Akamai Enhances its Cloud Secure Web Gateway with DLP, Application Control and DNS over TLS (DoT)

Last March, Akamai announced the launch of its secure web gateway delivered at the edge, to help enterprises further accelerate their transition to a new security architecture based on Zero Trust and secure access service edge (SASE) principles. As we now know, we were just on the cusp of a global pandemic that changed the nature of work. Literally overnight, companies needed to support tens of thousands of employees working from home. That meant they needed to change the way they provided application access and minimize the risk from devices that were no longer on the corporate network from being compromised with malware. The pandemic brought into sharp focus the reality that backhauling application and web traffic over a VPN to a data center with stacks of appliances to apply security was no longer viable or fit for purpose.

Six months on, Akamai is today announcing additional capabilities designed to allow enterprises to further secure internet access for their employees, minimize the loss of sensitive or confidential data, and provide end-to-end security for DNS traffic.

Integrated Data Loss Prevention

Proactively preventing the loss of personally identifiable data or other confidential business data that might be accidentally sent out of an enterprise via the public internet has never been more critical given the potential associated financial and reputational losses. The new integrated data loss prevention (DLP) capability in Enterprise Threat Protector is easy to configure and quick to deploy. It includes DLP dictionaries for PII, PCI DSS, and HIPAA; custom dictionaries based on these dictionaries can be created.

Identifying and Managing Shadow IT

There are hundreds of thousands of applications enterprise users can download, install, and use on managed devices without the security team’s awareness. However, the use of unsanctioned applications can increase the attack surface and increase an enterprise’s risk profile. The new application visibility and control (AVC) feature in Enterprise Threat Protector allows enterprises to quickly identify which applications are being used, then block entire applications based on a risk score or block individual per-application operations, such as allow uploads but block downloads.

End-to-End Security for DNS Traffic

Recursive DNS traffic between a device and the DNS resolver is sent in the open and therefore can be easily intercepted and manipulated by attackers. Enterprises want to add security to their DNS traffic, particularly when it is sent to a cloud resolver, but they do not want to lose visibility of the traffic or be unable to use DNS as a security control point. Enterprise Threat Protector has been enhanced to allow enterprises to add DNS over TLS (DoT) encryption through a client or through a virtual machine DNS forwarder. This encrypts the DNS traffic between enterprise devices and the Enterprise Threat Protector DNS resolvers. Enterprise Threat Protector already supports DNSSEC, and this new capability allows enterprises to have end-to-end security for DNS to reduce the risk of attackers intercepting and manipulating this traffic.

To find out more about these new capabilities and to sign up for a free 60 day trial of Enterprise Threat Protector secure web gateway, visit

There will be more opportunities to engage with us on this and more at Edge Live | Adapt. Sign up to see how customers are leveraging these improvements, engage in technical deep dives, and hear from our executives how Akamai is evolving for the future.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Jim Black. Read the original post at: