A: Viruses and worms are malicious programs that infect and often damage computer systems. To be infected with a virus, the user has to perform some action, like opening an email attachment or clicking on a link. Unlike a virus, a Worm can spread itself without the user doing anything.

Many companies and administrators use the terms Virus and Worm interchangeably; most often referring to a Worm as a Virus or by saying that it is a Virus that displays Worm behavior. Some of these malicious programs do have multiple infection vectors that are both Virus type infections where the user has to do something, and Worm type infections where the user simply has to have a vulnerable computer system. The infections we have seen in the past year were normally these types that have multiple ways of spreading.

A: A Trojan is a malicious program that often allows a remote user access or control of an infected computer system. A Trojan program often is very good at hiding itself. Because many Trojan programs are well hidden and difficult to remove the ITRC upgrade to a fresh operating system is often the best way to remove the infection. Trojan programs are of particular concern because at any given time the remote user could decide to erase all the data on an infected computer, to steal data from an infected computer, or to use the infected computer to attack other computers.

A: Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. Also known as malicious software.

First, you should use a scan program designed for malware detection to see if you're infected. Once you know your infection level, you'll be able to take back control of your computer.

Second, you can try to remove the malware manually, but removal is a difficult and complicated process for even the most experienced computer user. Without recognized, top-quality anti-malware software, malware removal will be incomplete at best.

Third, choose a malware protection solution. A complete anti-malware software package includes anti-spyware software and anti-virus protection and should be fortified with a firewall. Look for these qualities when selecting an anti-malware software solution:

• Provides frequent version and definition updates to combat the latest threats.

• Consistently wins awards from industry-leading publications.

• Has a dedicated, round-the-clock research team devoted to keeping track of malware evolution.

• Is backed by an innovative company with a solid business reputation.

A: Our platform architecture, application and operations are all designed to put the customer in complete control of their data and deliver the highest levels of trust, security and privacy available. This is based on a key set of features that:

• Enable flexible network coverage models so sensors can be deployed at the gateway, in the DMZ, in the corporate cloud or at the network core.

• Provide the flexibility to configure sensors to capture netflow, metadata, truncated flows or full-fidelity PCAP by protocol and application. Customers also have the ability to control visibility into any network flow through locally enforced policy.

• Preserve and persist encryption.

• Ensure security for data at rest and in motion.

• Scatter and obfuscate data across our cloud platform using our patent-pending Network Shattering™ technology.

If you'd like to read more about the extraordinary steps we take to ensure the trust, security and privacy, download our Advanced Trust, Security and Privacy by Design white paper.

A: ProtectWise sensors use patent-pending Optimized Network Replay technology to optimize and compress network traffic, reducing bandwidth consumption up to 80 percent and removing irrelevant traffic packets that have no security analysis value.

The sensors are completely configurable, providing customers with complete control over packet capture policy. The ProtectWise Sensor Profiler provides complete visibility into the composition of the traffic and gives customers the ability to quickly configure sensors to capture and replay full packets, netflow/metadata or stream heads by application and protocol.

A: The ProtectWise Wisdom Engine performs continuous, integrated threat detection both in real time and retrospectively. By combining payload inspection, contextual analysis and advanced heuristics with novel machine learning algorithms, ProtectWise is able to detect a broad range of security events, including exploit delivery, malware and data exfiltration attempts across more than 4,000 applications and protocols.

A: The ProtectWise Wisdom Engine uses machine learning, protocol analysis, certificate extraction and other data inputs to provide valuable insight into encrypted traffic. ProtectWise can also integrate with your existing SSL decryption devices to gain visibility into decrypted traffic flows.

A: The ProtectWise network sensors are completely configurable and policy-based. Customers are given the flexibility to configure sensors to capture netflow, metadata, truncated flows or full-fidelity packet capture by protocol and application.

A: There is no additional charge for the sensors and customers can deploy as many sensors as they need to achieve the network coverage they require.

A: The ProtectWise secure APIs work with almost any technology in the world. You can send outside data streams and analysis to the ProtectWise Visualizer or incorporate ProtectWise data and analytical feeds into your own proprietary visualization, SIEM and other reporting tools using our APIs or via a syslog emitter. Our publicly documented, secure APIs make it easy for developers to build applications on the platform. This includes both restful and streaming APIs.

A: Each sensor can replay multi-gigabits per second of data. Customers can deploy as many sensors as they need at no additional cost.

A: Darktrace virtually accepts every data format and typically works with core internal network traffic, collected by one of the following methods:

• Port scanning the organization's existing network equipment.

• Inserting or reusing an in-line network tap.

