X
Akamai
Login
Login Close
Control Center
Access the Akamai platform
Login Close
Cloud Manager
Manage your cloud resources

Secure Internet Access Enterprise

Safely connect users and IoT devices to the internet with a DNS firewall

Free trial

Stop lateral movement with granular controls

Secure Internet Access Enterprise is a cloud-based DNS firewall that is designed to help security teams ensure that all users and devices — on- and off-network — can securely connect to the internet. It proactively blocks malicious DNS requests including malware, ransomware, phishing, and low-throughput DNS data exfiltration. Secure Internet Access reduces security complexity with no appliances to deploy, manage, and upgrade, and it’s simple and intuitive to use.

Read product brief

Proactively protect against malware, ransomware, and phishing

Deploy in minutes, scale globally

Rely on your security and recursive DNS service to be 100% available on the world’s most distributed cloud platform.

Keep your users and IoT devices safe

Protect with real-time threat intelligence without impacting performance.

Reduce time-consuming security management

Simplify security by eliminating on-premises network security solutions and managing security centrally.

How it works

Simplify

Define and deploy DNS security policies in minutes to deliver proactive cybersecurity for your users everywhere.

Inspect

Inspect every domain name system query, and block malicious domains based on real-time threat intelligence.

Analyze

Log all recursive DNS requests for investigation, analysis, and compliance.

Protect

Protect users against malware, ransomware, and phishing, no matter where they are or what device they are using.

Features

  • Real-time threat intelligence based on Akamai’s unprecedented internet visibility to proactively block malicious domains and malicious websites
  • Block low-throughput DNS data exfiltration in real time
  • Selective level of inspection — recursive DNS-only or proxy risky web traffic — lets you choose the right level of protection for your use case

  • Identify and control shadow IT application controls to identify and control unsanctioned applications based on risk score or application type 
  • Protect users and IoT devices anywhere with lightweight clients for Windows, macOS, iOS, Android, and ChromeOS devices
  • Flexible traffic on-ramps that allow you to select the method or methods that fit into your network architecture

  • Intuitive policy management that lets you easily create and deploy policies based on user, group, locations, network subnet, and more
  • Real-time analysis and reporting for all outbound traffic, threat events, AUP events, and more 
  • Configure and manage every feature via an API and integrate with your SIEM

Customer Story

Pokémon customer story

With Akamai, the media franchise was able to eliminate its VPN, improve security posture, and reduce the security team workload.

Read customer story

Secure Internet Access Use Cases

Learn more about a few common ways Secure Internet Access Enterprise is used.

Improve security posture

Simply improve security posture

Cyberthreats are increasing in volume and constantly evolving. Existing endpoint security solutions and network security solutions such as network firewalls are often ineffective and inconsistent, and threats that exploit recursive DNS are often not covered. Deploy Secure Internet Access as a DNS firewall to provide an additional layer of security that can be configured and deployed globally in minutes with a simple DNS infrastructure configuration change.

Benefits:

  • Rapid deployment, with no hardware to be installed, configured, and managed
  • Frictionless security with zero impact on user experience 
  • Blocks threats earlier, further away from your endpoint, and before any IP connections are made
  • Protects against threats that can only be detected using recursive DNS, such as low-throughput DNS data exfiltration or botnets
  • Identifies and controls shadow IT based on application category and security 
  • Effective security across all ports and protocols

Secure branch internet traffic

Secure direct-to-internet branch traffic

Enterprises are rearchitecting their branch networks to eliminate traffic hairpinning and deploying SD-WAN to connect branch network traffic directly to the internet. Replicating the existing centralized security stack at every branch is complex, time consuming, and costly. Secure Internet Access proactively secures direct internet access (DIA) branch traffic without the complexity and cost of deploying and managing on-premises network security solutions, allowing users and IoT devices to safely connect to the internet.

Benefits:

  • Significantly reduces the complexity and cost of securing DIA traffic
  • Quick and simple integration with your SD-WAN — protection can be deployed and configured in minutes, not days or weeks
  • Security with low latency — traffic is automatically routed to the best-performing Akamai recursive DNS server
  • Security with reliability — the Akamai recursive DNS servers are deployed globally on Akamai Connected Cloud, which is designed for the highest levels of availability

Control guest WI-FI content

Proactively control guest Wi-Fi content

Free guest Wi-Fi for customers is now universal. However, unrestricted access to any type of web content risks damaging the image and reputation of your business and brand. Secure Internet Access leverages Akamai’s proven globally distributed recursive DNS resolvers to proactively identify and block web content categories based on your organization’s guest Wi-Fi acceptable use policy (AUP). 

