Updated: June 15, 2021

BranchSDO

Allow and Block Lists: Lists of IP addresses and Internet destinations specifically allowed or blocked by the firewall. Once configured, these IP addresses or host names will either be blocked or will no longer be blocked by the firewall, independent of other policy-specific restrictions.

Auto VPN: A service that creates a VPN network in minutes by automatically configuring VPN parameters to establish and maintain a VPN session between a deployed CXD device and the Netsurion Gateway hub.

BranchSDO: A “self-service” Secure Edge Networking solution comprised of Netsurion BranchSDO Cloud Orchestration and Netsurion CXDs deployed on-premises. BranchSDO services include centralized management with proactive alerts and analytics and are optimized for customers with networked branches and other distributed locations with BranchSDO packages remote install assistance and 24/7 tier 3 NOC access.

BranchSDO CXD: is an on-premises device that comes with embedded edge-optimized segmentation, LTE modem, Wi-Fi, security, and networking capabilities.

BranchSDO Managed: A managed Secure Edge Networking solution providing full integration of BranchSDO along with remote installation and configuration of Netsurion CXD on premises devices. Services include routing, network segmentation, security, site to site VPN, integrated Wi-Fi, and cellular failover services. BranchSDO Managed comprises of centralized policy management for URL, Allow/Block Listing, traffic steering, and orchestration access to process the WAN/LAN traffic statistics and alerts. BranchSDO Managed includes 24/7 CXD health and status monitoring.

BranchSDO Orchestrator: A single-point cloud management system for the Netsurion Secure Edge Networking solution that provides centralized visibility and control of the CXD devices deployed at customer locations. The console is cloud-based and multi-tenant. It facilitates remote device provisioning, centralized management, deployed device visibility, and control, real-time statistical network (WAN/LTE) traffic analysis, cellular network data-usage monitoring and management, and can be configured to alert on remote health and status monitoring.

Cellular Failover: A feature that provides connectivity during primary internet circuit outages. Working in conjunction with a Netsurion Ethernet to cellular gateway device and data plan, should a primary circuit failure occur, the firewall will automatically route selected data traffic through the gateway to a cellular network. When the primary circuit connectivity is restored, the firewall will automatically revert traffic back to the normal operating state

Circuit Monitoring, Repair, and Resolution: Electronic monitoring of the customer’s broadband connection and, if authorized, contact with the customer’s broadband supplier for notification and repair purposes should the customer’s broadband connection be lost. This is conditioned upon the customer providing Netsurion with current account information and appropriate permissions necessary to initiate a trouble ticket with the broadband provider.

Family-friendly Wi-Fi: A pre-defined set of content-specific websites are blocked to prevent the public viewing of potentially objectionable material.

File Integrity Monitoring (FIM): Local event logging and file integrity monitoring software that logs critical data so businesses can efficiently review their logs to assist them in meeting certain PCI DSS file integrity monitoring and log management requirements.

Network Operations Center (NOC): BranchSDO offers flexible delivery models. But whether you opt for a self-managed or fully-managed solution, the Netsurion NOC is always a phone call or email away to support you with new deployments, policy changes, configurations, and threat mitigation across locations.

Network Segmentation: A method of creating multiple isolated networks within a single computer network environment to separate sensitive data or systems from less critical and / or public data or systems.

Network Threat Response: Next-level threat protection built into BranchSDO for all your business locations, backed by our security operations center (SOC). Netsurion’s SOC monitors your firewall activity using our EventTracker threat protection platform, while our network response team actively mitigates detected threats.

Payment Card Industry Data Security Standard (PCI DSS): A proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

PCI DSS Readiness Pack: Netsurion’s full suite of tools and expert support to exceed your audit preparation. Key features include:

  • Compliance Assistance Helpdesk: Improve your understanding of the PCI DSS requirements, increase your speed to compliance, and enhance your user experience with support from an expertly-staffed Help Desk.
  • Data Breach Financial Protection: This is a breach-related PCI cost reimbursement program available for some service types as part of an agreement with Netsurion. The terms and conditions of the Data Breach Financial Protection Program are specified at: www.netsurion.com/DBFP.
  • External Vulnerability ASV Scans: A PCI compliance-required scan that examines a public Internet address for known vulnerabilities. The results of the scan are provided to the customer for review and compliance. According to the PCI DSS, an entity must pass four internal vulnerability scans per year, one each quarter.
  • Internal Vulnerability Scan: Our internal network vulnerability management initiates a scan of your internal network to address PCI DSS requirements such as detecting cybersecurity and compliance gaps with instant visibility of internal scan results.
  • Network Diagram Template: Designed to assist small merchants who want to create a PCI DSS compliant network diagram, the template includes instructions and a sample of the PCI required network diagram.
  • PCI Network Diagram template – PCI DSS specifies that merchants must maintain a current network diagram. Netsurion provides a PCI Network Diagram template that simplifies recording your network architecture such as remote access, wireless access, credit card data storage, and untrusted zones all in one convenient diagram.
  • PCI Compliance Manager Portal: A web portal where Netsurion customers review external vulnerability scan results, various logs, and Self-Assessment Questionnaires (SAQ) in support of their compliance efforts.
  • Safe Credit Card Handling Practices Online Training – In our online Safe Credit Card training video here, Netsurion walks you through the six steps to help better protect your customers’ credit card data in accordance with PCI DSS. Take action and better prepare yourself and your staff against future attacks in this convenient 20 min video.
  • SAQ Wizard: A Self-Assessment Questionnaire (SAQ) support process that in many cases simplifies the completion, printing, and storing of annual PCI compliance questionnaires for PCI regulated merchants. For Netsurion managed firewall customers, SAQ Wizard provides pre-built responses that may be used to complete certain relevant sections of the SAQ document.
  • Security Policy and Procedure Template: A document designed to assist a merchant in their development of a PCI-specific set of policies and procedures, including a checklist template to track hardware and software versions. Security awareness training, fraud (cyber crime), cardholder data retention and destruction, and hardware inventory are just a few of the topics included within the 20-page template. This template is a best-practices guideline and is not meant to be an exhaustive list of all activities necessary to achieve compliance.
  • Third Party Contract Addendum Template: Netsurion provides a sample template of a Third Party Contract Addendum that helps outline the clear policies and procedures that should be established per PCI DSS guidelines between Entities and Third Party Service Providers (TPSPs) such as due process, written policies, and monitoring over time.