• Accessing any existing repositories of network data.

A: The Darktrace platform can easily be integrated into your existing detection and incident response processes as an additional, high integrity source of alerting. Alternatively we can do it for you. Cyberseer's threat detection and analysis service turns insight into actionable intelligence.

A: The Darktrace Enterprise Immune System is complemented by the Threat Visualizer, a graphical and interactive 3D interface designed to specifically enable analysts to visualize behaviours and investigate anomalies.

The Threat Visualizer provides a real time operational indication of the threat level an organization faces at any given time.

These visual insights provides the organizations Threat Analysts or the Cyberseer forensic team with a representation of the data flows across the business network historically and in real time, both external and internal and between all machines and users. The Threat

Visualizer is a high level interface that can be used by Threat Analysts with minimal training. Using Bayesian algorithms, it identifies top threats that are genuinely anomalous, allowing organizations to focus their attention and expertise proportionately, on areas of considerable risk.

Should an anomaly emerge, the Threat Visualizer will show the events leading up to and during the anomaly and contextually expose the factors that are, according to Darktrace, out of the ordinary.

A:

• Single worldwide view of the enterprise.

• Flexible dashboard.

• Designed for Threat Analysis.

• Global threat monitoring in real-time using sophisticated self-learning mathematics.

• Signature-free mathematical approaches allow detection of new emerging attacks that have not been seen before.

• Capability to replay historical data.

• Manually create rules and heuristics.

• Network appliance plugs directly into infrastructure.

The Darktrace Threat Visualizer allows corporate policy to be enforced and users can be monitored in accordance to defined criteria. The Threat Visualizer is powered by the Darktrace Platform and helps organizations to identify key assets and intellectual property. It allows threat levels to be monitored as they evolve and enable preventative actions to be made to protect an organisation and ultimately interrupt the cyber kill chain.

A: The range of anomalies Darktrace detects is very broad, because it sits at the heart of an organizations network. Darktrace finds anomalies that bypass other security tools, due to the Enterprise Immune System's unique ability to detect threats without reliance on rules, signatures or any prior knowledge of what it is looking for. The variety of anomalies is very broad because the principle of our software is that it has visibility of all the traffic as it flows inside and outside the organization. This allows us to see compliance issues, poor configuration, management/housekeeping and malicious attacks without signatures. Darktrace also detects threats from targeted and non-targeted campaigns, and we have detected the unusual behaviors of privileged and super-users within an organization.

A: Perfect data is not needed. Darktrace leverages two different approaches to detecting anomalies: comparing each device's behavior to its own history, and comparing devices to their peers. This peer comparison allows us to avoid learning existing bad behavior as normal because compromised devices will exhibit behavior different to their immediate peers.

So if your network was compromised before work commenced, a preexisting intrusion would be discovered as anomalous in comparison to the normal behavior of similar devices.

A: Encrypted traffic, regardless of whether it is decrypted within Darktrace, provides very valuable information. The time of day, source, destination, size of transfer, and even the existence of encrypted data is all available without decryption. This traffic is considered 'information-rich'. Encrypted data is a normal part of enterprise networks and Darktrace will operate successfully 'out of the box' without the customer needing to decrypt SSL/SSH communications or provide private keys.

A: Yes, Darktrace's vSensor allows you to extend visibility into your virtual environment to include this traffic between virtual devices. The vSensor installs into the hardware server as another virtual machine. Once configured with the VM manager and provided with network traffic, the vSensor spans traffic from a virtual switch and will send data to the master Darktrace appliance. The vSensor can only be used in conjunction with a physical Darktrace appliance. If it is not possible to span a virtual switch, the vSensor also supports the ingestion of traffic from multiple OS-Sensors. The OS-Sensor is installed on each virtual device that is to be monitored, and it captures all of the network traffic to/from that device, sending it to the vSensor for analysis. The vSensor plus OS-Sensor setup is suitable for cloud infrastructure like AWS, where you may not be able to span from a virtual switch. The OS-Sensor provides network visibility of devices it is installed on.

A: With a VMware clone, VMware is copying the files, while Simplivity simply modifies the metadata for the data blocks. The VMware clone is still your only way to clone to other (non-omnicube) datastores and your only way to customize during the clone.

A: vCenter and the arbiter should be installed outside the OmniCube Federation, but it can be either on a physical server or on a VM. The shared storage requires a witness or the Arbiter. Because of SSO, it is a good idea to run the domain controller outside of the Federation as well.

A: SecurityCenter® consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards, and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk. SecurityCenter includes functionality from Nessus® as well as the following additional capabilities:

• Measure security assurance and the effectiveness of your security investments using Tenable exclusive Assurance Report Cards (ARCs).

