Welcome to Enterprise Threat Protector

Enterprise Threat Protector (ETP) is a cloud-based, targeted threat protection solution that protects your organization from DNS and web-based threats, enforces authentication and acceptable use policies, and audits user Internet access.

ETP threat intelligence offers:
  • DNS-based threat prevention and detection.
  • A proxy to intercept and decrypt risky Transport Layer Security (TLS)/SSL traffic. The proxy requires the deployment of a man-in-the-middle certificate to decrypt traffic.
  • Malware URL filtering
  • Acceptable use policy (AUP)
  • Event and DNS activity reports with near-real time data
  • Dashboard for detecting and monitoring events
  • Indicators of compromise to help you investigate detected threats
  • A client that protects end-user machines when they are on or off the corporate network
If you are licensed for ETP Advanced Threat, you can configure ETP to:
  • Scan and analyze downloads that are up to 5 MB in size. Downloads are scanned with multiple, advanced anti-malware engines.
  • Forward all HTTP and HTTPS traffic to ETP Proxy. This configuration allows ETP Proxy to act as a Secure Web Gateway (SWG). When ETP Proxy is a full web proxy, it filters and scans all web traffic to prevent threats from entering your network.
  • Protect against zero-day phishing attacks
  • Configure an identity provider or integrate a third-party identity provider
  • Enforce web-based user authentication policies
  • Define a user or group-based AUP
  • Report all user activities for HTTP and HTTPS traffic

If you are licensed for the Advanced Sandbox module, you can scan large files after they are downloaded. Depending on the size of the file, ETP scans and analyzes files for malware in a secure, isolated sandbox environment. ETP generates a report with scan results.

The application is organized into these navigation areas:

  • Configuration. Where an ETP administrator configures items essential to an ETP configuration, such as locations and policies. In this area you also configure custom lists and the appearance of error pages that users receive when violating the AUP or when attempting to access malicious content. You can also enable ETP Proxy to intercept and inspect HTTP and HTTPS traffic. You must be an ETP super administrator to perform tasks on these pages. If necessary, contact your Control Center administrator for ETP super administrator role permissions.
  • Identity. If you enable ETP Proxy, you can enable authentication for users who are connecting to the Internet. An identity provider allows you to assign the users or groups who can access websites. In this area of ETP, you can create identity provider, define multi-factor authentication settings, as well as manage and sync directories.
  • Monitoring. Views of the dashboard, threat and AUP events, and network activity. This area allows you to analyze event data. For example:
    • If a security connector is deployed and configured in your organization, you can view Security Connector events.
    • If ETP Proxy is enabled for your organization, you can view data about network traffic that is directed to ETP and the transactions that are handled by the ETP proxy.
    • You can report user ID and group name associated with AUP events and proxy activity
  • Intelligence. Includes an Indicator Search option where you can complete a domain search.
Note: If you are trying Enterprise Threat Protector with the new Enterprise Center interface, all configuration, identity, and reporting features are accessible from a new navigation menu. To learn more about the new interface, see Enterprise Center.

To get started, you must configure ETP for your enterprise.