Understanding Saner Solution
Saner Solution consists of three components namely- Ancor, Viser, and End-point Agents. Ancor is the Analytics and Correlation Engine that forms the core of the solution. Viser is the visibility portion of Saner Solution with which security administrators can monitor the security posture of an enterprise and also react/respond to security incidents that are happening in real-time. Endpoint Agents monitor, collect the system activities listen to the commands from the server and update the server.
SecPod supports on-premise as well as cloud deployments. In an on-premise deployment, Saner Solution is set-up inside the enterprise network. Ancor could also be deployed on private/public cloud. Saner Solution is available via public cloud images in AWS (Amazon Web Service) and Google Cloud Image templates. Alternative deployment is provided through a bootable ISO, which can be used to deploy server on a dedicated system.
What is an Air Gapped Network?
In all the deployment scenarios, on-premise server is synchronized on a day-to-day basis with SecPod’s Cloud server, a server dedicated to provide security intelligence to multiple customers.
Air Gap Network is a network where outgoing connections are not allowed, and Saner Solution synchronization is a challenge. SecPod provides support for such a set-up via the help of a hardware device called Saner AirGap. The initial procedure of Saner Solution deployment remains unchanged.
How does an Air Gapped Saner Solution work?
Firstly, activate an on-premise server with SecPod Cloud server using the given license key and perform initial synchronization. Needless to say, network connection to SecPod’s Cloud server is inevitable for the first activation and initial synchronization of the on-premise server. After the completion of on-premise server set-up, we can keep this server in an air-gapped network henceforward.
Saner AirGap device is initially paired with the on-premise server. The device is prepared to receive and notify if there are updates to security content. This is achieved when administrator physically connects the device to the server and issues a pair command.
The next step is to connect Saner AirGap periodically to a laptop or a similar device that is connected to the internet to fetch security intelligence from SecPod’s Cloud server. The synchronization software fetches security intelligence from SecPod Cloud to the Saner AirGap device.
When this device is connected to the on-premise server, the server automatically detects the presence of the Saner AirGap hardware. Import of security content can be initiated through the synchronization command.
This can be automated to a daily process. Continuous protection of endpoints is necessary whether they are connected to Internet or Air Gapped.
– By Maneesh KB (kmaneesh<at>secpod<dot>com) working as Software Architect at SecPod Technologies.