• Use customizable dashboards, reports, and workflows to quickly identify and rapidly respond to security incidents.

• Communicate consolidated metrics to business executives and other IT security stakeholders.

• View vulnerability management and security assurance trends across systems, services, and geographies.

• Group and control team member permissions by role.

• Use advanced analytics with actionable information and trending to prioritize events and alerts.

A: SecurityCenter Continuous View® is a comprehensive solution that provides continuous visibility and critical context, enabling decisive action. With advanced analytics, it gives you continued assurance that your security program is working. SecurityCenter Continuous View includes SecurityCenter capabilities, as well as the following additional capabilities:

• Provides information on which assets are connected to the network and how they are communicating.

• Monitors host activities and events, including who is accessing them and what is changing.

• Identifies previously unknown resources, changes in behavior, and new application usage.

• Delivers near real-time metrics for continuous security and compliance.

• Correlates real-time activity with the state-based vulnerability data.

A: The new capabilities in SecurityCenter 5 enable you to continuously measure, analyze, and visualize the security and risk posture of your enterprise. SecurityCenter 5 includes a brand new HTML5 based UI, which enables you to create highly customizable dashboards and reports to satisfy unique stakeholder needs, simplified workflows for faster trending and remediation, and new API's to make it easier to integrate with your existing IT processes and workflows. SecurityCenter 5 also includes the industry's first Assurance Report Cards (ARCs) that enable your Chief Information Security Officer (CISO) and security leaders to define the company's security program objectives in clear and concise terms, identify and close potential security gaps, and communicate effectiveness of your security investments to C-level executives and board members.

A: Critical Cyber Controls are executive focused ARCs that come pre-installed in SecurityCenter 5. They enable CISOs to validate the following top five security objectives which have the greatest impact to ensuring the security posture of any business.

• Objective #1: Track authorized inventory of hardware and software

• Objective #2: Remove vulnerabilities and misconfigurations

• Objective #3: Deploy a secure network

• Objective #4: Authorize user access to the systems

• Objective #5: Search for malware and intruders

Each Critical Cyber Control ARC can be customized to meet your specific security goals.

A: Nessus Agents are lightweight programs installed locally on a host - a laptop, virtual system, desktop, and/or server. Agents receive scanning instructions from a central Nessus Manager server, perform scans locally, and report vulnerability, compliance and system results back to the central server. Nessus Agents, available with Tenable.io Vulnerability Management and Nessus Manager, increase scan flexibility by making it easy to scan problematic assets such as those needing ongoing host credentials and assets that are offline. Agents also enable large-scale concurrent scanning with little network impact.

A: Today's extended networks and mobile devices make assessing and protecting all of your environment extremely difficult. Now it is possible to leverage Nessus Agent technology to increase scan coverage and remove blind spots. Nessus Agents were first introduced with Nessus 6.3 in February 2015, and platform coverage continues to expand.

Agents provide vulnerability scanning and configuration assessment access for:

• Transient systems, like laptops, that are often disconnected from the network when traditional scans run.

• Systems connected over limited bandwidth connections or across complex, segmented networks.

• Systems for which the security team lacks the credentials required to perform authenticated scanning.

• Fragile systems that are unsafe to scan with traditional scanning.

A: Nessus Agent scans, configured from within Tenable.io Vulnerability Management or Nessus Manager, identify vulnerabilities, policy-violating configurations, and malware on the hosts where they are installed, report results back to Tenable.io Vulnerability Management or Nessus Manager, and then the results are imported into SecurityCenter on a scheduled basis. By scheduling the import of the agent collections, you will ensure your reports and overall security metrics now include "all" the hosts in your environment.

A: Tenable recommends that you use Tenable.io to manage Nessus Agents and to transfer agent data to SecurityCenter.

Tenable recommends the Tenable.io deployment model for the following reasons:

• Safely secure your mobile workforce: You may have thousands or tens of thousands of remote/mobile workers whose laptops are not online during a vulnerability scan. Nessus Agents will run the scans locally and then upload result to Tenable.io when a connection is available, without the risk associated with every agent uploading its individual results through your firewall.

• Simplify management: Tenable manages Tenable.io for you. We are responsible for high availability, we backup the data, and we perform the software updates. You manage your vulnerability data, not the Tenable.io platform.

• Scale with ease: As your use of Nessus Agents increases, you will not need to upgrade your computing and storage infrastructure to accommodate growth.

