Guide
TrainingSupportCommunity

About Access, Threat Protection, and Segmentation

Suggest Edits

Access

​Akamai​ ​Zero Trust Client​ (ZTC) secures access to enterprise applications. The Access solution delivers client-less access to browser-based (HTTP) applications and lets an organization secure access to remote desktop (RDP) and Secure Shell (SSH) applications.

​Akamai​ ​Zero Trust Client​ is a software that you deploy on user's computer. Users may use different wireless networks and stay connected to their applications. A virtual private network (VPN) is not required to secure access. ​Akamai​ ​Zero Trust Client​ creates a separate network interface, and can work next to a VPN.

​Akamai​ ​Zero Trust Client​ provides the capabilities of single sign-on (SSO) authentication and multi-factor authentication (MFA) solution.

You can control access to applications that are not browser based, run locally on the user's computer, and communicate over the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or both protocols.

Access supersedes the EAA Client.

To learn more about Access, see the Enterprise Center for EAA documentation.

Threat Protection

Threat Protection directs DNS and web traffic to ​​Secure Internet Access Enterprise​ (SIA) for analysis. With ​​Akamai​ ​Zero Trust Client​, you can apply ​SIA policy to requests that are made inside and outside the corporate network.

Depending on the policy and client configuration in ​SIA​, as well as your organization's product license, ​Threat Protection can:

  • Forward DNS traffic. ​Threat Protection​ forwards DNS traffic when this configuration applies:
    • SIA​ Proxy is not enabled. In this situation, ​Threat Protection​ forwards only DNS traffic to ​SIA​.
    • SIA​ Proxy is enabled as a selective proxy.
      This behavior is supported when a user is on or off the corporate network. It's also available with all supported versions of the client that you can download in ​SIA​.
  • Forward all web traffic. You can configure ​Threat Protection to forward all web traffic to ​SIA​ Proxy for analysis. This occurs when you set ​​Zero Trust Client​ as the local web proxy on the user's device, you use ​Zero Trust Client​ with an existing enterprise proxy, or you enable transparent traffic interception. This functionality is supported when a user is on or off the corporate network. Your organization needs to be licensed for ​SIA​ Advanced Threat to forward all traffic to ​SIA​ Proxy. Transparent traffic interception is supported on Windows with ​Zero Trust Client​ 5.3.0 or later and on macOS with ​​Zero Trust Client​ 6.0.0 or later.

​Threat Protection​:

  • Detects an end user's network conditions.
  • Sends DNS requests to ​SIA​. You can protect user privacy by using TLS to encrypt connections. To learn more about DoT, see DNS over TLS.
  • Applies a ​SIA​ policy and other configuration settings to requests.
  • Logs user information. In ​SIA​, user information appears on the event reporting pages when a policy is violated and an event is logged. ​Threat Protection​ also includes its own logs. By default, ZTC is set with the Info Only log type. This log type records system errors, while the Debug and Verbose log types record additional information, such as DNS lookup queries.
  • Identifies clients by device name. This information also means an enterprise may not need to deploy a security connector in their network to discover the machine name of an infected machine. When the Trust XFF header is enabled, ​Threat Protection​ identifies the internal client IP address of web traffic. It also identifies the client request ID.

Threat Protection supersedes the ETP Client.

To learn more about SIA, see the Secure Internet Access Enterprise documentation.

Segmentation

The ​Akamai​ Guardicore Segmentation Security Platform is a comprehensive data center and cloud security solution that provides a single console for managing segmentation, access control, and security policies throughout your entire environment.
The Segmentation module integrates Guardicore Centra Agent’s functionality into ​Zero Trust Client​ and tracks all network connections of a protected endpoint, coupled with information on the processes involved in the connection. Zero Trust Client validates each connection against a segmentation policy to allow, alert, or block the connection. The connection metadata and the applied action are reported to Centra.

To learn more about Segmentation, see the Guardicore Segmentation documentation (requires ​Akamai​ ​Control Center​ login).

To learn how to configure Segmentation in ​Zero Trust Client​, refer to the silent install instructions.

​Zero Trust Client​ 6.0.0 provides the following version of the Guardicore Agent within the installer: 5.50.24066.05935

📘

This documentation doesn’t include instructions for setting up Enterprise Application Access (EAA) and Secure Internet Access Enterprise (SIA) in the Enterprise Center management portal. For detailed instructions on how to configure and manage the services that are required to enable Access and Threat Protection in ZTC, see the EAA and SIA documentation.

Updated 5 months ago