Description of Services

Category-based web filtering: A service that blocks access to malicious, hacked, or inappropriate websites. Access is controlled through established and dynamically updated categories as well as policy-based controls facilitating highly granular blocking and filtering.

Application Control: A service that allows firewall policies to be created to allow, deny, or restrict access to applications or entire categories of applications. Policies can be defined based on application type via categories. Provides advanced protection by blocking or restricting risky applications and can help optimize bandwidth usage on your network by prioritizing, de-prioritizing, or blocking traffic based on application.

AutoVPN: A service that creates a VPN network in minutes by automatically configuring VPN parameters to establish and maintain a VPN session between a deployed CXD device and the Netsurion Gateway hub.

Bring Your Own IP (BYOIP): This proprietary aspect of Netsurion’s installation process does not require the reconfiguration of your network’s IP address structure, thereby saving time and eliminating issues reconnecting peripheral devices like printers, workstations, etc.

BranchSDO Orchestrator: A single-point cloud management system for the Netsurion SD-Branch services that provides centralized visibility & control of the CXD devices deployed at Customer locations. The console is cloud-based and multi-tenant. It facilitates remote device provisioning, centralized management, deployed device visibility, and control, real-time statistical network (WAN/LTE) traffic analysis, network and device health monitoring, and cellular network data-usage monitoring and management.

Cellular Backup Service: A feature that provides connectivity during primary Internet circuit outages. Working in conjunction with a Netsurion Ethernet to cellular gateway device and data plan, should a primary circuit failure occur, the firewall will automatically route selected data traffic through the gateway to a cellular network. When the primary circuit connectivity is restored, the firewall will automatically revert traffic back to the normal operating state.

Centralized firewall management: Allows for the consistent configuration, policy management, and administration of fleets of deployed firewalls through a consolidated management system. Deployed firewalls are monitored for availability and connectivity.

Circuit monitoring, repair, and resolution: Electronic monitoring of the customer’s broadband connection and, if authorized, contact with the customer’s broadband supplier for notification and repair purposes should the customer’s broadband connection be lost. This is conditioned upon the customer providing Netsurion with current account information and appropriate permissions necessary to initiate a trouble ticket with the broadband provider.

Critical device monitoring: A system that creates a baseline of all critical devices connected to the network being protected by a Netsurion managed firewall. The system then monitors to ensure that those critical devices stay connected to the network, and alerts specific contacts if any critical device is removed or becomes unresponsive.

CXD: is an on-premise device that comes with embedded edge-optimized segmentation, LTE modem, Wi-Fi, security and SD-WAN capabilities.

Data Breach Financial Protection: This is a breach-related PCI cost reimbursement program available for some service types as part of an agreement with Netsurion. The terms and conditions of the Data Breach Financial Protection Program are specified at: www.netsurion.com/DBFP

EventTracker Essentials: An automated SIEM platform comprised of on-premise sensors for workstations and servers, collection of forwarded logs for network devices, and a cloud-based engine to process the data and alerts, reports and provide dashboard access. EventTracker Essentials includes 24x7 SOC support and outbound alerting for critical threats.

External vulnerability ASV scans: A PCI compliance-required scan that examines a public Internet address for known vulnerabilities. The results of the scan are provided to the customer for review and compliance. According to the PCI DSS, an entity must pass four internal vulnerability scans per year, one each quarter.

Family-friendly Wi-Fi: A pre-defined set of content-specific websites are blocked to prevent the public viewing of potentially objectionable material.

File integrity monitoring (FIM): Local event logging and file integrity monitoring software that logs critical data so businesses can efficiently review their logs to assist them in meeting certain PCI DSS file integrity monitoring and log management requirements.

Firewall logging: Firewall logs are stored in compliance with the Payment Card Industry Data Security Standard (PCI DSS) 3.2 standards, and per PCI requirements, firewall logs should be reviewed by the customer regularly.

Firewall policy templates: A customer with multiple locations can have standardized configuration templates and policies synchronized across all firewalls deployed at their locations.

Forced Configuration Manager: A service that validates that the machine attempting to access the Remote Access with SSL VPN is running appropriate security software, i.e., anti-malware software.

Internal vulnerability scan: Netsurion will initiate the industry’s required Payment Card Industry Data Security Standard (PCI DSS) 3.2 scan and provide the results to the customer as part of the compliance process.

