• Upgrade functionality. An ​SIA​ administrator can now upgrade the Security Connector software. When an upgrade is available, an upgrade button is shown with the security connector configuration in ​SIA​. The upgrade process reboots the virtual machine and automatically updates the Security Connector software. This operation may take up to 10 minutes to complete.

• Reporting of Affected Machine Name. In addition to reporting the infected machine’s IP address, Security Connector now reports the name of the compromised machine. This information is reported to ​SIA​ if DNS Pointer (PTR) records are configured on the DNS name server that communicates with the security connector. ​SIA​ performs a reverse IP address lookup to identify this information. The Affected Machine Name appears as a filter or dimension on the Security Connector Events tab of the Threat Analysis page (Monitoring > Events).

• Support for VMware Tools. VMware tools in VMware ESXi 5.5 or later are now supported to manage and improve performance of the Security Connector virtual machine.

• YouTube Restricted Mode. ​SIA​ administrators can prevent end users from accessing mature video content. This setting is available within a policy configuration. If Safe Search is enabled, administrators can choose from strict and moderate restriction modes.

• Top-Level Domains List. ​SIA​ administrators can now create a list with top-level domains. This feature allows an enterprise to apply policy actions to requests based on the top-level domain. You can create a top-level domains list on the Custom Lists page (Configuration > Lists).

• New policy action. ​SIA​ now includes an Allow policy action. When assigned to a list in a policy, this action grants end users access to the domains and IP addresses in the list.

• Policy action name changes. These policy actions were renamed:

  • Sinkhole action is now called Block – Sinkhole

  • Block Page action is now called Block – Error Page

  • Deny action is now called Block - DNS

    The behavior of these policy actions are the same. These actions continue to block DNS requests and direct end users to an error message.

• Deny policy action no longer available for Akamai Security Lists. The Deny (now called Block – DNS) action is no longer available as a policy action for Akamai Security Lists. You can assign the Block – DNS action to custom lists only.

• If an existing policy configuration used the Deny action for an Akamai Security List, this action was replaced with the
  Block – Error Page action. Block – Error Page directs end users to custom error pages that are designed in ​SIA​.

• General availability of Enterprise Client Connector, a DNS proxy application that you download from ​SIA​ and configure for installation on users’ laptops. Client Connector allows organizations to protect laptops that are off the corporate network. With Client Connector, you can detect an end user’s network conditions, send off-network DNS requests to ​SIA​, log Client Connector activity, and identify the machine name. Client Connector is supported on the following operating systems: Microsoft Windows 10, Windows 7, Apple macOS Sierra, Mac OS X El Capitan, and Mac OS X Yosemite.

• General availability of Enterprise Security Connector, a virtual machine that you download from ​SIA​ and deploy in your network to collect suspicious or malicious traffic, identify machines or laptops that are infected with malware or are making requests to malicious domains. This information is directed to Security Connector based on the policy configuration. ​SIA​ reports on this data and allows administrators to correlate this data with threat event information. Security Connector is supported on VMware ESXi version 5.5 or later.

• In Akamai Control Center, ​SIA​ is now available under the Enterprise Security category. You can access ​SIA​ from these menu paths:

  • Monitor > Enterprise Security > ​Secure Internet Access Enterprise​

  • Configure > Enterprise Security > ​Secure Internet Access Enterprise​

    The former category Enterprise Cloud Networking was deprecated.

• An ​SIA​ administrator can now choose to allow or block traffic from the Roaming location, an ​SIA​ location that is reserved for users who are remote and make DNS requests from unexpected IP addresses. This option is available on the Locations page.

Akamai Support Access

• An ​SIA​ administrator can now enable Safe Search in a policy configuration. This feature allows you to block or prohibit adult and explicit content in search results that are completed by end users on Google or Bing search engines.

• An ​SIA​ administrator can now report a domain is a potential threat and include supporting information for our analysts to review.

• If an end user attempts to access a domain or IP address that is included in the Deny List, the end user is directed to an error page that indicates access to the domain is prohibited.

• Protect laptops that are off-network with the Enterprise Client Connector, a DNS proxy application that you download from the ​SIA​ portal and configure for installation on enterprise users’ laptops. The Client Connector allows you to apply an ​SIA​ policy to DNS requests that are made outside the corporate network. With the Client Connector, you can detect an end user’s network conditions, send off-network DNS requests to ​SIA​, log Client Connector activity, and identify the machine name.

• Identify the IP address of devices with the Enterprise Security Connector, a virtual machine that you deploy in your network to collect suspicious or malicious traffic, identify machines or laptops that are infected with malware or are making requests to malicious domains. This information is directed to the Security Connector based on the policy configuration. ​SIA​ reports on this data and allows administrators to correlate this data with threat event information.

• ​SIA​ administrators can now schedule a daily or weekly report that generates with alerts or all event data for the selected time period. Reports are generated and emailed to users who an administrator configures to receive scheduled report notifications.

• From the Communication tab on the Utilities page, ​SIA​ administrators can now easily provide email addresses for alert notifications. In future releases, the improved design of the Communication tab will allow administrators to configure notification emails for specific ​SIA​ features.

• From the Sinkhole tab on the Utilities page, ​SIA​ administrators complete a new process to create a custom sinkhole. ​SIA​ administrators can also now modify a sinkhole policy assignment.

• In an upcoming release, ​SIA​ administrators will be able to download an OVA file to create a virtual machine that is configured as a sinkhole in your network. The ​SIA​ sinkhole receives suspicious or malicious traffic and identifies machines that are infected with malware. To participate in the beta of the ​SIA​ sinkhole feature, contact your account representative.

• New reporting criteria or dimensions, including additional reporting dimensions for DNS activity. On the DNS Activity page, users can now view DNS activity data based on threat category and Autonomous System (AS) Name.

• The ability to create a PDF of the Dashboard or the DNS Activity page. Each PDF contains an image of the entire page, including the data, graphs, and applied filters.

• ​SIA​ administrators can now manage sinkholes from the Utilities page. A new Sinkhole tab is available.

• New options are available to upload text files that contain known or suspected domains or IP addresses for a custom list configuration.

• ​SIA​ administrators can now report a domain they believe is misclassified in a security list or incorrectly categorized in the Acceptable Use Policy.

• The “Drop” list action in a policy configuration is no longer available. If a list was previously assigned the “Drop” action, the lists are instead assigned the “Deny” action.

• The “Warning” action for a security or custom list in a policy is now called “Blockpage”. The behavior of the action has not changed.

• To share domain search results, an ​SIA​ user can now provide the URL of the Indicator Search results page to other ​SIA​ users.

• If a malicious or harmful domain is found with the Indicator Search, the search results now list known bad URLs within those domains.

• Event reports now generate data at near realtime.

• The ​SIA​ user documentation is updated, including the online help, User Guide, and Quick Start Guide.