How to Get Support

You can contact our support department by phone or through the submitting the form below.

For technical support please call: (877) 447-8685.

Please select Priority Level:

Frequently Asked Questions

  • Q: I have VoIP phones and I have quality issues. What could the problem be?

    A: The quality could come from a few factors, internet speed and quality, your network configuration, and or the hosted VOIP provider.

  • Q: My phone/internet bill is too high, what should I do?

    A: Provider rates change constantly, please call or email us so we can do a free consultation and look over your bills to see if you can lower the monthly costs.

    There are many ways to increase productivity and reduce costs, unused features, SDWAN can increase efficiency by 35%, multiple carrier contracts created over time, misdesigned WAN not optimizing edge routers and firewalls and legacy TDM/circuit based infrastructure leaves unused trunks to waste.

  • Q: I am moving to a new building, what do I need to check for my telecom/network equipment?

    A: When moving to a new building, you have to see what providers are in the area for your phone and internet service, then you need to check the low voltage cabling requirements that are needed and also that are in place. Please contact us for a free consultation and site survey of the new location and we can help with the entire process.

  • Q: I cant make inbound/outbound calls, what could be causing this?

    A: I would check with your phone/internet provider depending on what type of phones you have. If the service provider stated that everything looks good on their side, I would call your phone vendor. You can make a service request ticket by our support page or calling into support.

  • Q: I am having latency concerns in my network, what could be causing this?

    A: Latency issues could be caused by a number of things. The network infrastructure design could have been done poorly. A lot of things have to be considered when designing an infrastructure that suits your business needs such as if your business is local, regional or national, where your endpoints are located, how much data you are pushing and where.

  • Q: Should I have my IT services in the cloud or on premise?

    A: A lot of considerations have to be taken when deciding to go into the cloud or on premise. Even though cloud is a buzz word right now it may not be the right fit for you. At 3GC we have the ability to be able to help you find the right solution or mixture of solutions that will be both operationally and cost effective.

  • Q. How can my security surveillance system be setup to work at full capacity?

    A. We see that there is currently 56% inefficiency out there today, separate networks and storage leads to double the unused network capacity and network security requirements, new analytics and VMS software can help automate much of our physical security, integrate mobility to reduce human security efforts, old coax and cable infrastructure can be replaced with WiFi and new wired networks for efficiency.

  • Q: Is it possible to view my cameras remotely?

    A: Yes it is, the NVR would need a network connection to the internet and then we can configure it to be viewed remotely.

  • Q: I want to be able to view a wide area with a camera, how can I accomplish this?

    A: You can accomplish this in a number of ways, we could install a wide angle lens camera, or we can install a pan/tilt/zoom camera, 360 camera, etc. Please contact us for a free site survey so we can determine what camera is needed for your area.

  • Q. How can having a hyperconverged network help?

    A. We find that there is 51% of inefficiency out there with unused processing power, limited disaster recovery features, redundant circuits and boards, a lot of unused resources just sitting around and multi tiered networks take a lot of support and maintenance. By having a hyperconverged network we combine both hardware and virtualization layers and manage them holistically bringing efficiency.

  • Q: What is the difference between Hosted IP phones and an on premise phone system?

    A: Hosted IP phones run through the public internet and do not require carrier phone service. They require a quality network and internet service. An on premise phone system utilizes phone service from a carrier and the phone system is installed on site at your location. It does not use internet services.

  • Q. What happens when your network infrastructure is done incorrectly?

    A. From feedback from our clients we see a 45% inefficiency by misrouting of network flows, not maximizing switch backplanes, firewalls are not running all the features and using less than 30% processing capacity, only using 20% of server processing capacity, separate storage networks for different applications, security vulnerabilities, VLANs not setup correctly, and QOS and COS.

  • Q. How can staff augmentation help my company?

    A. We find that there are always under utilized employees, you can reduce costs of insurance and benefits, reduce long training and ramp up times, short term project needs makes long term hires inefficient.

  • Q: What is the general topology of a Juniper network?

    A: The layers within an office are defined as the "core" layer and the "access" layer. In a small or medium branch office, the core is typically composed of a branch router, which provides interconnection to remote locations outside the branch office. In larger branch offices, the core may be composed of the branch router as well as core switch devices aggregating access switches from the branch LAN. In all branch offices, access layer switches provide connectivity to user devices such as computers, printers, IP phones, wireless access points, cameras, and so on.

    In branch offices with a small number of users (typically less than 20 and referred to as a micro-branch), the access switch and branch router functions may be consolidated within a single device, merging the access and core layers. There are two different deployment methods: Routing and Switching at the Core, and Routing to the Edge.

    Routing and Switching at the Core: A traditional branch-office deployment is a mixture of Layer 3 (core) and Layer 2 (between the core and access). Network engineers are faced with complex designs involving routing and Spanning Tree. And because of the complexity, network management and visibility can be a challenge.