Intrusion Prevention System (IPS): IPS is a service that is an in-line security component of the firewall that examines network traffic flows to detect and prevent vulnerability exploits.

Network diagram template: Designed to assist small merchants who want to create a PCI DSS compliant network diagram, the template includes instructions and a sample of the PCI required network diagram.

Network segmentation: A method of creating multiple isolated networks within a single computer network environment to separate sensitive data or systems from less critical and / or public data or systems.

Payment Card Industry Data Security Standard (PCI DSS): A proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

PCI Compliance Manager Portal: A web portal where Netsurion clients review external vulnerability scan results, various logs, and Self-Assessment Questionnaires (SAQ) in support of their compliance efforts.

Penetration testing guide: A document that describes a penetration test, provides general guidance to help minimize efforts when completing a penetration test and a form that will assist the customer with tracking the results of the testing.

Quality of Service (QoS): A method whereby bandwidth can be limited at certain times to certain network segments or devices so that high-priority services have sufficient Internet access.

Remote access with SSL VPN: A PCI compliant Virtual Private Network (VPN) service that enables secure remote communication via the Internet with a computer at a location protected by a Netsurion managed firewall. The service includes “two-factor authentication” which utilizes a username and password as the first factor and a one-time password that is sent to an e-mail address and/or a text message as the second factor of authentication.

Remote installation: Simplified installation process in which our engineers guide a customer’s staff through the process of installing a firewall on their network without a Netsurion employee being physically present at the customer’s location.

Rogue Device Manager: A detection system that alerts specific customer contacts when a new computer is added to the network environment (behind a Netsurion firewall) that is either plugged into the protected interface of the Netsurion firewall directly or attempts to send traffic through a Netsurion firewall to the Internet.

SAQ Wizard: A Self-Assessment Questionnaire (SAQ) support process that in many cases simplifies the completion, printing, and storing of annual PCI compliance questionnaires for PCI regulated merchants. For Netsurion managed firewall customers, SAQ Wizard provides pre-built responses that may be used to complete certain relevant sections of the SAQ document.

SD-Branch: A “self-service” SD-WAN solution set comprised of Netsursion BranchSDO Cloud Orchestration and Netsurion CXDs deployed on-premise. SD-Branch services include centralized management with proactive alerts and analytics and are optimized for customers with networked branches and other distributed locations with. SD-Branch packages remote install assistance and 24/7 tier 3 NOC access.

SD-Branch Managed: A managed service solution providing full integration of SD-Branch along with remote installation and configuration of Netsurion CXD on premises devices. Services include routing, network segmentation, security, site to site VPN, integrated Wi-Fi, and cellular failover services. SD-Branch Managed comprises of centralized policy management for URL, White/Black Listing, traffic steering, and orchestration access to process the WAN/LAN traffic statistics and alerts. SD-Branch Managed includes 24/7 CXD health and status monitoring.

Security policy and procedure template: A document designed to assist a merchant in their development of a PCI-specific set of policies and procedures, including a checklist template to track hardware and software versions. This template is a best-practices guideline and is not meant to be an exhaustive list of all activities necessary to achieve compliance.

Site-to-site VPN: A specific firewall configuration that enables a location to communicate to another location securely over a Virtual Private Network.

Web content filtering: A predefined set of restrictions applied to certain websites that have been categorized as potentially dangerous. If a website has not been categorized, and is thus categorized as “unknown”, IP traffic to and from that website is prohibited unless specifically allowed by a whitelist entry (which is a dedicated list that is allowed access).

Whitelist (formerly known as 360° Web Traffic Control or IP Data Blocker): A list of IP addresses specifically allowable by the firewall. Once configured, these IP addresses or host names will no longer be blocked by the firewall, independent of other policy-specific restrictions.

Wireless access point detection: A service available with the Managed Firewall suite of products that detects the wireless access points in the area around the Netsurion firewall and reports on the detected SSIDs, wireless channels in use, and associated MAC addresses. Customers receive an email alerting them to any unknown or unauthorized wireless access points detected.

Wireless mesh: A network of multiple wireless access points that require only one hard-wired connection. This facilitates the range and capacity expansion of a wireless network without having to install an Ethernet cable to each access point.

Wireless roaming: The ability of a wireless network with multiple access points to seamlessly support the roaming of a connected device from one access point to another. This provides for mobility of connected devices in a greater coverage area.