What is the NetWatcher VPN (aka Sensor-in-the-Cloud™)?

February 14, 2017

What is the NetWatcher VPN (aka Sensor-in-the-Cloud™)?

Quite simply it’s a Virtual Private Network that runs an asset’s internet bound traffic through an Intrusion Detection System (IDS) hosted ‘in the cloud’.

We should have called it something more interesting but everyone in the company always called it by this name so that’s what we ended up naming the feature.

We created the Sensor-in-the-Cloud module because customers were telling us many of their corporate assets (laptops) travel with their employees to their homes or on business trips.  Customer’s didn’t want to lose the managed detection & response capabilities when their assets were not within reach of a NetWatcher sensor as this is the most likely time for them to be exploited.

You can turn on the feature in the customer portal under the ‘endpoints’ tab and installing it as you see in the figure below:

If you go into the assets details you will see that it is connected to the ‘Cloud Sensor’.  

If you have the ‘SysTray’ module loaded on the endpoint you will also be able to see that the ‘Sensor-in-the-Cloud’ module is started and running.  Note that this feature disable Logs and HIDS (these will be added to the Sensor-in-the-Cloud soon and be available in the same way that they are available when the asset is near a locally deployed sensor).

You can also see the Virtual Private Network in use by going to Google and typing ‘what is my ip’ and you will see that the IP address is in California at the Google Cloud data-center. 

This Virtual Private Network (VPN) creates an encrypted tunnel between the corporate asset (computer) and the NetWatcher VPN server.