• Updated acceptable use policy (AUP). In a policy configuration, new categories and detailed subcategories are available for ​SIA​ administrators to control the websites and content that end users can access in the corporate network.

• New user interface for Locations and Policies. ​SIA​ now includes a new and improved user interface when configuring or modifying a location or policy. On the Locations or Policies pages, administrators can also now search for locations or policies.

• New Client Connector reports. Client Connector area of the Utilities page now includes a new Reports subtab that contains more data about Client Connectors. In addition to pie charts that show errors and installed Client Connectors, a table is now available to show device information, software version, and the current status of installed Client Connectors. Administrators can also filter this data based on time, such as the most current data or data that was reported in the last day or month.

• Assign delegated administrator role. ​SIA​ super administrators can now assign the delegated administrator role to ​SIA​ users. When enabled for your organization, this feature is available from the Delegated Access tab on the Utilities page (Configuration > Utilities). To enable this feature, contact your ​Akamai​ representative.

• Assign locations to alert notifications. ​SIA​ super administrators can now assign specific locations to alert notification recipients. This allows administrators to define the locations that these recipients can receive information about. When enabled, this feature is available from the Communication tab of the Utilities page (Configuration > Utilities). To enable this feature, contact your ​Akamai​ representative.

• Actions for File Sharing and Risky Domains. When ​SIA​ Proxy is enabled, you can select to allow or examine risky domains and file sharing domains. Risky domains are domains that may be a threat because they are newly registered or discovered. File sharing domains are domains of file sharing applications or services. You can select to Allow or Classify traffic to these domains.

• Analyze policy action is now called Classify. The Classify action examines the full URL of a request. If a threat is discovered, a corresponding threat category is assigned to the URL. You can assign the Classify action to custom lists, risky domains, and file sharing domains.

• Support for certificates in binary (.der) format. ​SIA​ Proxy requires that you create an ​Akamai​ certificate or generate a certificate signing request to submit a subordinate certificate that’s signed by your organization’s certificate authority (CA). These certificates function as TLS certificates for the ​SIA​ proxy to intercept suspicious traffic. ​SIA​ now allows you to generate and submit certificates in binary (.der) format.

• Proxy logging modes now available. If ​SIA​ Proxy is enabled, administrators can select different logging levels to define some of the data that’s reported for HTTP or HTTPS traffic in ​SIA​. This setting is available in a policy configuration. The default logging mode provides details that’s most helpful for investigating events.

• Delegated administrative access. ​SIA​ now includes a delegated administrator role. After this role is assigned to a user in Control Center, an ​SIA​ super administrator can grant a delegated administrator access to specific locations and policies, allowing the delegated administrator to manage assigned location and policies.

  A delegated administrator can:

  • Add new locations and policies

  • Deploy configuration changes that they applied or were applied to the locations and policies they manage

  • View settings associated with most configuration features in ​SIA​, such as custom lists and quick lists

  • Schedule a report. Report results show data based on locations a delegated administrator can access

  • View and analyze event and activity data based on assigned locations

  • Download Client Connector and view reporting data that’s associated with Client Connector installations

  • Grant or revoke ​Akamai​ Support Access

    An ​SIA​ super administrator can assign a delegated administrator access to locations or policies on the new Delegated Access tab of the Utilities page (Configuration > Utilities). This tab is available to ​SIA​ super administrators only.

• Deploy window for Pending Changes. A new deploy window is available for configuration changes that are pending deployment. Prior to this release, there were different deployment options for custom lists, quick lists, policies, and locations. In this release, a Pending Changes tab is available on the right side of the configuration pages. ​SIA​ administrators click this tab to view all submitted configuration changes that are not yet deployed to the ​SIA​ network. Administrators can select specific changes they want to deploy or they can deploy all changes. Information about changes is also listed, such as what changed and who made the change.
  The Pending Changes window also offers:

  • A revert option to undo or delete a pending change. Any change that is reverted returns a configuration to its last deployed state.
  • When deploying a change, administrators can comment on the changes they are deploying. These comments appear in the new Deployment History tab on the Utilities page.

• Entitlement code rotation. ​SIA​ now allows super administrators to rotate a Client Connector entitlement code in case the original entitlement code is compromised.

• Alert notification changes. If alerts are detected within a five minute period of sending out an alert notification, users are now notified about these additional alerts after the five minutes. Prior to this release, users were not notified about the alerts that occurred during this period.

• Various Reporting UI Improvements. The ​SIA​ reporting pages include:

  • Filter Editor now appears at the top of page when a user scrolls past it. This ensures that Filter settings are always accessible to users who are analyzing data on the Event Analysis and Activity pages.
  • Report viewers can filter data based on whether there is a correlation between security connector events and threat events.
  • A menu with convenient options is available from certain fields on the Event Details window. For example, if a user clicks a Resolved IP address, a menu appears with actions for this data such as adding the IP address to the Include filter.
  • New Detection Method dimension is available to show events that were detected at the time of access (inline) or were discovered later in log data based on behavior (lookback).

• Access prohibited message. When an end user attempts to access a malicious or suspicious domain that is directed to the security connector, a Website Access is Prohibited message now appears.

• Factory reset option removed from Web Console. A factory reset option is no longer available in the Web Console. This option is also not supported on Security Connector version 1.1.0 or 2.1.0.

Enterprise Client Connector version 1.3.1 is now in beta and available for download. This version of Client Connector includes:

• Custom Sinkhole is now Custom Response. A custom sinkhole is now called a custom response. This feature is accessible from the new Custom Responses tab of the Utilities page (Configuration > Utilities). Administrators no longer configure this feature on the Enterprise Security Connector tab.

• New Custom – Response policy action. A Custom – Response action is now available for custom responses. This policy action blocks malicious or suspicious requests and directs the request to the IP address of the custom response device that’s associated with the policy. When configuring a policy, administrators can select this policy action, assign a custom response, and if necessary, manage custom responses. The Block – Sinkhole policy action now exclusively redirects traffic to Enterprise Security Connector.

• Scheduled report improvements. The user interface for configuring a scheduled report is now improved. Administrators can select to enable or disable individual scheduled reports, identify the administrators who created or modified the report, more easily add email addresses for report notifications, and configure the report output format. Scheduled reports are now available in HTML or text format.

• Alert notifications now available in text format. In addition to HTML format, alert notifications are now available in text format. When enabling email addresses for alert notifications, an ​SIA​ administrator can now select the format for all alert notification emails.

• Enhanced UI for Security Connector and threat event correlation. When viewing correlated Security Connector and threat events, separate windows are now provided with detailed information. For example, viewing a correlated threat event from the Security Connector tab of the Activity page (Monitoring > Activity) opens a window where threat information is provided. If you choose to view correlated Security Connector events from the Threat Events tab of the Event Analysis page, data about all associated Security Connector events is shown. In each of these windows, report viewers can also download event data to a CSV file.

• Integration of Nominum Data. ​Secure Internet Access Enterprise​ now benefits from threat data generated by Nominum, the carrier DNS-based security and services innovation leader that was recently acquired by Akamai. Nominum’s carrier-grade DNS software currently resolves over 1.7 trillion daily DNS requests for carriers worldwide. The addition of this data allows ​SIA​ to identify more threats in an enterprise network.

  On the first day of this release, you will see an increased number of offline events as this additional intelligence is expected to discover more events from the last 7 days.

• DNS Exfiltration Security List. ​SIA​ now offers a DNS Exfiltration Security List and a new DNS Exfiltration category for custom lists. The DNS Exfiltration Security List identifies domains that serve as a communication channel over DNS and may be used to steal sensitive data or allow malware to communicate outside the network.

  This data was previously part of the Command and Control (C&C) Security List. By default, the new DNS Exfiltration list uses the same policy action as the C&C Security List as long as the C&C list does not use the Block – Error Page or the Block – Sinkhole policy action. The Block – Error Page and the Block – Sinkhole actions do not prevent DNS exfiltration because a malicious communication channel can be created when domains are resolved to a custom error page, sinkhole, or Enterprise Security Connector. As a result, if these actions are configured for the C&C list, the new DNS Exfiltration list is assigned the Block – DNS action.

• New sections for General policy settings. General policy settings are now organized into sections: The new Browsing Restrictions section contains SafeSearch and YouTube settings. The new Other Settings section contains the CDN Optimization switch.

• Update to YouTube Restricted Mode Settings. To enable YouTube Restricted Mode, an ​SIA​ administrator no longer needs to enable SafeSearch. A YouTube drop-down menu is now available in the new Browsing Restrictions section of the general policy settings. Administrators can choose from Unrestricted, Moderate, or Strict modes. By default, YouTube is set to Unrestricted mode.

• Block – DNS policy action now available for an Akamai Security List. Administrators can choose the Block – DNS policy for an ​Akamai​ Security List. In the last release, this action was not available for ​Akamai​ Security Lists.

• Roaming location replaced with new Unidentified IPs location. Like the roaming location, the new Unidentified IPs location applies to users who are remote or make DNS requests from unexpected IP addresses or locations that are not already configured in ​SIA​. This location is available in ​SIA​ by default. A switch is also available on the Locations page where administrators can choose to allow or block traffic from Unidentified IP addresses.

