What's New in Security (Part 2)
We're presenting an entire week of learning about Akamai's recent product updates. Each day, we'll highlight our latest innovations in each area of the Akamai Intelligent Edge Platform.
You may have already read Renny Shen's fantastic blog walking through day 1 of Akamai's security updates. Now, I'd like to tell you what we have in store for day 2 of our security updates.
Our second day of security updates is focused on providing smarter workforce security controls as enterprises struggle with the new reality of work. For many, the new corporate branch is the home office and the corporate network is the internet. To make it even harder for enterprises to secure a remote workforce, malicious actors (who have always worked remotely) are taking advantage of the new working environment -- including the blurring of work and play on corporate devices.
CIOs and CISOs are quickly realizing the need to adjust to this new reality and protect the home office in the same way they used to protect the workforce when they were in the office. However, in transitioning to a remote corporate network, the workforce often experiences problems in application performance, decreased security, and reduced employee productivity.
Security and IT teams need data loss prevention, application visibility, and control in a remote work environment in order to reduce risk. But that alone is not enough -- better data for smarter security decisions is key.
Environmental indications like endpoint detection and response signals can help to create dynamic risk scores that can positively impact corporate application access decisions and enable a significantly better security posture. For example, if an employee's device has been compromised according to CrowdStrike, a cloud-native endpoint protection platform, should the device continue to have access to the company's source code repository?
To enable this transition to more intelligent security controls, Akamai has released a number of new capabilities to improve its Zero Trust Network Access, secure web gateway, Domain Name System (DNS) security, and identity solutions. At Akamai, we think that contextual and continuous analysis help create a foundation for making smarter security and access decisions and establishing trust.
Industry claims of a secure access service edge -- or Zero Trust edge -- are, in reality, just moving virtual appliances to the cloud or limited network points of presence (PoP) expansion. These changes do not offer the full capabilities of a true globally distributed edge platform. Our experience operating one of the world’s largest edge networks, has demonstrated that a distributed cloud-native platform at the edge is the way forward. This is particularly important when it comes to delivering enterprise security and delivery services at a global scale.
To learn more about the new capabilities we're announcing today, read on.
Enterprise Application Access
Enterprise Application Access (EAA) is designed to ensure that only authorized users and devices have access to the internal applications they need in order to not expose the entire corporate network. Akamai offers the EAA Zero Trust Network Access (ZTNA) solution to dynamically enforce access decisions based on identity, device, user context, and risk. EAA helps keep applications safe from the internet and public exposure.
Key new capabilities
Adaptive application access with CrowdStrike: EAA leverages CrowdStrike's threat signaling feature to classify devices' risk level (medium or high) and uses those values to decide whether to block or allow application access. This enables increased application security and prohibits devices with poor security from accessing enterprise applications.
New Enterprise Center user interface (UI): Enterprise Center is an all-in-one portal to easily manage EAA and Enterprise Threat Protector. The new, consistent UI helps improve efficiency and allows you to customize dashboards and widgets. Now, administrators can gain deeper visibility and a more comprehensive overview of all data in one location to help make better decisions about securing access and protecting users.
Learn more about the new EAA capabilities here.
Enterprise Threat Protector
With Enterprise Threat Protector (ETP), Akamai proactively identifies, blocks, and mitigates targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day attacks. Akamai offers the ETP secure web gateway to help security teams ensure that users and devices can safely connect to the internet, regardless of where users are connecting from -- without the complexity associated with legacy appliance-based approaches.
Key new capabilities
Data loss prevention: ETP now includes integrated data loss prevention for outbound web traffic to minimize data loss, reduce risk, and improve compliance based on standard dictionaries for PCI, HIPAA, and more. You can also create custom dictionaries and configure your own policy violation threshold.
Application visibility and control (AVC): ETP now enables shadow IT identification and control. For example, it allows you to block file uploads and allow file downloads to Dropbox for all users except IT users.
End-to-end security for DNS: With the combination of DNS over Transport Layer Security (DoT) and DNSSEC, enterprises can secure their DNS traffic without losing the ability to use DNS as a security control point and without losing visibility.
Learn more about the new ETP capabilities here.
Akamai's cloud-native customer identity and access management solution enables fast-to-deploy single sign-on, registration, authentication, and preference management. Identity Cloud offers centralized profile access management on a flexible platform built to scale, perform, and comply with regulatory requirements around the world. It now has even broader application integration and can handle complex consumer-facing use cases at scale.
Key new capabilities
Hosted Login Two-Factor Authentication (2FA): Akamai's identity as a service offering now includes mobile number 2FA experiences that can be easily enabled as either a required or opt-in security feature for end-users.
Updated Integration Bus: The new Akamai Identity Cloud Integration Bus offers self-service integration support, allowing you to share data between Identity Cloud and a large number of platforms such as Salesforce, Adobe, OneTrust, and more. You can now configure their own integrations using a visual, easy-to-understand user interface -- without needing any development knowledge.
New monthly average user pricing model: Identity Cloud provides quantity usage entitlements for Anonymous, Registered, and Monthly Active Users associated with your applications.
Learn more about the new Identity Cloud capabilities here.
Edge DNS and Global Traffic Management
Enterprises leverage Akamai's authoritative DNS to improve application performance, availability, and resilience against distributed denial-of-service (DDoS) attacks.
Key new capabilities
Service binding for short domain names: Edge DNS added support for two new DNS record types (SVCB and HTTPSSVC) based on the Internet Engineering Task Force draft standard co-authored by Akamai. This implementation will ultimately improve DNS security while simplifying multiprovider workflows.
Edge DNS DevOps enhancements: Through additional DevOps integrations, Akamai has extended the ability of DNS practitioners to customize and automate DNS management through the powerful APIs offered to our Edge DNS and Global Traffic Management (GTM) customers.
GTM static properties: GTM introduced a new property type -- Static -- that behaves as an Edge DNS zone within a GTM domain. This is the initial step toward full integration of our Edge DNS authoritative name service and GTM global server load balancer.
Learn more about the new Edge DNS capabilities here.
Security and Personalization Services
Network operators leverage Akamai Security and Personalization Services (SPS) to offer small and midsize business subscribers an easy-to-use, value-added service that mitigates security threats and allows businesses to filter inappropriate content in their workplace.
Key new capabilities
SPS Remote: SPS Remote, an optional capability of SPS Secure Business, is a new thin client for iOS and Android devices that protects workers on untrusted Wi-Fi networks. SPS Remote is a monetizable service that gives providers control over the business model and pricing. Turnkey development only requires specification of look and feel design elements to create fully branded, customer-ready applications.
SPS Shield: SPS Shield makes it easier for network operators to offer foundational security defenses for all of their residential and SMB customers network-wide. A simplified integration effort and easy onboarding speed up time to market and minimize initial and ongoing overhead and investment. SPS Shield makes it easy for subscribers, too, since there's no software or hardware installation, and all their devices are covered.
Learn more about the new SPS capabilities here.
We hope you're as excited as we are about these new product capabilities! Come visit us each day this week on the Akamai blog to learn more.
There will be more opportunities to engage with us on this and more at Edge Live | Adapt. Sign up to see how customers are leveraging these improvements, engage in technical deep dives, and hear from our executives how Akamai is evolving for the future.