Enterprise Threat Protector Proxy
In addition to identifying and mitigating DNS threats, you can also use Enterprise Threat Protector (ETP) to protect an enterprise network from threats that target HTTP or HTTPS traffic.
- Selective proxy. Analyzes risky web traffic. The selective proxy examines the domain and full URL of the request to determine if it’s risky. The selective proxy is available with an ETP Intelligence license.
- Full web proxy. Analyzes all web traffic. The full proxy is available to organizations that use ETP Client or that already use an on-premises proxy. You can configure ETP client and an on-premises proxy to forward all web traffic to ETP Proxy. When this configuration is in place, ETP Proxy scans all web traffic for malware. Your organization must be licensed for ETP Advanced Threat to set up and use the full web proxy. For more information, see Full web proxy.
If your enterprise is licensed for ETP Advanced Threat, you can perform payload analysis. ETP payload analysis uses malware scanners to determine which websites are safe to access. For more information, see Payload analysis.
The proxy acts as a man-in-the-middle to intercept TLS/SSL traffic. An ETP super administrator generates an Akamai certificate or a certificate signed by their company’s Certificate Authority (CA). An IT or Desktop administrator deploys the certificate across the enterprise network. This is necessary to establish trust between the client (browser) and the proxy, and further allows Akamai to create a short-lived, dynamically generated certificate that is used to communicate with the destination server. For more information, see ETP Proxy as a TLS intermediary.
If data loss prevention (DLP) is set up in your enterprise, you can scan files or data that's uploaded by users for sensitive information. This feature is currently in beta. For more information, see Data loss prevention.
You configure the ETP proxy to function in one of these modes:
- Detection Mode. Applies when an administrator selects the Monitor action. This policy action does not block traffic. However, events and alerts are generated for a security event.
- Prevention Mode. Applies when an administrator selects a Block action. This policy action blocks an identified threat.
- Make sure that you deploy trusted certificate authority (CA) certificates in your network devices, such as guest computers or mobile phones.
- If your organization has separate networks for guest and managed devices, configure those networks as two separate locations in ETP. This ensures that each network’s traffic is mapped to a different public IP address. You can then enable ETP Proxy in the network with managed devices and leave ETP Proxy disabled in the network with guest devices.
Note these conditions:
- Some limitations apply to traffic that’s forwarded to ETP Proxy. For a list of limitations or unsupported features, see Limitations of ETP Proxy.
- The ETP Dashboard, events and activity reports allow ETP administrators to review and analyze HTTP or HTTPS threat events, ETP Proxy and network activity, threat events, and access control events.
- When a company uses a VPN to secure communications between a field office and company headquarters, the company headquarters is typically configured as a location in the policy. If the field office is also configured as a separate location in the policy, ensure that the policy associated with these locations do not have conflicting settings.
- Akamai maintains a list of domains that bypass ETP Proxy. For more information, see Akamai bypass list.
- In a policy, you can select to optimize Microsoft 365 traffic. This option allows domains and IP addresses that are associated with Microsoft Office apps, Outlook, and cloud storage to bypass ETP Proxy scanning and resolve to Microsoft data centers that are closest to your enterprise DNS resolver. ETP retrieves this data from Microsoft every 24 hours. For more information, see Optimize Microsoft 365 traffic.