March 2020 — What’s New in Security, Part 2

Welcome to Akamai’s March 2020 Release. As we covered yesterday, this release offers a week of product updates, with each day highlighting continued innovations across a different area of Akamai’s portfolio:

  • Monday and Tuesday feature two days of security updates. There’s a lot going on in Akamai’s security portfolio — more than will fit into a single day.
  • Wednesday introduces updates to Akamai’s delivery platform for HTML, API, video, software, and smaller-object content.
  • Thursday highlights the increasing importance of short-form video in the digital customer experience.
  • Friday is developer day, with the latest improvements in self-service and integrating Akamai into your CI/CD processes.

Our second day of security updates is focused on continuing our leadership in Zero Trust, DNS, and customer identity and access management. As we covered yesterday, it is never a given being named a leader across five Forrester Wave reports, but our continued innovation and focus on web app and API security, Zero Trust Access, secure web gateway, and customer identity and access management have enabled Akamai to help our customers modernize their security, identity, and access controls in today’s mobile and cloud-first environment where the Internet is fast becoming the corporate WAN.

Analysts clearly believe in an edge-based, as-a-service model for security, delivery, and identity. But from our perspective, as-a-service delivery isn’t enough. Akamai sees making smarter security and access decisions based on a multitude of contextual signals that are continuously analyzed to establish trust as foundational.

We have been focused on providing security and content delivery network capabilities at the edge longer than anyone at this point. And it shows. While our competitors claim to have reinvented the wheel while quietly building out their networks with more PoPs, we continue to believe that a truly distributed cloud-native platform at the edge is the only way forward. This is particularly true when it comes to delivering enterprise security and delivery services at planetary scale to some of the largest organizations in the world.

Today we are happy to announce that we have enhanced Enterprise Threat Protector (ETP) to help enterprises further accelerate their transformation to a Zero Trust security architecture. At launch, ETP used an enterprise’s DNS traffic and Akamai’s real-time threat intelligence to provide a quick and simple way for enterprises to add an additional layer of proactive security. However, many Akamai customers told us that they want a level of security and visibility that is delivered by sending all web traffic to a proxy. And so that’s exactly what we have built — Enterprise Threat Protector is now a secure web gateway.

In a nutshell, customers that need the highest level of security can now simply send all of their web traffic to ETP by using a lightweight client installed on endpoints or by forwarding traffic from an existing proxy. All traffic will be compared against real-time DNS and URL threat intelligence, which can block a huge amount of malicious traffic before an IP connection is made. And to provide additional protection, a cloud proxy now inspects payloads for malicious behavior using four detection engines, including a cloud sandbox for dynamic analysis to deliver outstanding protection against even the most complex zero-day threats.

Akamai’s leadership in DNS is not constrained to enterprise security controls. Akamai DNSi resolver infrastructure is a foundational part of some of the largest networks in the world and helps providers improve the subscriber experience, deliver value-added services, and gather DNS data that’s useful for operations and security. Now, ISPs and network operators have a lot of questions about how DNS over HTTPS and DNS over TLS will change their DNS infrastructure. Akamai has been working with providers on early deployments of Akamai CacheServe that support the new DNS encryption protocols. In fact, our team just covered their findings — DNS Encryption Operational Experience and Insights — at a recent DNS Operations, Analysis, and Research Center (DNS OARC) meeting.

While we are on DNS, it is also important to highlight that Akamai continues to offer extremely resilient and scalable authoritative DNS services to some of the largest brands in the world. While our customers’ expectation of exceptional performance continues unabated, they have driven us to focus our authoritative DNS solutions on availability and resilience against DDoS attacks. Hence, we are rebranding our authoritative DNS products from Fast DNS to Edge DNS to align with our security-driven vision for that particular product line.

When we think about consumer privacy and our focus on security, customer identity needs to be mentioned. Our Akamai Identity Cloud customer identity and access management solution is designed to provide a highly secure and resilient environment for collecting and storing sensitive user information that enables brands to establish and maintain digital trust with their customers, while safeguarding against malicious activities including fraudulent accounts and credential compromise. We have some exciting updates related to Identity Cloud, with platform expansion and regional instances in Japan, and our continued focus on making it easier and safer to integrate with a variety of third-party software for sales and marketing automation, personalization, monitoring, and more.

To learn more about the capabilities we’re announcing today, continue reading below:

Enterprise Threat Protector

DNSi Cacheserve

Edge DNS

Identity Cloud

Enterprise Threat Protector

Enterprise Threat Protector (ETP) is expanding to become a full-featured secure web gateway (SWG). Last year, we added a cloud proxy that provided additional capabilities to look further into the traffic at the URL level and to inspect risky payloads for malicious behavior. For payload analysis, we used four detection engines that used multiple analysis methods to deliver outstanding protection against even the most complex zero-day threats. Now, customers that need the highest level of security can simply send all of their web traffic to ETP by using a lightweight client installed on endpoints or by forwarding traffic from an existing proxy. All traffic will be compared against real-time DNS and URL threat intelligence, which can block a huge amount of malicious traffic before an IP connection is made. And, to provide additional protections, downloaded files can be sent to a cloud sandbox for dynamic analysis.

Key Features

Windows and macOS client

Enables ETP to support full SWG functionality for all users, regardless of location

Proxy chaining

Enables ETP to support full SWG functionality for locations with existing forward proxies

Identity integration and identity-based acceptable use policy

Enables customers to apply acceptable use policy based on users’ group membership or identity

Zero-day phishing protection

Protects organizations against never-seen-before or zero-day phishing attacks

Advanced sandbox

Provides in-depth protections against malware using a cloud sandbox


DNSi Cacheserve

DNSi CacheServe enables network operators to implement feature-rich DNS resolvers (deployed as cloud, managed, or licensed software) that improve network responsiveness, manage unwanted traffic, and enable premium services for homes and businesses. DNSi CacheServe now also supports DNS encryption.

Key Features

DNS encryption support

DNSi now supports new DNS encryption protocols, including DNS over HTTPS (DoH) and DNS over TLS (DoT).

Edge DNS

Cloud-based DNS for improved performance, availability, and resilience against DDoS attacks. Fast DNS has been rebranded as Edge DNS.

Key Features

Rebrand product to Edge DNS

Rebranding Akamai’s authoritative DNS service as Edge DNS to reflect a renewed alignment of the product’s capabilities and applicable use cases with Akamai’s global leadership in edge security services.

Identity Cloud

Akamai’s cloud-native customer identity and access management (CIAM) solution empowers fast-to-deploy single sign-on (SSO), registration, authentication, and preference management. Identity Cloud enables centralized profile access management on a flexible platform built to scale, perform, and comply with regulatory requirements around the world. It can handle complex consumer-facing use cases with millions of users and now has even broader application integration.

Key Features

New Japan region

In-region access from Japanese endpoints.

We hope you’re as excited as we are about these new product capabilities. Come visit us each day this week on to learn more.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Lorenz Jakober. Read the original post at: