What’s New in Security, Part 2

by Lorenz Jakober on October 14, 2020

Welcome to the Akamai Platform Update!

We’re presenting an entire week of learning about Akamai’s recent product updates. Each day, we’ll highlight our latest innovations in each area of the Akamai Intelligent Platform.

You may have already read Renny Shen’s fantastic blog walking through day 1 of Akamai’s security updates. Now, I’d like to tell you what we have in store for day 2 of our security updates.

Our second day of security updates is focused on providing smarter workforce security controls as enterprises struggle with the new reality of work. For many, the new corporate branch is the home office and the corporate network is the internet. To make it even harder for enterprises to secure a remote workforce, malicious actors (who have always worked remotely) are taking advantage of the new working environment — including the blurring of work and play on corporate devices.

CIOs and CISOs are quickly realizing the need to adjust to this new reality and protect the home office in the same way they used to protect the workforce when they were in the office. However, in transitioning to a remote corporate network, the workforce often experiences problems in application performance, decreased security, and reduced employee productivity.

Sponsorships Available

Security and IT teams need data loss prevention, application visibility, and control in a remote work environment in order to reduce risk. But that alone is not enough — better data for smarter security decisions is key.

Environmental signals like endpoint detection and response signals can help to create dynamic risk scores that can positively impact corporate application access decisions and enable a significantly better security posture. For example, if an employee’s device has been compromised according to CrowdStrike, a cloud-native endpoint protection platform, should the device continue to have access to the company’s source code repository?

To enable this transition to more intelligent security controls, Akamai has released a number of new capabilities to improve its Zero Trust Network Access, secure web gateway, DNS security, and identity solutions. At Akamai, we think that a multitude of contextual signals and continuous analysis help create a foundation for making smarter security and access decisions and establishing trust.

Some of our competitors claim to have invented the secure access service edge (AKA zero trust edge), when in reality, they have just quietly been moving their virtual appliances to the cloud or augmenting their limited networks with more PoPs. However, this does not offer the full capabilities of a true globally distributed edge platform — and we believe that a truly distributed cloud-native platform at the edge is the only way forward. This is particularly important when it comes to delivering enterprise security and delivery services at a planetary scale.

To learn more about the new capabilities we’re announcing today, continue to read the following:

Enterprise Application Access

Enterprise Application Access (EAA) is designed to ensure that only authorized users and devices have access to the internal applications they need in order to not expose the entire corporate network. Akamai offers the EAA Zero Trust Network Access (ZTNA) solution to dynamically enforce access decisions based on identity, device, user context, and risk. EAA helps keep applications safe from the internet and public exposure.

Key New Capabilities

Adaptive application access with CrowdStrike: EAA uses CrowdStrike‘s threat signaling feature to classify devices’ risk level (medium or high) and uses those values to decide whether to block or allow application access. This enables increased application security and prohibits devices with poor security from accessing enterprise applications.
New Enterprise Center user interface (UI): Enterprise Center is an all-in-one portal for customers to easily manage EAA and Enterprise Threat Protector. The new, consistent UI helps improve efficiency and allows customers to customize their dashboards and widgets. Now, administrators can gain deeper visibility and a more comprehensive overview of all their data in one location to help them make better decisions about securing access and protecting users.

Learn more about the new EAA capabilities here.

Enterprise Threat Protector

With Enterprise Threat Protector (ETP), Akamai proactively identifies, blocks, and mitigates targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day attacks. Akamai offers the ETP secure web gateway to help security teams ensure that users and devices can safely connect to the internet, regardless of where users are connecting from — without the complexity associated with legacy appliance-based approaches.

Key New Capabilities

Data loss prevention: ETP now includes integrated data loss prevention for outbound web traffic to minimize data loss, reduce risk, and improve compliance based on standard dictionaries for PCI, HIPAA, and more. Customers can also create custom dictionaries and configure their own policy violation threshold.
Application visibility and control (AVC): ETP now enables shadow IT identification and control. For example, it allows customers to block file uploads and allow file downloads to Dropbox for all users except IT users.
End-to-end security for DNS: With the combination of DNS over TLS (DoT) and DNSSEC, enterprises can secure their DNS traffic without losing the ability to use DNS as a security control point and without losing visibility.

Learn more about the new ETP capabilities here.

Identity Cloud

Akamai’s cloud-native customer identity and access management solution enables fast-to-deploy single sign-on, registration, authentication, and preference management. Identity Cloud offers centralized profile access management on a flexible platform built to scale, perform, and comply with regulatory requirements around the world. It now has even broader application integration and can handle complex consumer-facing use cases at scale.

Key New Capabilities

Hosted Login 2FA: Akamai’s identity as a service offering now includes mobile number second factor authentication (2FA) experiences that can be easily enabled as either a required or opt-in security feature for end-users.
Updated Integration Bus: The new Akamai Identity Cloud Integration Bus offers self-service integration support, allowing customers to share data between Identity Cloud and a large number of platforms such as Salesforce, Adobe, OneTrust, and more. Akamai customers can now configure their own integrations using a visual, easy-to-understand user interface — without needing any development knowledge.
New monthly average user pricing model: Identity Cloud provides quantity usage entitlements for Anonymous, Registered, and Monthly Active Users associated with customer applications.

Learn more about the new Identity Cloud capabilities here.

Edge DNS and Global Traffic Management

Enterprises leverage Akamai’s authoritative DNS to improve application performance, availability, and resilience against DDoS attacks.

Key New Capabilities

Service binding for short domain names: Edge DNS added support for two new DNS record types (SVCB and HTTPSSVC) based on the Internet Engineering Task Force draft standard co-authored by Akamai. This implementation will ultimately improve DNS security while simplifying multiprovider workflows.
Edge DNS DevOps enhancements: Through additional DevOps integrations, Akamai has extended the ability of DNS practitioners to customize and automate DNS management through the powerful APIs offered to Edge DNS and Global Traffic Management (GTM) customers.
GTM static properties: GTM introduced a new property type — Static — that behaves as an Edge DNS zone within a GTM domain. This is the initial step toward full integration of our Edge DNS authoritative name service and GTM global server load balancer.

Learn more about the new Edge DNS capabilities here.

Security and Personalization Services

Network operators leverage Akamai Security and Personalization Services (SPS) to offer small and midsize business subscribers an easy-to-use, value-added service that mitigates security threats and allows businesses to filter inappropriate content in their workplace.

Key New Capabilities

SPS Remote: SPS Remote, an optional capability of SPS Secure Business, is a new thin client for iOS and Android devices that protects workers on untrusted Wi-Fi networks. SPS Remote is a monetizable service that gives providers control over the business model and pricing. Turnkey development only requires specification of look and feel design elements to create fully branded, customer-ready applications.
SPS Shield: SPS Shield makes it easier for network operators to offer foundational security defenses for all of their residential and SMB customers network-wide. A simplified integration effort and easy customer onboarding speed up time to market and minimize initial and ongoing overhead and investment. SPS Shield makes it easy for subscribers, too, since there’s no software or hardware installation, and all their devices are covered.

Learn more about the new SPS capabilities here.

We hope you’re as excited as we are about these new product capabilities! Come visit us each day this week on the Akamai blog to learn more.

There will be more opportunities to engage with us on this and more at Edge Live | Adapt. Sign up to see how customers are leveraging these improvements, engage in technical deep dives, and hear from our executives how Akamai is evolving for the future.