Skip to main content

Cloud Reputation and Threat Intelligence

Zenarmor (Sensei)'s security features and web categorization capabilities are delivered through Sunny Valley Network's Cloud Threat Intelligence System, also known as SVN Cloud.

Serving millions of queries every day, SVN Cloud is a huge database consisting of reputation and security information for over 150 million web sites with new ones continuously added. SVN Cloud enables us to quickly respond to malware threats and virus outbreaks in real-time.

SVN Cloud provides you with the following features:

  • Real-time security threat intelligence
  • Web site categorization
  • Site reputation and ranking (for use with TLS Inspection Whitelisting/Blacklisting)

How SVN Cloud Works#

SVN Cloud data is queried in real-time whenever Zenarmor detects a device in an organization's protected network that is trying to initiate a connection. The packet engine then processes the flows, queries them from the nearest cloud servers and decides on the faith of the flows based on the cloud-delivered information and the system policy configurations.

Communication between Zenarmor and SVN Cloud servers use an encrypted proprietary protocol flowing on UDP ports 5355 and 5356. For those who are strictly filtering outbound connections, You will need to allow communication to the SVN Cloud servers via these UDP ports.

Sourcing SVN Cloud Data#

The information and threat intelligence data provided via SVN Cloud is the result of an information fusion using the following information sources:

  1. Sunny Valley Networks' threat intelligence tools and web classification database
  2. Commercial threat intelligence feeds and web classification database
  3. Sunny Valley Networks' SOC
  4. Partner feedback
  5. User feedback

Managing Cloud Reputation and TI Settings#

The SVN Cloud threat intelligence settings let users:

  • Enable/Disable the cloud reputation and web categorization engine
  • Manually clear the cloud cache, a fast in-memory local cache of Zenarmor cloud queries and responses
  • Set local domain settings to be excluded from cloud queries
  • Select the optimum cloud servers for fast cloud queries

In order to configure SVN Cloud for Zenarmor, go to Zenarmor โ†’ Configuration โ†’ Cloud Threat Intel in the OPNsense GUI (Figure 1).

Cloud Threat Intel in the Zenarmor Configuration

Figure 1. Cloud Threat Intel in the Zenarmor Configuration

Security and Privacy#

SVN makes the privacy and security of all cloud queries a top priority. To that end, sessions between Zenarmor deployments and the Cloud system are encrypted with industry-standard AES-256 encryption.

Incoming query data is held anonymously and not tied to any personally identifiable information (PII) such as IP addresses. Upon processing, the query data is immediately deleted and purged. Additionally, as per the SVN data processing policy, we do not store incoming data older than 7 days (maximum).

For more information, please refer to our Privacy Policy. SVN is also in the process of certifying Zenarmor with Privacy Shield, the EU-U.S. and Swiss-U.S. Privacy Frameworks.

SVN Cloud Hosted on Google Cloud#

SVN has partnered with Google Cloud to establish a robust, secure-by-default, reliable and scale-able infrastructure, details below.

Google-cloud-vertical-1

Figure 2. Google Cloud Service

The SVN Cloud database and SVN back-end systems are built and hosted using the Google Cloud infrastructure.

SVN Cloud serves from the following locations:

Americas#

  1. USA West (Oregon)
  2. US Central (Iowa)
  3. US East (South Carolina)

Europe#

  1. Europe 1 (Frankfurt am Main, Germany)
  2. Europe 2 (Zurich, Switzerland)

Asia#

  1. Asia 1 (Hong Kong)
  2. Asia 2 (Mumbai, India)

Australia#

  1. Australia (Sydney, Australia)