be.Safe XDR FAQs
FAQs
1. What is the general functionality and main components of Teldat’s solution?
2. What are the advantages of Teldat’s solution compared to other Netflow collectors?
3. What licenses are required?
4. What configuration is needed?
5. What server deployment options are available?
6. In which Public Cloud is deployed Teldat be.Safe XDR?
7. Is Teldat be.Safe XDR a scalable and reliable solution?
8. How are the devices identified in the platform?
9. Is Teldat be.Safe XDR integrated with CNM?
10. What protocols are used?
11. What is the security level for exported data?
12. How many different dashboards can you create and use?
13. Are there any proactive options you can use to detect specific or unusual traffic conditions?
14. Can you get periodic reports on network visibility?
15. What inspections possibilities are possible when SAP is used?
16. What inspections possibilities are possible when Citrix is used?
17. It is possible to identify public cloud applications such as Salesforce, Microsoft365, Facebook, YouTube, WhatsApp, Instagram, Skype, Snapchat, Twitter, Spotify, Goolge+, Telegram, LinkedIn, Viber, Pinterest, Flickr and so forth (from mobiles or PCs)?
1. What is the general functionality and main components of Teldat’s solution?
Each device in the network exports traffic information to the visibility server using Netflow. All of the data is then added to a Big Data engine and presented to the user in an intuitive graphical interface with multiple filter options and visualization modes.
2. What are the advantages of Teldat’s solution compared to other Netflow collectors?
The Netflow standard identifies traffic based on source and destination addresses, which creates a problem because, depending on the direction of traffic, the source becomes the destination and vice versa, hindering traffic analysis and filtering. With Teldat’s solution, traffic is marked as internal and external regardless of the direction in which it is travelling. Other advantages include a powerful Big Data engine capable of complex analysis, almost instantaneous filtering, fully customizable dashboards, report and alarm options, and an intuitive user interface.
3. What licenses are required?
Network devices require a Deep Packet Inspection (DPI) license to export level 7 data, but no license to export level 1-4- data. In the server: a license is needed for every device that is going to export visibility data for processing. It follows the same license model as Cloud NetManager, because both tools share the license server.
4. What configuration is needed?
In remote devices you need to enable Netflow on the WAN interface and configure the Netflow parameters of the server to which traffic is to be exported. Optionally, Access Control Lists associated with route-maps and labels in the Netflow protocol to label different traffic categories and enabling level-7 application detection when there is a DPI license. In the server, optional Dashboard generation to present information according to user preferences.
5. In which Public Cloud is deployed Teldat be.Safe XDR?
Teldat be.Safe XDR is deployed in Google Cloud, in a German Datacenter.
6. What server deployment options are available?
Only a SaaS version at the moment. An on-premises version will be available shortly.
7. Is Teldat be.Safe XDR a scalable and reliable solution?
Yes, as mentioned before, Teldat be.Safe XDR is deployed over Google Cloud Platform. Teldat be.Safe XDR design is based on containers, so the software architecture is divided in functional blocks, and each block is deployed as a container.
This solution increases the reliability of the platform, because each container is functionally independent from the rest, so they can be individually deployed in a high availability architecture.
Additionally, the Kubernetes service allows to scale the solution by containers, so in case of overload of one of the components, it’s only needed to scale the overloaded functional block.
8. How are the devices identified in the platform?
The Teldat devices are identified with the Serial Number and the Digital Verification Code (DVC), to assure that malicious devices can’t be connected to Teldat be.Safe XDR.
9. Is Teldat be.Safe XDR integrated with CNM?
Yes, Teldat be.Safe XDR is highly integrated in Cloud NetManager solution. Although they are deployed in different Cloud Providers, both tools share the license server, to be able to manage licenses from a unique point.
The tools share the same user hierarchy, to manage and control in different levels the group of customers.
Additionally, both share the mail server which is used to send the notifications to the users.
10. What Protocols are used?
Network devices export using standard Netflow v10 (IPFIX).
11. What is the security level for exported data?
Under development encrypted according to IPFIX standard interoperable procedures and soon to be available.
12. How many different dashboards can you create and use?
As many as you need. There is no limit.
13. Are there any proactive options you can use to detect specific or unusual traffic conditions?
You can use filters to set alarms based on traffic thresholds. The filters can work on any combination of the exported parameters and, when an alarm is triggered, the result is memorized in the system and an email alert generated as well.
Based on this notification capabilities, Teldat be.Safe XDR will include in the future AI (Artificial Intelligence) technologies, to analyze which is the traffic pattern in a customer and send notifications when the traffic behavior is out of this pattern. This will allow to our customer to detect incidents before they affect to the service.
14. Can you get periodic reports on network visibility?
Yes, you can use the report option to set up the system to automatically email dashboards periodically.
15. What inspection possibilities are possible when SAP is used?
SAP’s proprietary application uses a known port (3200), so identification is easy. For SAP service mode, please see the question below on identifying public cloud applications.
16. What inspection possibilities are possible when Citrix is used?
Citrix allows inspection at two levels of granularity. The first level involves identifying the different applications, while the second level involves identifying the different priority levels that may be necessary to transport application information in a single application (Citrix provides 4 priority levels: “Very High” for audio, “High” for the visual user interface, “Medium” for MediaStream, and “Low” for printers and serial/parallel ports). This last type of classification is the most interesting, since it provides greater granularity and ensures the necessary priority according to the criticality of the data transmitted. This second level is supported by the DPI license (note, it requires configuring ICA in Multi-Stream mode, which implies carrying each priority level in a separate TCP session).
17. Is it possible to identify public cloud applications such as Salesforce, Microsoft365, Facebook, YouTube, WhatsApp, Instagram, Skype, Snapchat, Twitter, Spotify, Google+, Telegram, LinkedIn, Viber, Pinterest, Flicker and so forth (from mobiles or PCs)?
Identifying these applications is complex because they often distribute processes between multiple connections simultaneously, connecting to a variety of IP addresses and domain names which must all be identified. For example, with Salesforce, the various provider services are identified at the IP layer, as indicated here; for Microssoft365 identification is based on domain names and IP addresses and is available here; and by and large, the information is available from the same sources and third parties, for instance, for Facebook traffic.
Read our latest Blog Posts
Security attacks on Supply Chains
In the digital age, supply chains are essential for the smooth functioning of businesses and the economy at large. Businesses increasingly rely on an interconnected ecosystem of suppliers, software and services to function. However, in recent years, we have witnessed...
The importance of sequencing power domains in electronics
There is a clear trend in the electronics industry for integration, allowing for more compact and efficient designs. More and more, electronics manufacturers are making their chips smaller, including more components within their chips and extending the feature range....
Switches: Stacking/grouping/virtualization techniques
This blog post is the first in a series in which we will analyze the most notable technologies that we should take into account when selecting switches. Its aim is not to give a comprehensive description or follow any “didactic” order. One of the main characteristics...
powered by Borlabs Cookie