Helping customers further secure their on-premises data centers and IaaS deployments is an interesting new use case for our Enterprise Threat Protector service.

Enterprises typically have a significant number of applications that are deployed and run in these environments. I'm using the word 'application' in its broadest sense, which can cover things like a public-facing website or an internal procurement system.

Modern applications are no longer built as single blocks of code -- and nearly all applications will need to dial outside to include external resources. These external resources will be pretty varied. Examples include an open source software component pulled down from GitHub, or a specific real-time function, like a website with a postal address lookup based on ZIP code.

More importantly, these are resources that the enterprise has no control over, and that creates a security risk. For example, what if an external resource is compromised and that then compromises a server in the data center?

What enterprises have told us they need:

  • Visibility into the external resources that are being accessed by applications or servers
  • Ability to identify and block access to any risky external resources in real time
  • Restriction of the external resources that can be accessed

So how can Enterprise Threat Protector help enterprises quickly improve their visibility and protection, and reduce risk?

It's actually pretty simple. Unsurprisingly, requests to these external resources start with a DNS lookup. So all an enterprise needs to do is send its data center or IaaS DNS traffic to Akamai. That's a simple and straightforward change that typically can be done in a few minutes. That gives immediate visibility into all external resources that are being requested and protection against malicious requests by comparing the request against Akamai's real-time threat intelligence.

Further protection can be added if required by activating Enterprise Threat Protector's secure web gateway (SWG) capability, which provides URL request inspection and inline and offline payload analysis.

The flexibility of Enterprise Threat Protector is enabling customers to customize the service to fit their specific needs.

For example, one customer has deployed a configuration that gives it the real-time visibility into external resources that are being requested, but it only blocks requests that are identified as malicious. This approach is also useful if you have user and application traffic egressing out of the same gateway.

Another customer, a financial services company, had deployed a configuration that only allows a whitelist of resources to be resolved and hence accessed. All other requests are blocked. This approach is a good fit if you need the highest level of protection against unauthorized or unknown external resources being requested.

To find out how Akamai Enterprise Threat Protector can help you quickly secure your data center or IaaS deployments, please visit our Enterprise Threat Protector page.

Attachments

  • Original document
  • Permalink

Disclaimer

Akamai Technologies Inc. published this content on 27 April 2020 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 27 April 2020 19:12:12 UTC