Questions on Feed and Detection

Where do you get your threat data feeds - how are they verified to ensure they are not poisoned in any way?

ANS>> Open Source (50+ Sources currently). More get added based on evaluations conducted on them. Threat Intelligence feed is processed on our Data Center with validation and scoring between them to ensure junk feed (poisoned one) are not included. Major deviation are examined for that purpose as well

They currently collect all Windows log data using Microsoft System Centre – can Seceon collect the data from that one source or is there is still a requirement to load the agent on individual Windows Servers?

ANS>>We can take it from collector no need for agents on individual Servers.

Should an endpoint, desktop PC get infected with malware how would Seceon disconnect it from the Network?

ANS>>Seceon applies policy on FW currently. If customer provides the credentials for immediate Switch/Router/Wireless controller, Seceon OTM will push policy closest to infected device to isolate it. They have to share their specific details and work with us.

Can Seceon ingest log data from VMware host servers?

ANS>>Yes

Does Seceon console access support Single Sign on from a user already authenticated on Active Directory?

ANS>>No, but it can be done.

For mobile users do their machines need to have agents installed, is there any requirement to place agents on any desktops, and reason why or why not?

ANS>>No, mobile users are monitored only when they come to access enterprise applications in services on-prem or in cloud either through VPN or Cloud authentication.