    Routing to the Edge: Creating a Layer 3 network by extending routing to the edge (or access layer) is the optimal branch-office deployment since it creates a deterministic network, maximizes redundant links (ECMP) without the worry of a Layer 2 loop, and has superior convergence characteristics. A Layer 3 network also reduces the number of protocols required to run the network (such as Spanning Tree and VRRP) implemented between the core and edge/ access, which means less time managing and more time to innovating the network.

    Each of the previous sections is further divided into five subsections:

    • Physical Connectivity and Basic Switch Configuration
      • L2 / L3, VLAN, RVI, IPT, Management Interface
    • High Availability
      • LAG, GRES, VRRP
    • Switch Services
      • DHCP / BOOTP Relay, LLDP / LLDP-MED, GVRP, CoS
    • Security and Network Management
      • 802.1X, DHCP Snooping, DAI, IP Source Guard, Firewall Filter on management interface, SSH, Juniper Networks J-Web Software / Juniper Networks Network and Security Manager (NSM)
  • Q: What is required to run the Junos Pulse app on my Google Android device?

    A: Junos Pulse on Google Android requires OS version 2.0 or later and a network connection. It also requires your SSL VPN gateway to be ready for Junos Pulse on Google Android.

  • Q: Will Junos Pulse work on my specific Google Android device?

    A: Google Android is an open platform, that is available on a multitude of devices. If you are experiencing difficulty, please contact your Helpdesk or your corporate IT department, for support.

  • Q: What features does the Junos Pulse on Google Android support?

    A: Junos Pulse on Google Android supports connections to the Juniper Networks SSL VPN, to access your corporate network. Junos Pulse on Google Android also includes the Juniper Networks Mobile Security Suite of products, to protect your phone.

  • Q: What is FortiCoud?

    A: FortiCloud is a hosted wireless and UTM infrastructure management solution and log retention service for FortiGate®, FortiWiFi® and FortiAP® devices. It gives you centralized configuration management, location-based analytics and reporting, and log retention without the need for additional hardware and software. The feature set includes:

    • One-touch provisioning of large scale security and wireless networks
    • Configuration and device management from a single pane of glass
    • Cloud-managed UTM
    • Hosted log retention and cloud-based storage
    • Wireless health and oversight at your fingertips
    • Cloud management of wireless guest access
    • Social media account login for Guest WiFi
    • Rogue access point detection and analytics
    • Built-in protection from APTs with FortiGuard sandboxing technology
    • Location-based analytics with FortiPresence
    • Instant security intelligence and analytics with FortiView
    • Network health and utilization-based analytics and reporting
    • Wireless configuration including security profiles per SSID for the Smart AP
  • Q: What functions does FortiCloud have?

    A:

    • Centralized Dashboard: system and log widgets plus real-time monitors
    • FortiView Log Viewer: real-time log viewing with filters and download capability
    • Drilldown Analysis: user and network activity analysis
    • Report Generator: create custom report templates, and schedule reports in different formats to display location-based analytics or illustrate network usage patterns
    • Device Management: configuration backup and history, script management, and alert profiles for real-time monitors
    • AV Submission: shows the status of suspicious files undergoing cloud-based sandbox analysis
    • Wireless Health Monitoring: bandwidth, usage, clients, interference, failed login and rogue APs
    • Wireless Security Logs & Events: Authentication, Antivirus, IPS, Web Access, PCI compliance
    • Wireless Configuration: SSIDs (including IPS, Antivirus and Web Filtering configuration), Authentication, Captive Portal, Platform Profiles, Tags and Network Settings
    • Guest Management: ability to add guests and notify them if credentials via SMS or email
    • Social Media Account Integration: ability for guests to connect to wireless accounts via social media
  • Q: How does Cloud Sandboxing and AV Submission work?

    A: In a proxy-based antivirus profile on a FortiGate, the administrator selects Inspect Suspicious Files with FortiGuard Analytics to enable a FortiGate unit to upload suspicious files to FortiGuard for analysis. Once uploaded, the file will be executed and the resulting behavior analyzed for risk. If the file exhibits risky behavior or is found to contain a virus, a new virus signature is created and added to the FortiGuard antivirus signature database. The next time the FortiGate unit updates its antivirus database it will have the new signature.

    FortiGuard Labs considers a file suspicious if it exhibits some unusual behavior, yet does not contain a known virus (the behaviors that FortiCloud Analytics considers suspicious will change depending on the current threat climate and other factors). The FortiCloud console enables administrators to view the status of any suspicious files uploaded: Pending, Clean, Malware, or Unknown. The console also provides data on time, user, and location of the infected file for forensic analysis.

  • Q: How soon does FortiCloud Sandbox generate new signatures for malware?

