Solutionary > Managed & Monitored Security Services> BufferXone FAQ

Services and Solutions

Managed & Monitored Security Services

Event Correlation & Information Management

Device Monitoring & Management

Internal & Perimeter Vulnerability Management

Intrusion Prevention Services

PCI DSS 1.1 Monitoring

Unified Threat Management

Security Platform Services

In-the-Cloud Security

Compliance & Risk Management

Risk Assessment & Compliance Measurement

ISO, PCI, SOX, CobiT, COSO, HIPAA Compliance Reporting

Security ROI Metrics

Benchmarking

Security Consulting Services

Application Security Assessment

Vulnerability Assessment

Certified PCI Audit Services

Policy Review & Development

Architecture Review & Development

External Penetration Assessments

Incident Response & Forensics

WHY BUFFERXONE™?

Q: Why is BufferXone more cost effective than simply installing another device to provide intrusion prevention?

A: BufferXone is extremely cost-effective - with no costs for hardware, software, installation or training.

Solutionary designed BufferXone to be the most comprehensive, yet simplest, Internet-perimeter security solution for enterprises, including small and midsize businesses. It would be cost prohibitive for a company to try to match BufferXone's functionality, network architecture, and level of service and support. Its depth of functionality is like having multiple security experts monitoring your company’s perimeter 24 hours a day, seven days a week. With BufferXone, you get all the advantages of multi-layered intrusion detection and intrusion prevention systems, yet you maintain access and control of all your security event information.

Further, BufferXone's ability to provide perimeter security services outside our clients' corporate networks presents advantages that host-based and premise-based solutions cannot offer. BufferXone's redundant network design guarantees service availability, providing uncompromised reliability and continuity of service. BufferXone completely shields vulnerable corporate hosts from Internet-based threats and provides transparent filtering of malicious traffic. In addition, BufferXone provides a collaborative view of Solutionary universe of customer data so that each customer can compare their threats with all other BufferXone users.

Our services are more cost-effective than installing and administering such services internally, and help free valuable IT resources for more strategic initiatives. Our intrusion prevention services are tuned to allow legitimate business traffic, and we enable corporate IT groups to set filtering and policy options appropriate for their business environment.

Q: I have a firewall already. Why would I need BufferXone?

A: Firewalls are a necessary security component for any organization providing Internet-accessible services. By definition, however, if Internet-accessible services (HTTP, FTP, Citrix, etc.) are being provided, your firewall is allowing service traffic from the Internet to reach your host.

BufferXone works with your existing firewall to further examine and filter the service traffic that your firewall is allowing to reach your host. In short, BufferXone provides a multi-layered buffer zone protecting your information assets. BufferXone proactively re-routes bad or questionable data sent to Internet-facing Web and mail servers (such as Outlook Web Access [OWA]), among other gateways. Immediately upon recognizing a threat, BufferXone blocks it. This increases the bandwith and speed of the ‘allowable’ traffic coming through your firewall.

Q: Why is your intrusion prevention service more effective than if I did it myself?

A: BufferXone processes more service traffic in a day from more geographically diverse places on the Internet than most corporate hosts see in a year. By processing so much traffic, BufferXone is able to proactively detect and thwart new attacks and attempted exploits very early in their lifespan on the Internet. The intelligence provided from this unique vantage point is fed back into the systems providing the BufferXone service through the Solutionary SNARE (Statistical Network Anomaly Reporting Engine) mechanism on a continuous basis. As a result, BufferXone customers are protected from attacks even before they can be launched or directed at the customers’ firewalls.

ABOUT THE SERVICE

Q: I know I need perimeter protection, but I also need SPAM and Anti-Virus services for my organization’s e-mail. Can BufferXone be used with other services?

A: Absolutely. BufferXone protects any and all Internet-accessible services, including any TCP- and UDP-based services. Plus, BufferXone can be layered with gateway AV, as well as anti-spam, anti-virus, messaging providers like Postini and FrontBridge quickly and easily. A BufferXone Client Service Representative can coordinate this and other advanced deployment scenarios.

Q: How well does your intrusion prevention service work?

A: BufferXone blocks the most malicious service traffic while never blocking legitimate business traffic. BufferXone blocks 100% of service and system exploits that could result in compromise and loss of control of the target service or system while maintaining a false positive rate well below ½ of 1% of all traffic.

Q: My Internet connection is already saturated. Will BufferXone use any bandwidth?

A: BufferXone actually saves you bandwidth by blocking unwanted and malicious traffic. All of the Internet scans and automated attacks that comprise a high percentage of current Internet traffic will be filtered from your connection, giving you that much more bandwidth to serve your needs. BufferXone requires no bandwidth of its own.

Q: Does BufferXone look at traffic in both directions or only traffic coming in from the Internet?

A: Both directions: Web traffic that originates from the Internet and that requires a “response” (such as a Website transaction or data presentation) flows and is filtered both ways via BufferXone. Outbound URL filtering and content filtering are not currently a part of the program. Solutionary is working on a patent variation, however, that will address this feature for future release. Outbound traffic directed to the Internet from the internal network does not necessarily go through BufferXone. Until the patent variation is made commercial, directing this traffic through BufferXone would require additional premise equipment.

Q: What sort of lag time (latency) can I expect to see after configuring my host's DNS entry for BufferXone?

A: Virtually none. Our network of distributed data centers process millions of requests daily so any delay is imperceptible.

Q: With Internet traffic coming in over big pipes at T-3 speeds or higher destined for multiple customers, how does BufferXone “process” all of this fast enough to provide a real-time experience?

