Security Connector 2.7.5 is now available and functions as an HTTP Forwarder (beta)

You can now configure Security Connector 2.7.5 as an in-network proxy that forwards web traffic to ETP Proxy. Depending on your network topology or requirements, you can set up HTTP Forwarder as an explicit or transparent proxy.

• Explicit proxy. Configuration where enterprise devices forward web traffic to HTTP Forwarder. This mode requires that you configure HTTP Forwarder as the proxy on user devices. You can create a proxy auto-configuration (PAC) file, or you can use your organization’s management tool to modify the device proxy settings.

• Transparent proxy. Configuration where the router is set to forward web traffic to HTTP Forwarder. An administrator uses policy-based routing rules on their organization’s router to do so. Unlike the explicit proxy, the transparent proxy does not require that you modify settings on user devices.

HTTP Forwarder is currently in beta. Security Connector 2.7.5 also includes a number of bug fixes to DNS Forwarder. These updates are available when you upgrade or deploy version 2.7.5.

EAA Client only - December 2021 Patch release

EAA Client Versions

• EAA Client for Windows: version 2.6.1
• EAA Client for macOS: version 2.6.1
• EAA Client mobile app for iOS: version 2.1.0
• EAA Client mobile app for Android: version 2.1.0

EAA Client Operating System Support.

The EAA Client 2.6.1 adds support to these operating systems: Microsoft Windows 11, Apple macOS 10.12 (Monterey). The EAA Client leverages Rosetta translation so a single binary can be used for both Intel-based and Apple M1-based devices.

Fixed customer bugs.

• EAA Client fixes silent install issues when used with ETP Client.
• EAA Client fetches the correct Carbon Black device ID with Carbon Black sensor version 3.7. on Windows.

Enterprise Threat Protector (ETP) now includes these updates:

• Legacy UI End of Life. The legacy ETP user interface has reached its end of life and is no longer supported. To use ETP, make sure you access Enterprise Center from the Control Center menu. ETP features are available from the Threat Protection menu in the Enterprise Center navigation.

• Local breakout for bypass domains. The Local Breakout for Bypass Domains policy setting directs domains that are configured for bypass from the branch or enterprise network to the origin. This option is enabled by default. Disable this setting if your network does not have a direct route Internet and cannot access the origin.

• Save and deploy your configurations. When configuring or modifying a policy, list, or location, you can now select the Save and Deploy option. This option automatically saves settings and deploys them to the ETP network. While this option allows you to easily deploy a configuration or update, an administrator can still use the Pending Changes list to deploy changes that are saved only.

• TLS 1.3 Support. ETP Proxy now supports TLS 1.3.

• Multi-tenancy. You can give your customers access to ETP without purchasing a separate product license. You can create a tenant for each customer and assign tenant administrators to it. A tenant administrator can create and manage ETP components within their tenant, such as policies, lists, locations, certificates, ETP Clients, and more.

  As a super administrator, you can now:

  • Select the policy that you want copied and applied to the Unidentified Location Policy in the tenant.
  • Select whether the tenant will inherit the error page settings from your configuration of ETP.
  • Delete a tenant. This operation removes all configuration settings and components such as policies, locations, lists, and more. The tenant administrator who was assigned to the tenant is no longer associated with it.

This release also includes these ETP Client updates:

• Enable Walled Garden. The new Walled Garden Exceptions policy setting allows you to block all traffic when ETP Client is in an Unprotected state. This setting blocks all traffic except for the domains and IP addresses that are configured as walled garden exceptions in the ETP network configuration. This setting also makes ETP Client the device web proxy. As a result, Yes is automatically selected in a policy for Overwrite Device Proxy Settings.
• Disable Client. You can enable this setting in a policy to disable the client in the location or locations that are associated with the policy.

Disable SAMLRequest signature

Akamai is discontinuing publicly-signed certificates. This means, if you use Active Directory Federation Services (ADFS) or another identity provider (IdP) that requires publicly-signed certificates, you need to turn off (disable) the SAMLRequest signature.