    A: Database signatures for new malware are generated within 10-20 minutes and pushed to the connected FortiGates immediately, if the user has enabled FortiSandbox Database functionality on the FortiGate.

  • Q: Why can I not see any management functions?

    A: You must first enable the management tunnel on the FortiGate/FortiWiFi device. On the device, use the following commands in the CLI:
    - config system central-management
    -set mode backup
    - set type fortiguard
    - end

  • Q: Can I set up high availability (HA) logging with FortiCloud?

    A: FortiCloud accepts inbound logs from each device independently, and has no means of detecting that connected devices are in an HA cluster. Though multiple HA clustered devices will theoretically send identical logs to FortiCloud, if one device stops logging or is unable to reach FortiCloud, the other devices will not send logs on its behalf.

  • Q: What is the FortiCloud AP Network feature?

    A: This feature allows administrators to remotely configure APs, modify wireless management settings and visualize wireless-related events. Examples of configuration changes include AP name and SSID configuration, power settings and rogue AP detection. Wireless management settings include RADIUS details, standard users/groups/guests and SSIDs/security. There are a robust set of visualizations including real-time and historical charting of traffic usage, AP client counts and client usage. Think of it as a comprehensive way to manage your wireless infrastructure via the cloud.

  • Q: What are BeamFlex and SmartCast?

    A: They are patent-pending smart antenna and RF traffic engineering technologies (respectively) embedded into every Ruckus system. BeamFlex is MIMO smart antenna technology and represents the industry's most advanced multiple input/multiple output (MIMO) antenna implementation of its kind. It combines a compact internal antenna array with expert system control software. The result is an intuitive WiFi system that continuously ranks the best antenna pattern for each receiving device, constantly reconfiguring itself in realtime as interference is encountered. BeamFlex steers RF signals around interference to eliminate WiFi dead spots while increasing the range and performance of the WiFi network.

    SmartCast is a very sophisticated traffic inspection and classification engine that provides a number of unique functions such as remote RF monitoring, quality of service and application-aware content parsing. SmartCast ensures that different traffic types are each handled according to their specific requirements. Combined, SmartCast and BeamFlex provide the predictable performance needed for picture-perfect multimedia content delivery.

  • Q: Can't I just use any Ehternet-equipped access point and adapter for WiFi video?

    A: While it is possible to use off-the-shelf APs and adapters for wireless video streaming at very short distances (less than 20ft / 6m), most homes and apartments do not benefit from such conditions. Most urban home environments are very "noisy" with microwave ovens, cordless phones and neighbor WiFi noise - all of which introduce interference and degrade wireless transmissions. In turn, off-the-shelf wireless solutions aren't suitable for IPTV over WiFi. This has been the central problem that has plagued WiFi from being the universal networking infrastructure for all voice, video and data communications in the home. Ruckus has solved this exact problem.

  • Q: Is BeamFlex a standards-based technology?

    A: Yes. BeamFlex applies MIMO diversity techniques to standards-based 802.11 a/b/g/n technologies to eliminate dead spots, increase range and performance for all standard 802.11 devices. For example, any 802.11 b/g client station that associates with a BeamFlex powered AP can instantly benefit from the increased range and throughput, with no configuration changes required on the client. Unlike all other approaches, BeamFlex gives users all the benefits of MIMO without the cost or complexity.

  • Q: How does the BeamFlex technology work?

    A: The newest Ruckus product is equipped with a compact, internal antenna array with twelve high-gain, directional antenna elements capable of forming 4096 unique antenna patterns for massive diversity. The BeamFlex expert system control software continuously ranks the optimum antenna patterns for each receiving device, using the inherent feedback mechanism built into the 802.11 MAC layer protocol. This knowledge enables the BeamFlex antenna array to reconfigure itself in real-time, detecting and adjusting for both spectral and multipath interference as well as neighbor network noise. By selecting the optimum antenna pattern for each receiving device, BeamFlex enables better signal quality and higher communications speeds over the 802.11 Wi-Fi network. The massive diversity of the BeamFlex antenna systems allows Ruckus devices to find and instantly select from many quality signal paths in a changing environment to sustain the baseline performance required for data, voice and video applications. The BeamFlex technology alone extends the range and throughput of standard 802.11 clients by 200 to 300 percent.

  • Q: What is MIMO?

    A: MIMO stands for multiple input; multiple output. It's an antenna technology for wireless communications in which multiple antennas are used at both the transmitter and the receiver. The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. MIMO generally operates in two modes: diversity mode and spatial multiplexing mode. In diversity mode, MIMO systems use multiple antennas arrays to maximize range and throughput between two wireless devices by choosing the best signal path between them. In spatial multiplexing Mode, MIMO systems use multiple radio chains and signal paths to simultaneously transmit different data elements, where the receiver "recombines" the signals and data elements, ideally resulting in higher throughput (for more detailed information, please download our whitepaper on smart antenna techniques).