• New Location IP Address/CIDR requirements. When configuring a location, these apply:

  • The bit prefix for an IPv4 address must be between 24 and 32.
  • The bit prefix for an IPv6 address must be between 120 and 128.
  • A location cannot use an IP address that is claimed or used by another organization.
  • A location cannot use an IP address that is configured for another ​SIA​ location in your network.

• Various reporting user interface updates:

  • In addition to the selected date range or applied filters, events are organized by the dimension a report viewer selects. For example, if the domain dimension is selected, events are grouped by domain.
  • A new Top 6 area lists the Top 6 values for the selected dimension. This data is also shown in a graph.
  • Event details and Indicators of Compromise (IOC) details are now accessible in a separate window when a user selects to view more event or domain information.
  • If your organization uses Enterprise Security Connector, Security Connector events are now available on the Security Connector tab of the Activity page (Monitoring > Activity).
  • The Threat Analysis page is now called Event Analysis (Monitoring > Events).

• ​Secure Internet Access Enterprise​ Guest Wi-Fi now available. ​SIA​ Guest Wi-Fi is a cloud-based solution that organizations can use to specifically configure, apply, and monitor an Acceptable Use Policy (AUP) for a guest wi-fi network.

• Upgrade functionality. An ​SIA​ administrator can now upgrade the Security Connector software. When an upgrade is available, an upgrade button is shown with the security connector configuration in ​SIA​. The upgrade process reboots the virtual machine and automatically updates the Security Connector software. This operation may take up to 10 minutes to complete.

• Reporting of Affected Machine Name. In addition to reporting the infected machine’s IP address, Security Connector now reports the name of the compromised machine. This information is reported to ​SIA​ if DNS Pointer (PTR) records are configured on the DNS name server that communicates with the security connector. ​SIA​ performs a reverse IP address lookup to identify this information. The Affected Machine Name appears as a filter or dimension on the Security Connector Events tab of the Threat Analysis page (Monitoring > Events).

• Support for VMware Tools. VMware tools in VMware ESXi 5.5 or later are now supported to manage and improve performance of the Security Connector virtual machine.

• YouTube Restricted Mode. ​SIA​ administrators can prevent end users from accessing mature video content. This setting is available within a policy configuration. If Safe Search is enabled, administrators can choose from strict and moderate restriction modes.

• Top-Level Domains List. ​SIA​ administrators can now create a list with top-level domains. This feature allows an enterprise to apply policy actions to requests based on the top-level domain. You can create a top-level domains list on the Custom Lists page (Configuration > Lists).

• New policy action. ​SIA​ now includes an Allow policy action. When assigned to a list in a policy, this action grants end users access to the domains and IP addresses in the list.

• Policy action name changes. These policy actions were renamed:

  • Sinkhole action is now called Block – Sinkhole

  • Block Page action is now called Block – Error Page

  • Deny action is now called Block - DNS

    The behavior of these policy actions are the same. These actions continue to block DNS requests and direct end users to an error message.

• Deny policy action no longer available for Akamai Security Lists. The Deny (now called Block – DNS) action is no longer available as a policy action for Akamai Security Lists. You can assign the Block – DNS action to custom lists only.

• If an existing policy configuration used the Deny action for an Akamai Security List, this action was replaced with the
  Block – Error Page action. Block – Error Page directs end users to custom error pages that are designed in ​SIA​.

• General availability of Enterprise Client Connector, a DNS proxy application that you download from ​SIA​ and configure for installation on users’ laptops. Client Connector allows organizations to protect laptops that are off the corporate network. With Client Connector, you can detect an end user’s network conditions, send off-network DNS requests to ​SIA​, log Client Connector activity, and identify the machine name. Client Connector is supported on the following operating systems: Microsoft Windows 10, Windows 7, Apple macOS Sierra, Mac OS X El Capitan, and Mac OS X Yosemite.

• General availability of Enterprise Security Connector, a virtual machine that you download from ​SIA​ and deploy in your network to collect suspicious or malicious traffic, identify machines or laptops that are infected with malware or are making requests to malicious domains. This information is directed to Security Connector based on the policy configuration. ​SIA​ reports on this data and allows administrators to correlate this data with threat event information. Security Connector is supported on VMware ESXi version 5.5 or later.

• In Akamai Control Center, ​SIA​ is now available under the Enterprise Security category. You can access ​SIA​ from these menu paths:

  • Monitor > Enterprise Security > ​Secure Internet Access Enterprise​

  • Configure > Enterprise Security > ​Secure Internet Access Enterprise​

    The former category Enterprise Cloud Networking was deprecated.

• An ​SIA​ administrator can now choose to allow or block traffic from the Roaming location, an ​SIA​ location that is reserved for users who are remote and make DNS requests from unexpected IP addresses. This option is available on the Locations page.