Note: For external SAML IdPs, registered in the Single Sign-on (SSO) with SAML application, you can disable the SAMLRequest signature. If you disable the signature, you’ll no longer need to maintain the Akamai SAML certificate every 10 months.

To disable the SAMLRequest signature:

1. Log in to Control Center at: https://control.akamai.com/.
2. Select ≡ ⇒ ACCOUNT ADMIN ⇒ Identity & access ⇒ Single sign-on.
3. Under Actions, select Edit to open the Manage Single Sign-On with SAML window.
4. Switch SP Signature to Off. Note that with SP Signature On (enabled), your IdP may not be able to validate Akamai’s non publicly-signed certificate.
5. Click Save.

Notification for SSO with SAML IdP changes

To increase security and transparency of SSO changes, Control Center will send an email notification to SSO administrators each time a new IdP is updated or added to the account. To view all changes, click Show SSO logs, then click the Configuration changes tab.

IoT Edge Connect has been updated to help improve performance, scale and reliability of the service. Updates include:

• Improved routing performance for the distributed broker when using wildcard subscriptions.
• Improved QoS1 message performance for identified performance hot spots.
• Improved wildcard subscriptions performance for cases when millions of clients are subscribing to a single level wildcard topic structure, such as example/customer/topic/structure/+.
• Enhanced internal metrics monitoring to help customers ensure the proper operation of the service they manage.

ETP Client 3.6.0 is now available

A new version of the ETP desktop client is now available. ETP Client 3.6.0 supports Windows 11 and macOS Monterey. For a full list of supported operating systems, see the ETP documentation.

This update also resolves a security vulnerability and a number of issues, including the following:

• ETP Client reports showed an incorrect status for the client.
• A connectivity issue with ETP Proxy caused it and the client to be completely unresponsive.
• An internal IP request was intercepted by ETP Proxy before it was directed to the enterprise resolver. This issue has been fixed to ensure that internal IP requests are sent directly to the origin.

DataStream 2 General Availability release

We are pleased to announce that DataStream 2 is now available for all our customers. DataStream 2 provides customers with detailed log data from requests on the Akamai Edge platform within minutes. Using DataStream 2 gives unparalleled visibility into events at the Akamai Edge and puts developers first by empowering them with the data needed to support critical operations. Contact your Akamai representative for DataStream 2 solutions or migration possibilities.  

New navigation and enhanced dashboard now available in Enterprise Center

Enterprise Center now offers a new navigation that organizes features and settings by enterprise product. Enterprise Threat Protector (ETP) administrators can now access all configuration settings and reports from the Threat Protection area of the navigation menu. If your organization is also licensed for the Enterprise Application Access (EAA) or Multi-Factor Authentication (MFA) products, you can access EAA features from the Application Access area of the menu and MFA features from the Multi-Factor Authentication navigation area.

The Enterprise Center dashboard has also been enhanced in this update to let you easily add new, predefined widgets for your enterprise product. For ETP, you can easily create a dashboard that can monitor events, activity, risky applications, application operations, ETP Client downloads, and more. For more information, see the ETP product documentation.

Multi-tenancy is now available in Enterprise Threat Protector (ETP)

With multi-tenancy, a Managed Security Service Provider (MSSP) can give their customers separate access to ETP without purchasing separate product licenses. You can create a tenant for each customer and assign administrators to each tenant. A tenant administrator can create and manage ETP components within their tenant, such as policies, lists, locations, certificates, ETP Clients, and more.

Multi-tenancy can also be used by administrators who want to test new versions of ETP Client and upgrade the client for a specific group of users. You can do this by creating a tenant that represents a group. You may need to create a separate location for these users or consider the policy that’s assigned to the Off-Network ETP Clients location. You can then approve, configure auto-upgrade, and activate ETP Client within that tenant.

For more information on multi-tenancy, see the ETP documentation.

New features:

• The State data set field is now available as a part of the geographical data set, and the Country data set field has been renamed to Country/Region.
• You can now log data related to the WAF security rules using the Security rules data set field.

See the DataStream 2 user guide for the complete list of available data set fields with examples.