  • Q: Does Ruckus support MIMO?

    A: Yes. BeamFlex implements diversity mode but not spatial multiplexing mode, which currently has not been standardized. We use multiple antennas at each end to establish the best possible path at any given time for any given packet. Implementing spatial multiplexing mode today would require proprietary algorithms to be supported on both the AP and the client stations to attain its benefits.

    I've seen some new higher-speed WiFi routers and adapters that tout 108Mb/s, MIMO and Pre-N standard. How do the Ruckus products compare?

    802.11N is the next-generation standard for WiFi. It is currently in the early stages of standard development and a draft standard is not yet available. The consensus in the industry is that the standard will be finalized by late 2006/early 2007. The point to remember is that sending video over WiFi requires much more than bandwidth and network capacity. It requires reliable and predictable network characteristics. This is especially challenging with WiFi.

    The current .11N proposals have centered on the use of MIMO technologies to increase range and performance. However, there are many modes of operation in MIMO and within each mode, many options. Some of the MIMO techniques, such as spatial multiplexing, requires changes to both the network and the client and must be standardized to ensure multi-vendor interoperability. Other techniques such as antenna diversity can be implemented on only the network or the client side and be interoperable with all standards-compliant devices in the same network. Early "pre-N" or MIMO products that implement spatial multiplexing, such as the Belkin Pre-N wireless router and notebook network card, and the Linksys SRX MIMO router/access point and adapters, require a dual-end solution, i.e., both the router/AP and the client adapter from the same vendor must be used together to deliver the promised benefits. Worst yet, their spatial multiplexing algorithms are non-standard and will be obsolete when 802.11N is available. Lastly, these products are optimized for managing PC-centric data applications, not video applications.

    The Ruckus approach is completely standards complaint. Our BeamFlex technology, while providing the benefits of MIMO’s diversity techniques, works within the 802.11b/g standard. With the Ruckus AP, the range and performance advantages benefit all 802.11b/g clients without any upgrades on the client side. The Ruckus products are also tuned for video applications, with innovative, advanced QoS and multicast IPTV extensions that are not available in any other products in the market.

  • Q: Won't 802.11n solve all my problems?

    A: The new IEEE 802.11n standard represents a significant advance in WiFi technology with physical data rates up to 600Mbps, which promises a tremendous leap in performance and coverage over its predecessors, 802.11a and g. Yet users won’t see much of this bandwidth because other vendors of systems based on 802.11n do little to control over radio frequency (RF) variability beyond integrating more radio chains and antennas.

    The typical response to RF impairments within the 802.11 standard is to lower the data rate, increase the transmit power and/or move to a cleaner RF channel. Unfortunately, power and channel adjustments are not always viable due to regulations and environmental constraints, and reducing the data rate yields lower throughput and increases the noise level in the environment.

    Fundamentally, most 802.11 systems utilize omni-directional antennas that radiate energy equally in all directions. This is highly inefficient and creates interference for neighboring networks. Moreover, with 802.11n, omni-directional transmissions by multiple radio chains can actually have a negative effect on system performance and reliability if the antennas are insufficiently spaced or improperly oriented.

    Ruckus' Smart WiFi technology combines BeamFlex advances in miniaturized multi-element antenna design and sophisticated RF routing software to direct signals onto the best paths in real time, to deliver the highest possible performance and reliability in ever changing RF conditions. It also features SmartCast client- and media-intelligent QoS to optimize multimedia transmissions. With 802.11n, Ruckus Smart WiFi has been extended to optimize antenna operations with multiple radios and intelligent channel utilization software to overcome many of the challenges in realizing 802.11n's true potential.

  • Q: Why are SmartCast QoS features necessary?

    A: Off-the-shelf WLAN devices don't differentiate between the various traffic types (voice, video, data) on the network. All traffic is created as equal, and thus the WLAN typically works in a "first-come, first-served" fashion. Frequently, it is the PC-data clients transferring large files that capture much of the bandwidth. Real-time media and voice over WiFi applications need stable, predictable delivery of short frames. Specifically, jitter, latency, and loss must all be minimized when carrying real-time traffic. Variability in packet inter-arrival time produces jitter, manifested as audible gaps. Delayed delivery or loss of streamed audio or video packets can be smoothed through buffering, but VoIP packet latency can render phone calls unusable.

    The solution is to have the system use a per-client, per-traffic-class QoS methodology so that every client and every traffic flow is given the right prioritization. Ruckus Smart WiFi technology incorporates SmartCast to optimize traffic management algorithms to ensure adequate, on-demand bandwidth for multiple voice and video streams while maintaining adequate bandwidth for data applications. Accomplishing this requires real-time measurement of per-device QoS and algorithms that continuously adapt to the changing RF environment. In addition, the WLAN is optimized for voice by supporting industry standards Unscheduled Automatic Power Save Delivery (U-APSD) that greatly improves battery life for the client.

