Guide
TrainingSupportCommunity

About Access, Threat Protection, and Segmentation

Suggest Edits

Access

The ​Akamai​ Guardicore Platform Agent Access solution provides secure access to a wide range of enterprise applications, eliminating the need for traditional VPNs.

Depending on your Enterprise Application Access (EAA) configuration, Access can:

  • Provide clientless browser access. Securely access web-based (HTTP) applications directly through the browser, regardless of network location.
  • Integrate with remote desktop (RDP) and Secure Shell (SSH) applications. Gain secure remote access to RDP and SSH applications.
  • Secure client-access applications. Secure non-browser applications running locally on the end-user's machine, which communicate over the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or both protocols.

To learn more about Access, see the Enterprise Center for EAA documentation.

Threat Protection

Threat Protection directs DNS and web traffic to ​​Secure Internet Access Enterprise​ (SIA) for analysis. With ​​Akamai​ Guardicore Platform Agent, you can apply ​SIA policy to requests that are made inside and outside the corporate network.

Depending on the policy and client configuration in ​SIA​, as well as your organization's product license, ​Threat Protection can:

  • Forward DNS traffic. ​Threat Protection​ forwards DNS traffic when this configuration applies:
    • SIA​ Proxy is not enabled. In this situation, ​Threat Protection​ forwards only DNS traffic to ​SIA​.
    • SIA​ Proxy is enabled as a selective proxy.
      This behavior is supported when a user is on or off the corporate network. It's also available with all supported versions of the client that you can download in ​SIA​.
  • Forward all web traffic. You can configure ​Threat Protection to forward all web traffic to ​SIA​ Proxy for analysis. This occurs when you set ​Guardicore Platform Agent as the local web proxy on the user's device, you use Guardicore Platform Agent with an existing enterprise proxy, or you enable transparent traffic interception. This functionality is supported when a user is on or off the corporate network. Your organization needs to be licensed for ​SIA​ Advanced Threat to forward all traffic to ​SIA​ Proxy. Transparent traffic interception is supported on Windows with Guardicore Platform Agent 5.3.0 or later and on macOS with ​Guardicore Platform Agent 6.0.0 or later.

​Threat Protection​:

  • Detects an end user's network conditions.
  • Sends DNS requests to ​SIA​. You can protect user privacy by using TLS to encrypt connections. To learn more about DoT, see DNS over TLS.
  • Applies a ​SIA​ policy and other configuration settings to requests.
  • Logs user information. In ​SIA​, user information appears on the event reporting pages when a policy is violated and an event is logged. ​Threat Protection​ also includes its own logs. By default, Guardicore Platform Agent is set with the Info Only log type. This log type records system errors, while the Debug and Verbose log types record additional information, such as DNS lookup queries.
  • Identifies clients by device name. This information also means an enterprise may not need to deploy a security connector in their network to discover the machine name of an infected machine. When the Trust XFF header is enabled, ​Threat Protection​ identifies the internal client IP address of web traffic. It also identifies the client request ID.

To learn more about SIA, see the Secure Internet Access Enterprise documentation.

Segmentation

The ​Akamai​ Guardicore Segmentation Security Platform is a comprehensive data center and cloud security solution that provides a single console for managing segmentation, access control, and security policies throughout your entire environment.
The Segmentation service tracks all network connections of a protected endpoint, coupled with information on the processes involved in the connection. Guardicore Platform Agent validates each connection against a segmentation policy to allow, alert, or block the connection. The connection metadata and the applied action are reported to Centra.

To learn more about Segmentation, see the Guardicore Segmentation documentation (requires ​Akamai​ ​Control Center​ login).

To learn how to configure Segmentation in Guardicore Platform Agent, refer to the silent install instructions.

📘

This documentation doesn’t include instructions for setting up Enterprise Application Access (EAA), Secure Internet Access Enterprise (SIA), and Segmentation in the Enterprise Center or Centra management portals. For detailed instructions on how to configure and manage the services that are required to enable Access and Threat Protection in Guardicore Platform Agent, see the EAA and SIA documentation. For instructions on how to set up Segmentation in Centra, see the Guardicore Segmentation documentation (requires ​Akamai​ ​Control Center​ login).

Updated 11 days ago