Akamai Enterprise Threat Protector (ETP ) is a cloud-based security service that provides policy-based defense against phishing, malware, ransomware, DNS tunneling, and other threat events.
To support this integration, you must have both Enterprise Application Access (EAA) and Enterprise Threat Protector on the same contract. If you don't, you won't see anything related to ETP in the EAA Device Posture console. The user device must also be running both the EAA and ETP clients.
When Enterprise Threat Protector is integrated with Enterprise Application Access, it informs Device Posture about devices that ETP has determined to be compromised due to the presence of suspected malware activity.
In the Enterprise Center navigation menu, select Application Access > Reports > Device Inventory.
Click Add Report Metric (+).
Select Compromised Device - ETP from the criteria list.
Select Yes as the criterion value.
Click View Report.
The report generates and displays all devices that experiences a compromise event.
Click a selected device in the Device Name column to display the Device Details report.
In the Device Details report, click View Compromised Device Events to display the Enterprise Threat Protector events collected from the device.
To ignore the detected threat events for Device Posture evaluation, click Ignore Threats in the Threats tab. This also clears the displayed threats.
Ignoring threats lets you ignore detected threat events for Device Posture evaluation, but doesn't address the source of the threat on the device.
To include detection of Enterprise Threat Protector compromised devices in risk assessments and application ACLs, add the following rule to tiers and tags: Compromised Device - ETP > [Not Detected].
You can also detect devices with installed ETP Client. To do this, select the following criterion and value in your tiers and tags: ETP Client Status > Installed.
Updated 10 months ago