Avanan CDR: Frequently Asked Questions (FAQs)
Description
General
What is Avanan CDR?
Avanan CDR (Cloud Detection and Response) is a service designed to monitor and detect anomalous behavior from both users and administrators. Through the use of behavioral analytics and dynamic threat models, it identifies known and emerging cyber threats within Avanan logs. This is achieved by feeding these logs into our SIEM platform, enabling our SOC teams to gain comprehensive insights into your environment. If you are using our Cloud Threat Analytics offering, our SOC team can cross-reference logs from both Avanan and Cloud Threat Analytics, making the two offerings mutually beneficial and providing a broader understanding of overall activity and potential threats in your environment.
Is Cloud Threat Analytics required to enable Avanan CDR?
No, Cloud Threat Analytics is not required to enable Avanan CDR. While Cloud Threat Analytics enhances the data available for our SOC Analysts to triage, Avanan alone is sufficient for enabling CDR. However, enabling CDR with only Avanan will incur an additional cost, whereas if both Avanan and Cloud Threat Analytics are utilized, there is no extra cost for enabling CDR.
Is a Proof of Concept (POC) available?
No, a separate Proof of Concept (POC) is not available. Upon completing your Avanan POC, CDR will be enabled for the clients or customers you have requested.
What are the responsibilities of partner?
- The partner is responsible for providing Managed Security Services (MSS) and supplying a list of clients/customers to be onboarded into CDR.
- If the partner acquires new clients/customers who require CDR, they must reach out to inform us, so that we can enable CDR for the new clients/customers after the initial onboarding.
What are the deliverables from MSS?
- Provides monitoring of the partner's Avanan logs.
- Security Operations Center (SOC) services
- Detection and alerting of identified anomalistic behaviors.
- Mitigation actions to identified malicious actions if Cloud Threat Analytics is on-boarded with Respond enabled.
Implementation
Do I need to provide my client's name?
Yes. For billing reasons and in order for our SOC to properly identify and communicate which of your clients they are reporting on, we require that you provide the name of your client.
How do I add another client for monitoring?
- You can start a support ticket, partners can visit https://msssupport.myportallogin.com and when asked to select a product, select Cloud Security and then Cloud Threat Analytics Support.
Monitoring/Billing
What accounts are monitored and billed?
- Information on billable and monitored accounts can be found in Avanan: Frequently Asked Questions (FAQs)
- This offering is consumption based and month to month.
- We will audit accounts on the last business day of the month.
- An invoice will be sent on the first business day of the month based on the audited numbers.
- Please email MSSAccounting@SonicWall.com for all billing questions/concerns.
Where are my logs being ingested?
Logs are currently being ingested in our SIEM platform.
How will I be alerted?
- Our SOC will contact you via the email address you provided for anomalistic behaviors.
- If we have a high confidence that a compromise is occurring, we will also call your emergency contact phone number.
Support
How do I contact support?
- To start a support ticket, partners can visit https://msssupport.myportallogin.com and when asked to select a product, select Cloud Security and then Cloud Threat Analytics Support.
- If there is an emergency, we always recommend calling our office at 703.565.2395
- Standard Support hours for are 8 AM - 5 PM EST Monday - Friday
- US holidays excluded from standard support hours