  • Q: Don't I just need a higher-speed WiFi product to make IPTV / video work?

    A: Not necessarily. Adding bandwidth to the WiFi network will not automatically enable wireless video distribution. Video requires a consistent, low-delay availability of network bandwidth. Newer WLAN technologies such as spatial multiplexing mode in MIMO increases the wireless data rate but will not guarantee bandwidth consistency. As radio signals ebb and flow (due to motion or interference from Bluetooth phones, for example) and other applications compete for the WLAN's bandwidth, transmission errors and delays will still occur.

  • Q: Don't I just need a WiFi product that supports the 802.11e or WMM (WiFi Multimedia, a WiFi Alliance interoperability certification) to make voice and video work?

    A: WMM and 802.11e were intended for adding basic QoS features to IEEE 802.11 WiFi networks by prioritizing traffic according to four access categories: voice, video, best-effort and background. However, they require complex configurations and cannot differentiate between applications at the same priority. SmartCast QoS automatically detects data, voice, and IPTV traffic and prioritize them according to bandwidth and delay requirements. In addition, per-station queuing on Ruckus products provides much finer granularity and higher precision for bandwidth prioritization compared to other WiFi products in the market.

  • Q: Is the Ruckus AP the same product as the Netgear RangeMax Smart MIMO router, which is also based on Ruckus Wireless technologies?

    A: NETGEAR's RangeMax router only integrates Ruckus BeamFlex technology and is positioned to extend the coverage and capacity of WiFi for use in data applications. In other words, NETGEAR's RangeMax router is optimized for high performance data, not video. It does not support Ruckus SmartCast technology.

  • Q: What's different about Ruckus' Smart Mesh Networking technology?

    A: Ruckus Smart Mesh Networking is unique in that it provides for a high-speed 802.11n mesh backbone link between mesh APs. In addition, Smart Mesh Networking is truly self-configuring. The AP takes on the appropriate personality of a root, intermediate mesh node, or leaf node, dynamically, and without any user intervention. This is unlike conventional WiFi mesh systems, where such personality settings have to be statically configured ahead of time by the user, which is both time consuming, and also non-optimal, as best paths change due to interference and other real time network changes.

  • Q: What's the difference between Viruses and Worms?

    A: Viruses and worms are malicious programs that infect and often damage computer systems. To be infected with a virus, the user has to perform some action, like opening an email attachment or clicking on a link. Unlike a virus, a Worm can spread itself without the user doing anything.

    Many companies and administrators use the terms Virus and Worm interchangeably; most often referring to a Worm as a Virus or by saying that it is a Virus that displays Worm behavior. Some of these malicious programs do have multiple infection vectors that are both Virus type infections where the user has to do something, and Worm type infections where the user simply has to have a vulnerable computer system. The infections we have seen in the past year were normally these types that have multiple ways of spreading.

  • Q: What is a Trojan?

    A: A Trojan is a malicious program that often allows a remote user access or control of an infected computer system. A Trojan program often is very good at hiding itself. Because many Trojan programs are well hidden and difficult to remove the ITRC upgrade to a fresh operating system is often the best way to remove the infection. Trojan programs are of particular concern because at any given time the remote user could decide to erase all the data on an infected computer, to steal data from an infected computer, or to use the infected computer to attack other computers.

  • Q: How can I remove Malware?

    A: Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. Also known as malicious software.

    First, you should use a scan program designed for malware detection to see if you're infected. Once you know your infection level, you'll be able to take back control of your computer.

    Second, you can try to remove the malware manually, but removal is a difficult and complicated process for even the most experienced computer user. Without recognized, top-quality anti-malware software, malware removal will be incomplete at best.

    Third, choose a malware protection solution. A complete anti-malware software package includes anti-spyware software and anti-virus protection and should be fortified with a firewall. Look for these qualities when selecting an anti-malware software solution:

    • Provides frequent version and definition updates to combat the latest threats.
    • Consistently wins awards from industry-leading publications.
    • Has a dedicated, round-the-clock research team devoted to keeping track of malware evolution.
    • Is backed by an innovative company with a solid business reputation.
  • Q: How can I be assured that my data is secure in the ProtectWise cloud platform?

    A: Our platform architecture, application and operations are all designed to put the customer in complete control of their data and deliver the highest levels of trust, security and privacy available. This is based on a key set of features that:

    • Enable flexible network coverage models so sensors can be deployed at the gateway, in the DMZ, in the corporate cloud or at the network core.
    • Provide the flexibility to configure sensors to capture netflow, metadata, truncated flows or full-fidelity PCAP by protocol and application. Customers also have the ability to control visibility into any network flow through locally enforced policy.
    • Preserve and persist encryption.
    • Ensure security for data at rest and in motion.
    • Scatter and obfuscate data across our cloud platform using our patent-pending Network Shattering™ technology.