Secure Edge Networking: Netsurion’s all-in-one managed networking, security, resilience, and compliance solution for all of your business locations.

Secure Gateway: Cloud-delivered next-gen firewall, application control, web filtering, and Intrusion Prevention System (IPS).

Site-to-site VPN: A specific firewall configuration that enables a location to communicate to another location securely over a Virtual Private Network (VPN).

Managed Network Firewall (MNFW)

Application Control: A service that allows firewall policies to be created to allow, deny, or restrict access to applications or entire categories of applications. Policies can be defined based on application type via categories. Provides advanced protection by blocking or restricting risky applications and can help optimize bandwidth usage on your network by prioritizing, de-prioritizing, or blocking traffic based on application. (BranchSDO CXD NGFW)

Bring Your Own IP (BYOIP): This proprietary aspect of Netsurion’s installation process does not require the reconfiguration of your network’s IP address structure, thereby saving time and eliminating issues reconnecting peripheral devices like printers and workstations. (Fortinet)

Category-based Web Filtering: A service that blocks access to malicious, hacked, or inappropriate websites. Access is controlled through established and dynamically updated categories as well as policy-based controls facilitating highly granular blocking and filtering. (BranchSDO CXD NGFW)

Centralized Firewall Management: Allows for the consistent configuration, policy management, and administration of fleets of deployed firewalls through a consolidated management system. Deployed firewalls are monitored for availability and connectivity.

Critical Device Monitoring: A system that creates a baseline of all critical devices connected to the network being protected by a Netsurion managed firewall. The system then monitors to ensure that those critical devices stay connected to the network, and notifies specific contacts if any critical device is removed or becomes unresponsive. (Fortinet)

Firewall Logging: Firewall logs are stored in compliance with the Payment Card Industry Data Security Standard (PCI DSS) 3.2 standards, and per PCI requirements, firewall logs should be reviewed by the customer regularly.

Firewall Policy Templates: A customer with multiple locations can have standardized configuration templates and policies synchronized across all firewalls deployed at their locations.

Forced Configuration Manager: A feature of Remote Access with SSL VPN that validates that the machine attempting to access the Remote Access with SSL VPN is running appropriate security software, i.e., anti-malware software. (Fortinet)

Intrusion Prevention System (IPS): IPS is a service that is an in-line security component of the firewall that examines network traffic flows to detect and prevent vulnerability exploits. (BranchSDO CXD NGFW)

Penetration Testing Guide: A document that describes a penetration test, provides general guidance to help minimize efforts when completing a penetration test, and a form that will assist the customer with tracking the results of the testing.
Quality of Service (QoS): A method whereby bandwidth can be limited at certain times to certain network segments or devices so that high-priority services have sufficient internet access.

Remote Access with SSL VPN: A PCI-compliant Virtual Private Network (VPN) service that enables secure remote communication via the internet with a computer at a location protected by a Netsurion managed firewall. The service includes two-factor authentication which utilizes a username and password as the first factor and a one-time password that is sent to an e-mail address and/or a text message as the second factor of authentication. (Fortinet)

Remote Installation: Simplified installation process in which our engineers guide a customer’s staff through the process of installing a firewall on their network without a Netsurion employee being physically present at the customer’s location.

Rogue Device Manager: A detection system that alerts specific customer contacts when a new computer is added to the network environment (behind a Netsurion firewall) that is either plugged into the protected interface of the Netsurion firewall directly or attempts to send traffic through a Netsurion firewall to the internet. (Fortinet)

Security Policy and Procedure Template: A document designed to assist a merchant in their development of a PCI-specific set of policies and procedures, including a checklist template to track hardware and software versions. Security awareness training, fraud (cyber crime), cardholder data retention and destruction, and hardware inventory are just a few of the topics included within the 20-page template. This template is a best-practices guideline and is not meant to be an exhaustive list of all activities necessary to achieve compliance.

Web Content Filtering: A predefined set of restrictions applied to certain websites that have been categorized as potentially dangerous. If a website has not been categorized, and is thus categorized as “unknown”, IP traffic to and from that website is prohibited unless specifically permitted by an Allow List entry. (BranchSDO CXD NGFW)

Wireless Access Point Detection: A service available with the Managed Firewall suite of products that detects the wireless access points in the area around the Netsurion firewall and reports on the detected SSIDs, wireless channels in use, and associated MAC addresses. Customers receive an email alerting them to any unknown or unauthorized wireless access points detected. (Fortinet)

Wireless Mesh: A network of multiple wireless access points that require only one hard-wired connection. This facilitates the range and capacity expansion of a wireless network without having to install an Ethernet cable to each access point.

Wireless Roaming: The ability of a wireless network with multiple access points to seamlessly support the roaming of a connected device from one access point to another. This provides for mobility of connected devices in a greater coverage area.