
With this release we are enforcing access and permissions on recurring reports in the Billing Center. Going forward, when a user creates a new recurring report via the Billing Center API V2, every time the report runs, there will be a check to see if the creator still has access to the contracts and/or Reporting Groups on the report. If the creator loses access to one or more contracts/Reporting Groups on the report, it will be automatically suspended for all users. The report creator will receive an email notification of this suspension similar to this: “Your recurring report entitled: prefetching migration demo has been automatically suspended by Akamai.”. The user can then edit the report in the Billing Center, in order to update the report and reschedule it.
This change ensures continued security and better adherence to the access rules on the account. This release does not affect existing recurring reports on the Billing Center.
Enterprise Threat Protector (ETP) now includes the following enhancements:
New sections for General policy settings. General policy settings are now organized into sections:
* The new Browsing Restrictions section contains SafeSearch and YouTube settings.
* The new Other Settings section contains the CDN Optimization switch.
Update to YouTube Restricted Mode Settings. To enable YouTube Restricted Mode, an ETP administrator no longer needs to enable SafeSearch. A YouTube drop-down menu is now available in the new Browsing Restrictions section of the general policy settings. Administrators can choose from Unrestricted, Moderate, or Strict modes. By default, YouTube is set to Unrestricted mode.
Block – DNS policy action now available for an Akamai Security List. Administrators can choose the Block – DNS policy for an Akamai Security List. In the last release, this action was not available for Akamai Security Lists.
Roaming location replaced with new Unidentified IPs location. Like the roaming location, the new Unidentified IPs location applies to users who are remote or make DNS requests from unexpected IP addresses or locations that are not already configured in ETP. This location is available in ETP by default. A switch is also available on the Locations page where administrators can choose to allow or block traffic from Unidentified IP addresses.
New Location IP Address/CIDR requirements. When configuring a location, the following now applies:
The bit prefix for an IPv4 address must be between 24 and 32.
The bit prefix for an IPv6 address must be between 120 and 128.
A location cannot use an IP address that is claimed or used by another organization.
A location cannot use an IP address that is configured for another ETP location in your network.
Various reporting user interface updates:
* In addition to the selected date range or applied filters, events are organized by the dimension a report viewer selects. For example, if the domain dimension is selected, events are grouped by domain.
* A new Top 6 area lists the Top 6 values for the selected dimension. This data is also shown in a graph.
* Event details and Indicators of Compromise (IOC) details are now accessible in a separate window when a user selects to view more event or domain information.
* If your organization uses Enterprise Security Connector, Security Connector events are now available on the Security Connector tab of the Activity page (Monitoring > Activity).
* The Threat Analysis page is now called Event Analysis (Monitoring > Events).
Enterprise Threat Protector Guest Wi-Fi now available. Enterprise Threat Protector (ETP) Guest Wi-Fi is a cloud-based solution that organizations can use to specifically configure, apply, and monitor an Acceptable Use Policy (AUP) for a guest wi-fi network.
The Edge Hostname Editor is getting an updated user experience that combines secure and non-secure edge hostname listings. This release does not introduce any other new functionality.
The new user experience will be introduced to all customers over the new few weeks, starting on April 26. Go to Configure > EdgeHostnames to access the new Edge Hostname Editor. The former Edge Hostname Editor will also remain available at Configure > Tools > Edge Hostnames (or Secure Delivery Edge Hostnames).
In the upcoming months, we will be improving the user experience further with a focus on self-serviceability, including:
* The ability to create, edit and delete secure edge hostnames.
* Integrated Property Manager and Certificate Provisioning System user experience.
* Improved safety checks.
* Improved support for Edge IP Binding and Custom Maps.
* The ability to open HAPI.
This service pack release includes a new feature and a bug fix:
* New Feature:
** Content Targeting - Protection for Adaptive Media Delivery is available as a self-serviceable behavior for customers with it added to their contract. It can be applied to an AMD configuration via the Property Manager in Luna.
* Bug Fix:
** Authentication requests to Google Cloud Platform and Amazon Web Services were failing if either Token Auth or Media Encryption was enabled. This fix addresses this issue.