    If you'd like to read more about the extraordinary steps we take to ensure the trust, security and privacy, download our Advanced Trust, Security and Privacy by Design white paper.

  • Q: If I replay my network traffic to the cloud, won't it consume too much bandwidth?

    A: ProtectWise sensors use patent-pending Optimized Network Replay technology to optimize and compress network traffic, reducing bandwidth consumption up to 80 percent and removing irrelevant traffic packets that have no security analysis value.

    The sensors are completely configurable, providing customers with complete control over packet capture policy. The ProtectWise Sensor Profiler provides complete visibility into the composition of the traffic and gives customers the ability to quickly configure sensors to capture and replay full packets, netflow/metadata or stream heads by application and protocol.

  • Q: What types of threats does ProtectWise detect?

    A: The ProtectWise Wisdom Engine performs continuous, integrated threat detection both in real time and retrospectively. By combining payload inspection, contextual analysis and advanced heuristics with novel machine learning algorithms, ProtectWise is able to detect a broad range of security events, including exploit delivery, malware and data exfiltration attempts across more than 4,000 applications and protocols.

  • Q: What do you do with encrypted traffic?

    A: The ProtectWise Wisdom Engine uses machine learning, protocol analysis, certificate extraction and other data inputs to provide valuable insight into encrypted traffic. ProtectWise can also integrate with your existing SSL decryption devices to gain visibility into decrypted traffic flows.

  • Q: What if I don't want to replay full PCAP but just want to replay part of my network traffic?

    A: The ProtectWise network sensors are completely configurable and policy-based. Customers are given the flexibility to configure sensors to capture netflow, metadata, truncated flows or full-fidelity packet capture by protocol and application.

  • Q: How may sensors can I deploy? How much do they cost?

    A: There is no additional charge for the sensors and customers can deploy as many sensors as they need to achieve the network coverage they require.

  • Q: What other type of security solutions can ProtectWise integrate with?

    A: The ProtectWise secure APIs work with almost any technology in the world. You can send outside data streams and analysis to the ProtectWise Visualizer or incorporate ProtectWise data and analytical feeds into your own proprietary visualization, SIEM and other reporting tools using our APIs or via a syslog emitter. Our publicly documented, secure APIs make it easy for developers to build applications on the platform. This includes both restful and streaming APIs.

  • Q: How much traffic can one ProtectWise network sensor handle?

    A: Each sensor can replay multi-gigabits per second of data. Customers can deploy as many sensors as they need at no additional cost.

  • Q: What data can Darktrace ingest?

    A: Darktrace virtually accepts every data format and typically works with core internal network traffic, collected by one of the following methods:

    • Port scanning the organization's existing network equipment.
    • Inserting or reusing an in-line network tap.
    • Accessing any existing repositories of network data.
  • Q: How much resource do I need to run Darktrace?

    A: The Darktrace platform can easily be integrated into your existing detection and incident response processes as an additional, high integrity source of alerting. Alternatively we can do it for you. Cyberseer's threat detection and analysis service turns insight into actionable intelligence.

  • Q: But, what is the threat visualizer?

    A: The Darktrace Enterprise Immune System is complemented by the Threat Visualizer, a graphical and interactive 3D interface designed to specifically enable analysts to visualize behaviours and investigate anomalies.

    The Threat Visualizer provides a real time operational indication of the threat level an organization faces at any given time.

    These visual insights provides the organizations Threat Analysts or the Cyberseer forensic team with a representation of the data flows across the business network historically and in real time, both external and internal and between all machines and users. The Threat Visualizer is a high level interface that can be used by Threat Analysts with minimal training. Using Bayesian algorithms, it identifies top threats that are genuinely anomalous, allowing organizations to focus their attention and expertise proportionately, on areas of considerable risk.

    Should an anomaly emerge, the Threat Visualizer will show the events leading up to and during the anomaly and contextually expose the factors that are, according to Darktrace, out of the ordinary.

  • Q: But what benefits does the Darktrace Enterprise Immune System and the Threat Visualizer offer?

    A:

    • Single worldwide view of the enterprise.
    • Flexible dashboard.
    • Designed for Threat Analysis.
    • Global threat monitoring in real-time using sophisticated self-learning mathematics.
    • Signature-free mathematical approaches allow detection of new emerging attacks that have not been seen before.
    • Capability to replay historical data.
    • Manually create rules and heuristics.
    • Network appliance plugs directly into infrastructure.

    The Darktrace Threat Visualizer allows corporate policy to be enforced and users can be monitored in accordance to defined criteria. The Threat Visualizer is powered by the Darktrace Platform and helps organizations to identify key assets and intellectual property. It allows threat levels to be monitored as they evolve and enable preventative actions to be made to protect an organisation and ultimately interrupt the cyber kill chain.

