How does Sentinel work?
Sentinel inspects all of your network traffic, correlating events, with a broad set of known threats and suspicious behaviour. These events are analysed by a professional security operating centre and reported to you on a periodical basis.
How long does Sentinel take to start working and begin monitoring my network?
As soon as you plug in the Sentinel and network traffic is routed through it, it will start working and monitor your network.
What are the configuration requirements for Sentinel?
It depends on your network. We provide an intake questionnaire when we start working together, which provides us with relevant information for configuration. It will need an outbound internet connection at minimum.
Does Sentinel work across all networks?
It will work on the network segments that you will give it access to. In some cases, a monitor port is used so that the Sentinel will receive all network traffic.
Where should I install Sentinel?
Usually it is placed in a secure environment near the core switch, with outbound connectivity.
Are any tools available/required to help me manage Sentinel?
No tools are required and therefore no additional/hidden cost. Sentinel is managed by bluedog. You just plug-in and protect!
How are software updates managed?
bluedog manages all software updates as part of the monthly subscription and reporting fee.
How are Sentinel box upgrades managed?
This is all taken care of by bluedog.
Can I monitor multiple Sentinel installations?
If your account is set up this way, you certainly can. Usually multiple installations are in use by resellers and will be done in a stand alone monitor environment so that you will be able to access all attached sentinel data.
What happens when an anomaly/potential threat is detected?
Our first line SOC engineers will detect the anomaly and will analyse it. When they find the issue to be relevant enough they will scale up a second line SOC engineer for validation and consultation. Once the threat is confirmed the SOC manager is contacted, at which point, all information is presented to the customer in order to make an informed decision about next steps. Either bluedog can take action, or your internal team if a reseller and such resources are available.
How are threats managed?
- 1. Investigation (avoid false positives)
- 2. Identification (of breach/threat)
- 3. Real incident alert to customer/administrator (email address on file)
- 4. Work order for threat response and action by bluedog
- 5. Action taken to isolate and remove threat.
How are you able to remove the threat?
Approved network access is given via a work order, at which point bluedog will access and remove the threat through the established VPN connection.