Benefits:

  • Significantly reduces reputational risk and maintains brand reputation 
  • Optimizes network bandwidth by quickly blocking access to streaming media domains
  • Maximizes IT resources and reduces management time
  • Dramatically reduces complexity
  • Improves recursive DNS service resilience and reliability

Data center/IaaS

Data center/IaaS visibility and protection

Enterprise applications hosted in your data centers or IaaS deployments will typically need to access external resources that are not owned or managed by you and could contain vulnerabilities. Secure Internet Access enables visibility into external resources that are being accessed, blocks any malicious recursive DNS requests, and controls the resources that can be accessed. 

Benefits:

  • Improved security and compliance
  • Quick and simple deployment — compatible with any operating system
  • 100% visibility and logging for all external recursive DNS requests
  • Real-time threat protection to block recursive DNS requests to malicious domains and malicious websites
  • Control and limit outbound recursive DNS traffic

Frequently Asked Questions (FAQ)

Secure Internet Access threat intelligence is built on data gathered from Akamai Connected Cloud, which manages up to 30% of global web traffic and delivers up to 11 trillion recursive DNS queries daily. This intelligence is enhanced with IP addresses and traffic logs from other Akamai security services and hundreds of external threat feeds — including WHOIS and registrar information — and the combined dataset is continuously analyzed and curated using advanced behavioral analysis techniques, machine learning, proprietary algorithms, and a team of data scientists and security threat researchers. As new threats are identified, malicious domains and URLs are immediately added to the Secure Internet Access Enterprise service, delivering real-time cybersecurity. In addition, domains and URLs that no longer represent a threat are removed from the list. This approach improves detection efficacy and reduces false positive security alerts. Our team also analyzes customers’ DNS logs looking for indicators of compromise (IOCs). If IOCs are found, affected customers are alerted through the Secure Internet Access portal, which is important to help reduce the potential impact of newly discovered threats.

The Secure Internet Access threat lists are updated approximately every 60 minutes; new domains are added, and domains that are no longer a risk are removed.

Secure Internet Access has complete flexibility to allow businesses to customize how their security policies are structured. A policy can be built using locations, business units, and network subnets.

There are multiple ways to onboard your traffic to Secure Internet Access, including a simple DNS server IP address change, deploying Akamai’s DNS proxy virtual machine, IPsec tunnels, lightweight clients, and integration with your SD-WAN devices. You can use a combination of traffic onboarding approaches to meet your use cases and the level of protection you need.

Secure Internet Access can be deployed as an additional layer of proactive security, as network firewalls and secure web gateways typically do not inspect recursive DNS traffic. A DNS firewall works by checking every recursive DNS request that is made and comparing it against a frequently updated database of malicious domains. It lets you create and enforce cybersecurity and acceptable use policies (AUPs).

The DNS protocol is an open protocol that can be easily abused. A normal recursive DNS resolver responds to every DNS request that is made, irrespective if the requested domain is malicious or benign. A DNS firewall works by redirecting every recursive DNS query to a cloud-based DNS resolver. Every DNS query is compared against a list of malicious domains that could deliver malware, ransomware, or a phishing landing page. When a malicious domain is identified, it is blocked and the user receives a block page. Recursive DNS queries for safe domains are resolved, a DNS response is sent back by the DNS resolver to the user’s device, and the request proceeds as normal.

Secure Internet Access is a recursive DNS resolver that forwards DNS requests to DNS nameservers. However, Secure Internet Access caches recently requested domains, so will first attempt to resolve the DNS request from its cache, which improves performance. It only sends the request to the nameservers if the domain is not in the cache.

Akamai deploys its DDoS security service, Prolexic, to mitigate DDoS attacks, and uses its WAAP security service to add further protection for the DNS infrastructure. In addition, Akamai uses rate limiting and load balancing techniques to ensure that individual resolvers are not impacted by attacks.

A person with black glass is shown with their face lit by the light of a computer screen

Free 60-day trial: Try DNS firewall

Sign up for a free 60-day trial, and you’ll see how simple it is to:

  • Improve your cybersecurity posture without impacting performance, with a DNS firewall 
  • Configure and manage Secure Internet Access through the Akamai Control Center and automate management via an API
  • Understand if your recursive DNS traffic is a security blind spot, and discover hidden cyberthreats such as DNS data exfiltration and botnets
  • Gain insights to improve the efficiency of security operations and threat hunting teams
     

Set up your 60-day free trial:

  1. Submit form
  2. Confirm your email
  3. Pass Akamai’s validation and vetting process
  4. Receive login instructions
  5. Log in and set up your instance of Secure Internet Access Enterprise

Terms and restrictions apply.

Thank you for requesting a trial of Secure Internet Access Enterprise. We’ve sent an email request for you to verify your email address. Once verified, you’ll receive another email with your login credentials to get started.