  • Q: What type of anomalies does Darktrace detect?

    A: The range of anomalies Darktrace detects is very broad, because it sits at the heart of an organizations network. Darktrace finds anomalies that bypass other security tools, due to the Enterprise Immune System's unique ability to detect threats without reliance on rules, signatures or any prior knowledge of what it is looking for. The variety of anomalies is very broad because the principle of our software is that it has visibility of all the traffic as it flows inside and outside the organization. This allows us to see compliance issues, poor configuration, management/housekeeping and malicious attacks without signatures. Darktrace also detects threats from targeted and non-targeted campaigns, and we have detected the unusual behaviors of privileged and super-users within an organization.

  • Q: What if I get an infection before we start? What if my network is already compromised?

    A: Perfect data is not needed. Darktrace leverages two different approaches to detecting anomalies: comparing each device's behavior to its own history, and comparing devices to their peers. This peer comparison allows us to avoid learning existing bad behavior as normal because compromised devices will exhibit behavior different to their immediate peers.

    So if your network was compromised before work commenced, a preexisting intrusion would be discovered as anomalous in comparison to the normal behavior of similar devices.

  • Q: What happens if all network traffic is encrypted and Darktrace is deployed?

    A: Encrypted traffic, regardless of whether it is decrypted within Darktrace, provides very valuable information. The time of day, source, destination, size of transfer, and even the existence of encrypted data is all available without decryption. This traffic is considered 'information-rich'. Encrypted data is a normal part of enterprise networks and Darktrace will operate successfully 'out of the box' without the customer needing to decrypt SSL/SSH communications or provide private keys.

  • Q: Can Darktrace support virtualized environments and cloud services?

    A: Yes, Darktrace's vSensor allows you to extend visibility into your virtual environment to include this traffic between virtual devices. The vSensor installs into the hardware server as another virtual machine. Once configured with the VM manager and provided with network traffic, the vSensor spans traffic from a virtual switch and will send data to the master Darktrace appliance. The vSensor can only be used in conjunction with a physical Darktrace appliance. If it is not possible to span a virtual switch, the vSensor also supports the ingestion of traffic from multiple OS-Sensors. The OS-Sensor is installed on each virtual device that is to be monitored, and it captures all of the network traffic to/from that device, sending it to the vSensor for analysis. The vSensor plus OS-Sensor setup is suitable for cloud infrastructure like AWS, where you may not be able to span from a virtual switch. The OS-Sensor provides network visibility of devices it is installed on.

  • Q: Is there a difference between a VMware Clone and a Simplivity Clone?

    A: With a VMware clone, VMware is copying the files, while Simplivity simply modifies the metadata for the data blocks. The VMware clone is still your only way to clone to other (non-omnicube) datastores and your only way to customize during the clone.

  • Q: Where should vCenter and the Simplvity arbiter be installed?

    A: vCenter and the arbiter should be installed outside the OmniCube Federation, but it can be either on a physical server or on a VM. The shared storage requires a witness or the Arbiter. Because of SSO, it is a good idea to run the domain controller outside of the Federation as well.

  • Q: What is SecurityCenter®?

    A: SecurityCenter® consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards, and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk. SecurityCenter includes functionality from Nessus® as well as the following additional capabilities:

    • Measure security assurance and the effectiveness of your security investments using Tenable exclusive Assurance Report Cards (ARCs).
    • Use customizable dashboards, reports, and workflows to quickly identify and rapidly respond to security incidents.
    • Communicate consolidated metrics to business executives and other IT security stakeholders.
    • View vulnerability management and security assurance trends across systems, services, and geographies.
    • Group and control team member permissions by role.
    • Use advanced analytics with actionable information and trending to prioritize events and alerts.
  • Q: What is SecurityCenter® Continuous View?

    A: SecurityCenter Continuous View® is a comprehensive solution that provides continuous visibility and critical context, enabling decisive action. With advanced analytics, it gives you continued assurance that your security program is working. SecurityCenter Continuous View includes SecurityCenter capabilities, as well as the following additional capabilities:

    • Provides information on which assets are connected to the network and how they are communicating.
    • Monitors host activities and events, including who is accessing them and what is changing.
    • Identifies previously unknown resources, changes in behavior, and new application usage.
    • Delivers near real-time metrics for continuous security and compliance.
    • Correlates real-time activity with the state-based vulnerability data.
  • Q: What is unique about SecurityCenter 5?

    A: The new capabilities in SecurityCenter 5 enable you to continuously measure, analyze, and visualize the security and risk posture of your enterprise. SecurityCenter 5 includes a brand new HTML5 based UI, which enables you to create highly customizable dashboards and reports to satisfy unique stakeholder needs, simplified workflows for faster trending and remediation, and new API's to make it easier to integrate with your existing IT processes and workflows. SecurityCenter 5 also includes the industry's first Assurance Report Cards (ARCs) that enable your Chief Information Security Officer (CISO) and security leaders to define the company's security program objectives in clear and concise terms, identify and close potential security gaps, and communicate effectiveness of your security investments to C-level executives and board members.

