Frequently Asked Questions

Q: What type of security event management services are provided by Vanguard Monitor?

The Vanguard service is capable of generating analytics and alerting on Unified Threat Management firewalls (such as Freedom9 freeGuard, Fortinet Fortigate and SonicWALL Appliances), for content inspection activity. This include IDS, AntiVirus, Web Filter, Restricted Activity, Email Banned Words, Spam, VPN and Availability. This service is rendered in a single, integrated, “Unified Threat Intelligence” web-based environment. Security events are all accessible via hyperlinks, and are combined with useful information such as attacker profiles and specific attack explanations and remediation.

Q: We already have an IT department doing security. Why wouldn't I monitor my own firewall?

Vanguard's function is focused mainly on analytics, reporting and alerting. As a web-service, Waterloo Systems is not distracted by non-security related IT functions.

IT departments can be so overwhelmed by improperly configured alerts and maintenance that high-quality security intelligence is rare. Using Vanguard as a single-source security tool is a great way to reduce stress for your burdened IT staff, enabling them to focus on their work without an additional system to administer. We do the application admin for you.

Q: Our managed firewall service is already doing this for us, why are you different?

Most “Managed Firewall” services are simply that: they manage firewall/VPN devices by checking for availability and occasionally updated firewall rules when requested. The latest generation of UTM device supersedes firewall/VPN functionality, and therefore services should too. Please compare the wealth of analysis that is presented in the Vanguard service with any current “Managed Firewall” service. Look for total security intelligence and analysis for IDS, AntiVirus, Web Filter, Restricted Activity, Email Banned Words, Spam, VPN and Availability all in one interface.

Q: It seems like all the features offered by Vanguard are already present in the UTM device. Why would I want Vanguard?

There is a substantial distinction between blocking attacks (including intrusions, viruses, spyware, malware, etc), as done by a UTM device like the freeGuard, Fortigate or SonicWALL, and maintaining ongoing real-time analytics and reporting. Vanguard enables unrivaled real-time analytics, reporting and alerting and completely manages this security function so that you don't have to. Monitoring a firewall perimeter is no longer an expensive option but a mandatory affordable feature with Vanguard.

Q: Do I need to configure anything inside of my network for Vanguard to work?

No, the Vanguard service receives data from perimeter Unified Threat Management (UTM) devices (e.g. AV firewalls), and requires only a small configuration change on the perimeter firewall so that syslog data can be logged.

Q: How is the data from my firewall syslog stored by Vanguard?

Syslog data transmitted to Vanguard is securely stored in a hardware redundant disk array within a state-of-the-art Data Center. Summarized data reports and analytics from the Vanguard system are visible in a subscribed account for 8-weeks, and archived for 6-months on our storage servers. Please contact us for special data backup requirements, we are capable specific backup procedures under contract.

Q: How soon is data accessible in Real-time accounts in the Vanguard system?

With Vanguard Monitor, real-time security intelligence data is rendered instantaneously in the Report tabs (e.g. IDS, AntiVirus, Web Filter, Restricted Activity, Email Banned Words, Spam, VPN and Availability). This means that the moment an event is generated by the firewall it appears in Vanguard! Each day, the results of all the reports are tabulated into the Executive Dashboard and appended to the Weekly and Daily view.

Q: How long is data stored by Vanguard?

Vanguard Monitor account data is stored for 6 months, and the user account summaries display data in the Executive Dashboard for 8-weeks, and if a pre-arranged contract is established, the data can be made available afterwards on a fee schedule priced per gigabyte.

Q: My company needs to store data longer, for up to X {weeks | months | years}.
Can Vanguard do this?

Certainly, Vanguard realizes that compliance criteria and corporate polices are becoming an undue burden. In this regard, we are glad to offer separately contracted agreements to back up and store security data to meet your needs. Please contact us about how we can help.

Q: What items can be configured in the Vanguard Executive Dashboard?

The Vanguard Executive Dashboard can be configured to show IDS (Intrusion Detection System), AntiVirus, Web Filter, and Restricted Activity summaries.

Q: Does the Vanguard service affect the performance of my firewall? How about when running the Real Time feature?

No, the logging and transmission of syslog to Vanguard does not change the performance characteristics of any UTM perimeter device. The ability to log data is native to these devices, and the amount of syslog data transmitted is negligible compared to the actual traffic that it is reporting.

Q: Vanguard Monitor sounds great, but I want to test it first. Do you offer a Free Trial?

Yes. You can try Vanguard for 30-days with out any obligation or risk. After the 30-day trial expires you can even keep you account (and all the existing data you have logged and analyzed in Vanguard) by simply not canceling the automated subscription. You will be billed a single annual fee automatically, without entering any further payment or personal information.

Q: Can Waterloo Systems support devices other than the Freedom9 freeGuard, Fortinet Fortigate, and Sonicwall Appliance?

Yes, however specialized parsers for syslogs generated by other devices or applications must be developed under contract. For example, if you have a particular application that would be useful as part of the Vanguard service, we can analyze the syslog and determine how best to integrate it. Currently the Freedom9, Fortinet and SonicWall products are supported, and other Unified Threat Management (UTM) devices are being analyzed to provide even greater coverage of this quickly emerging security category.

Q: Does Vanguard analyze the content of restricted activity?

Yes, Vanguard produces analytics on all types of traffic including Spyware, Peer-to-Peer (P2P such as Kazaa, Bittorent, eDonkey), Instant Messaging (IM such as MSN, AIM, Yahoo Chat), and all other protocols such as Skype voice chat, Netmeeting and more.

Q: Can I track VPN activity with Vanguard? Can I track individual VPN logins and sessions according to user name and IP?

Yes, the Vanguard service is able to recognize logged VPN activity on a properly configured firewall. All VPN sessions are logged for start and stop time, as well as originating IP, login name, and other important data.

Q: Can I provision different accounts for different firewalls?

Yes, firewalls can be provisioned each with their own separate userid and password for the administrator managing the Vanguard account.

Q: Can I provision a single account for all my firewalls?

Yes, a single Vanguard account can be provisioned with multiple firewalls, all using the same administrator login.

Q: What are the ways that Vanguard alerts me if there is a problem?

The Vanguard Monitor service provides real-time emailed alerts for anomalous activity including spyware, malware and viruses, persistent attackers, and other abnormal exceptions