A: Current tests indicate a negligible latency of about three milliseconds. Many customers with large pipes and 20 or more public-facing IP addresses would be more likely to use our other security services and our full-service SecureXone security event management portal. Keep in mind, however, that while BufferXone covers a substantial part of your overall security equation - Internet-perimeter security - it is not a silver bullet that will solve all of your information security challenges. Information security is an ongoing process that requires vigilant attention to make security manageable - in short, Solutionary.

Q: With BufferXone’s proactive patching capability, should I still apply software vendor patches?

A: Yes, Solutionary recommends that you apply software vendor patches. BufferXone gives your team an ‘extra’ advantage in that it proactively blocks “day zero” threats giving your team the time they need to test the vendor’s patch and install it. In the meantime, BufferXone provides interim protection from Internet-based exploits. Keep in mind that while BufferXone provides protection to Internet-facing perimeter systems, these systems may still be reachable from non-protected systems, as well as internal networks and users. With that in mind, patching of vulnerable systems is always a good idea.

Q: When using the BufferXone intrusion prevention service, how do I know if I have been the target of malicious traffic?

A: One feature of BufferXone is the SecureXone™ Portal for Security Information Management (SIM), which provides access to critical security information about intrusion events, wireless and wired networks, a variety of commercial security devices, and control over security processes and procedures.

BufferXone customers use this portal to review and investigate service traffic that has been deemed malicious. With SecureXone, customers can easily use a Web browser to review suspicious and malicious traffic that has been flagged and / or blocked depending on the specific policy setting selected. No special training or expertise is required to use SecureXone or BufferXone.

Q: Will any of my regular business traffic get filtered?

A: No. Solutionary understands the importance of business traffic, and we take measures to prevent the inadvertent blocking of legitimate business traffic.

Q: Does BufferXone scan and filter internal network traffic (i.e., within my organization/LAN/WAN/VPN)?

A: No. As an Internet-perimeter security solution, BufferXone protects your networked systems from Internet-based threats such as worms, directed and undirected attacks, Distributed Denial of Service (DDoS) and other potential threats launched from the Internet.

Q: Does BufferXone store my service traffic permanently?

A: No, BufferXone does not maintain permanent storage of our customers' service traffic.

RELIABILITY

Q: How reliable will my connection to the Internet be with BufferXone guarding my perimeter?

A: The BufferXone solution has built-in redundancy; Solutionary guarantees that our network will be available to accept, process, and deliver your service traffic. In fact, since our service inception, our customers have never experienced a service outage.

Q: What happens if one of the BufferXone data centers goes down?

A: With Solutionary advanced network management structure, we can accommodate an offline data center by dynamically spreading network traffic among the remainder of our network. Unlike basic redundant architectures, which only have singular primary and backup data centers, each BufferXone data center is independent and interlinked to the network, to ensure protection in the event of failover and maximum system availability.

Q: What happens if our network or servers fail?

A: Solutionary data centers scan every 10 minutes to determine if your server or connection is available. In the event that your network or host cannot be reached, an alert within BufferXone will prompt you according to your predetermined preferences.

Q: How does BufferXone know when our host is available again?

A: Solutionary data centers scan every 10 minutes to determine if your server or connection is available. Once an unavailable host is restored, service traffic will resume as normal.

REPORTING AND REGULATORY COMPLIANCE

Q: Can BufferXone deliver a process along with supporting information to assist in complying with regulations affecting my business?

A: BufferXone provides a security process and supporting information to show that viable business measures have been put in place to ensure the integrity of the protected hosts.

Q: What type of reports does BufferXone offer?

A: BufferXone offers three main types of reports, based on your predefined services.

Traffic Report with data about the number and volume of packets that were blocked, flagged as suspicious, and identified as clean. This report is viewable over various periods of time, in both graphical and tabular format, and can be used for comparison against other organizations.
Top Report with information about the top malicious traffic patterns and top source IP addresses for malicious traffic.
Compliance Report with information to satisfy the requirements of regulations such as Sarbanes-Oxley, GLBA and HIPAA, among others.

Q: How often are BufferXone reports updated?

A: BufferXone reports are updated every hour.

Q: How can I access these reports?

A: Authorized users at your organization can access the BufferXone security portal (SecureXone) through a Web browser to view reports at any time.

GETTING STARTED

Q: What hosts should I consider protecting with BufferXone?

A: Any host providing an Internet accessible service can be protected by BufferXone. If you’re having trouble deciding, many of our customers start with their Outlook Web Access (OWA) or other Web mail system.

Q: How many hosts must I have to use the BufferXone service?

A: While there is no minimum number of hosts required, our services are designed as a corporate solution. We do not offer a consumer version of our service.

Q: Do virtual hosts count toward my total number of protected systems?

A: No. Your total number of protected systems is the number of individual public IP addresses.

Q: Is there a minimum amount of service traffic required?

A: There is no monthly minimum amount of service traffic to use our services.

Q: What if I don't control my own DNS servers? Can I still use BufferXone?

A: Yes — Solutionary will work with your upstream provider to make all of the necessary changes for activation of BufferXone.

Q: Does Solutionary provide a Service Level Agreement (SLA) for BufferXone?

A: Yes. Please request an agreement by emailing bufferxone-info@solutionary.com.

Q: What level of technical support is included in the SLA?

A: The BufferXone service comes with 24 x 7 technical support.

Q: How am I billed?

A: BufferXone requires no capital outlay for hardware, software or installation, and its affordable subscription pricing model makes it as attractive to small and midsized businesses as it is to global companies. BufferXone customers are billed monthly for service usage.

Q: I want to start using BufferXone - what do I need to do?

A: Please contact a Solutionary security representative at 1.866.333.2133 or via email at bufferxone-info@solutionary.com.