  • Q: What are Critical Cyber Controls, and how do they help me?

    A: Critical Cyber Controls are executive focused ARCs that come pre-installed in SecurityCenter 5. They enable CISOs to validate the following top five security objectives which have the greatest impact to ensuring the security posture of any business.

    • Objective #1: Track authorized inventory of hardware and software
    • Objective #2: Remove vulnerabilities and misconfigurations
    • Objective #3: Deploy a secure network
    • Objective #4: Authorize user access to the systems
    • Objective #5: Search for malware and intruders

    Each Critical Cyber Control ARC can be customized to meet your specific security goals.

  • Q: What are Nessus Agents?

    A: Nessus Agents are lightweight programs installed locally on a host - a laptop, virtual system, desktop, and/or server. Agents receive scanning instructions from a central Nessus Manager server, perform scans locally, and report vulnerability, compliance and system results back to the central server. Nessus Agents, available with Tenable.io Vulnerability Management and Nessus Manager, increase scan flexibility by making it easy to scan problematic assets such as those needing ongoing host credentials and assets that are offline. Agents also enable large-scale concurrent scanning with little network impact.

  • Q: Why use Nessus Agents with SecurityCenter?

    A: Today's extended networks and mobile devices make assessing and protecting all of your environment extremely difficult. Now it is possible to leverage Nessus Agent technology to increase scan coverage and remove blind spots. Nessus Agents were first introduced with Nessus 6.3 in February 2015, and platform coverage continues to expand.

    Agents provide vulnerability scanning and configuration assessment access for:

    • Transient systems, like laptops, that are often disconnected from the network when traditional scans run.
    • Systems connected over limited bandwidth connections or across complex, segmented networks.
    • Systems for which the security team lacks the credentials required to perform authenticated scanning.
    • Fragile systems that are unsafe to scan with traditional scanning.
  • Q: How do Nessus Agents and SecurityCenter work together?

    A: Nessus Agent scans, configured from within Tenable.io Vulnerability Management or Nessus Manager, identify vulnerabilities, policy-violating configurations, and malware on the hosts where they are installed, report results back to Tenable.io Vulnerability Management or Nessus Manager, and then the results are imported into SecurityCenter on a scheduled basis. By scheduling the import of the agent collections, you will ensure your reports and overall security metrics now include "all" the hosts in your environment.

  • Q: What is the recommended deployment model when using Nessus Agents with SecurityCenter?

    A: Tenable recommends that you use Tenable.io to manage Nessus Agents and to transfer agent data to SecurityCenter.

    Tenable recommends the Tenable.io deployment model for the following reasons:

    • Safely secure your mobile workforce: You may have thousands or tens of thousands of remote/mobile workers whose laptops are not online during a vulnerability scan. Nessus Agents will run the scans locally and then upload result to Tenable.io when a connection is available, without the risk associated with every agent uploading its individual results through your firewall.
    • Simplify management: Tenable manages Tenable.io for you. We are responsible for high availability, we backup the data, and we perform the software updates. You manage your vulnerability data, not the Tenable.io platform.
    • Scale with ease: As your use of Nessus Agents increases, you will not need to upgrade your computing and storage infrastructure to accommodate growth.
    • Scan your perimeter: Many SecurityCenter customers that already perform internal scanning to satisfy PCI compliance requirements also use Tenable.io Vulnerability Management to satisfy external PCI scanning requirements that must be performed by an approved scanning vendor (ASV). If you are not already using SecurityCenter to meet both internal as well as external PCI compliance scans, this deployment model will make it easy for you to use both of these SecurityCenter capabilities.
    • Preserve internet bandwidth: Importing scan data in bulk from Tenable.io can be scheduled during off hours to preserve daytime bandwidth for your business users. Additionally, managing a single connection between Tenable.io and SecurityCenter reduces network overhead compared with managing thousands of connections with individual agents.

    If desired, you can use Nessus Manager in place of Tenable.io Vulnerability Management to manage the agents. In this case, Tenable suggests you deploy Nessus Manager as a proxy between the agents and SecurityCenter.

  • Q: What is On Premises Proxy?

    A: On-premises proxy is resolving DNS requests initiated by Web servers.

    • Websense Content Gateways - deployed either in explicit or transparent proxy mode - can resolve DNS requests initiated after a connection is made with a Web server; depending on its configuration.
    • If these DNS requests are resolved from Websense's built-in DNS proxy caching or a different recursive DNS service, OpenDNS is bypassed.
    • Please refer to Websense's support materials - linked here for your convenience - to ensure that Websense is configured to always resolve noninternal DNS requests using OpenDNS