• Scan your perimeter: Many SecurityCenter customers that already perform internal scanning to satisfy PCI compliance requirements also use Tenable.io Vulnerability Management to satisfy external PCI scanning requirements that must be performed by an approved scanning vendor (ASV). If you are not already using SecurityCenter to meet both internal as well as external PCI compliance scans, this deployment model will make it easy for you to use both of these SecurityCenter capabilities.

• Preserve internet bandwidth: Importing scan data in bulk from Tenable.io can be scheduled during off hours to preserve daytime bandwidth for your business users. Additionally, managing a single connection between Tenable.io and SecurityCenter reduces network overhead compared with managing thousands of connections with individual agents.

If desired, you can use Nessus Manager in place of Tenable.io Vulnerability Management to manage the agents. In this case, Tenable suggests you deploy Nessus Manager as a proxy between the agents and SecurityCenter.

A: On-premises proxy is resolving DNS requests initiated by Web servers.

• Websense Content Gateways - deployed either in explicit or transparent proxy mode - can resolve DNS requests initiated after a connection is made with a Web server; depending on its configuration.

• If these DNS requests are resolved from Websense's built-in DNS proxy caching or a different recursive DNS service, OpenDNS is bypassed.

• Please refer to Websense's support materials - linked here for your convenience - to ensure that Websense is configured to always resolve noninternal DNS requests using OpenDNS

A: The quality could come from a few factors, internet speed and quality, your network configuration, and or the hosted VOIP provider.

A: Provider rates change constantly, please call or email us so we can do a free consultation and look over your bills to see if you can lower the monthly costs.

There are many ways to increase productivity and reduce costs, unused features, SDWAN can increase efficiency by 35%, multiple carrier contracts created over time, misdesigned WAN not optimizing edge routers and firewalls and legacy TDM/circuit based infrastructure leaves unused trunks to waste.

A: When moving to a new building, you have to see what providers are in the area for your phone and internet service, then you need to check the low voltage cabling requirements that are needed and also that are in place. Please contact us for a free consultation and site survey of the new location and we can help with the entire process.

A: I would check with your phone/internet provider depending on what type of phones you have. If the service provider stated that everything looks good on their side, I would call your phone vendor. You can make a service request ticket by our support page or calling into support.

A: Latency issues could be caused by a number of things. The network infrastructure design could have been done poorly. A lot of things have to be considered when designing an infrastructure that suits your business needs such as if your business is local, regional or national, where your endpoints are located, how much data you are pushing and where.

A: A lot of considerations have to be taken when deciding to go into the cloud or on premise. Even though cloud is a buzz word right now it may not be the right fit for you. At 3GC we have the ability to be able to help you find the right solution or mixture of solutions that will be both operationally and cost effective.

A. We see that there is currently 56% inefficiency out there today, separate networks and storage leads to double the unused network capacity and network security requirements, new analytics and VMS software can help automate much of our physical security, integrate mobility to reduce human security efforts, old coax and cable infrastructure can be replaced with WiFi and new wired networks for efficiency.

A: Yes it is, the NVR would need a network connection to the internet and then we can configure it to be viewed remotely.

A: You can accomplish this in a number of ways, we could install a wide angle lens camera, or we can install a pan/tilt/zoom camera, 360 camera, etc. Please contact us for a free site survey so we can determine what camera is needed for your area.

A. We find that there is 51% of inefficiency out there with unused processing power, limited disaster recovery features, redundant circuits and boards, a lot of unused resources just sitting around and multi tiered networks take a lot of support and maintenance. By having a hyperconverged network we combine both hardware and virtualization layers and manage them holistically bringing efficiency.

A: Hosted IP phones run through the public internet and do not require carrier phone service. They require a quality network and internet service. An on premise phone system utilizes phone service from a carrier and the phone system is installed on site at your location. It does not use internet services.

A. From feedback from our clients we see a 45% inefficiency by misrouting of network flows, not maximizing switch backplanes, firewalls are not running all the features and using less than 30% processing capacity, only using 20% of server processing capacity, separate storage networks for different applications, security vulnerabilities, VLANs not setup correctly, and QOS and COS.

A. We find that there are always under utilized employees, you can reduce costs of insurance and benefits, reduce long training and ramp up times, short term project needs makes long term hires inefficient.

A: The layers within an office are defined as the "core" layer and the "access" layer. In a small or medium branch office, the core is typically composed of a branch router, which provides interconnection to remote locations outside the branch office. In larger branch offices, the core may be composed of the branch router as well as core switch devices aggregating access switches from the branch LAN. In all branch offices, access layer switches provide connectivity to user devices such as computers, printers, IP phones, wireless access points, cameras, and so on.

In branch offices with a small number of users (typically less than 20 and referred to as a micro-branch), the access switch and branch router functions may be consolidated within a single device, merging the access and core layers. There are two different deployment methods: Routing and Switching at the Core, and Routing to the Edge.

Routing and Switching at the Core: A traditional branch-office deployment is a mixture of Layer 3 (core) and Layer 2 (between the core and access). Network engineers are faced with complex designs involving routing and Spanning Tree. And because of the complexity, network management and visibility can be a challenge.

Routing to the Edge: Creating a Layer 3 network by extending routing to the edge (or access layer) is the optimal branch-office deployment since it creates a deterministic network, maximizes redundant links (ECMP) without the worry of a Layer 2 loop, and has superior convergence characteristics. A Layer 3 network also reduces the number of protocols required to run the network (such as Spanning Tree and VRRP) implemented between the core and edge/ access, which means less time managing and more time to innovating the network.

Each of the previous sections is further divided into five subsections:

• Physical Connectivity and Basic Switch Configuration

  • L2 / L3, VLAN, RVI, IPT, Management Interface

• High Availability

  • LAG, GRES, VRRP

• Switch Services

  • DHCP / BOOTP Relay, LLDP / LLDP-MED, GVRP, CoS

• Security and Network Management

  • 802.1X, DHCP Snooping, DAI, IP Source Guard, Firewall Filter on management interface, SSH, Juniper Networks J-Web Software / Juniper Networks Network and Security Manager (NSM)

A: Junos Pulse on Google Android requires OS version 2.0 or later and a network connection. It also requires your SSL VPN gateway to be ready for Junos Pulse on Google Android.

A: Google Android is an open platform, that is available on a multitude of devices. If you are experiencing difficulty, please contact your Helpdesk or your corporate IT department, for support.

A: Junos Pulse on Google Android supports connections to the Juniper Networks SSL VPN, to access your corporate network. Junos Pulse on Google Android also includes the Juniper Networks Mobile Security Suite of products, to protect your phone.

A: FortiCloud is a hosted wireless and UTM infrastructure management solution and log retention service for FortiGate®, FortiWiFi® and FortiAP® devices. It gives you centralized configuration management, location-based analytics and reporting, and log retention without the need for additional hardware and software. The feature set includes:

• One-touch provisioning of large scale security and wireless networks

• Configuration and device management from a single pane of glass

• Cloud-managed UTM

• Hosted log retention and cloud-based storage

• Wireless health and oversight at your fingertips

• Cloud management of wireless guest access

• Social media account login for Guest WiFi

• Rogue access point detection and analytics

• Built-in protection from APTs with FortiGuard sandboxing technology

• Location-based analytics with FortiPresence

• Instant security intelligence and analytics with FortiView

• Network health and utilization-based analytics and reporting

• Wireless configuration including security profiles per SSID for the Smart AP

A:

• Centralized Dashboard: system and log widgets plus real-time monitors

• FortiView Log Viewer: real-time log viewing with filters and download capability

• Drilldown Analysis: user and network activity analysis

• Report Generator: create custom report templates, and schedule reports in different formats to display location-based analytics or illustrate network usage patterns

• Device Management: configuration backup and history, script management, and alert profiles for real-time monitors

• AV Submission: shows the status of suspicious files undergoing cloud-based sandbox analysis

• Wireless Health Monitoring: bandwidth, usage, clients, interference, failed login and rogue APs

• Wireless Security Logs & Events: Authentication, Antivirus, IPS, Web Access, PCI compliance

• Wireless Configuration: SSIDs (including IPS, Antivirus and Web Filtering configuration), Authentication, Captive Portal, Platform Profiles, Tags and Network Settings

• Guest Management: ability to add guests and notify them if credentials via SMS or email

• Social Media Account Integration: ability for guests to connect to wireless accounts via social media

A: In a proxy-based antivirus profile on a FortiGate, the administrator selects Inspect Suspicious Files with FortiGuard Analytics to enable a FortiGate unit to upload suspicious files to FortiGuard for analysis. Once uploaded, the file will be executed and the resulting behavior analyzed for risk. If the file exhibits risky behavior or is found to contain a virus, a new virus signature is created and added to the FortiGuard antivirus signature database. The next time the FortiGate unit updates its antivirus database it will have the new signature.

FortiGuard Labs considers a file suspicious if it exhibits some unusual behavior, yet does not contain a known virus (the behaviors that FortiCloud Analytics considers suspicious will change depending on the current threat climate and other factors). The FortiCloud console enables administrators to view the status of any suspicious files uploaded: Pending, Clean, Malware, or Unknown. The console also provides data on time, user, and location of the infected file for forensic analysis.