Get started
ActZero partners with your organization to monitor, detect, and respond to cybersecurity events and issues in your network.
The following outlines the onboarding steps that enable the ActZero team to access your network infrastructure and begin guarding your organization against vulnerabilities and keeping it safe from cybersecurity threats.
Gather information
The ActZero team collects information from you and your IT Administrator about your network infrastructure, then schedules appointments with your team to get everything set up.
The team collects information such as:
- the applications and tools that make up your network infrastructure
- the local applications your organization uses
- the Software as a Service applications (SaaS apps) it uses, such as Salesforce.com, Box, or Concur
- the type of operating systems that endpoints on your network use: MacOS or Windows
- any APIs your organization uses
- details about the system and tools for managing user credentials
- generally, any entry points that offer access to your network infrastructure
With an assessment and inventory of your environment, the team schedules time to install the virtual machine, set up log forwarding, and install ActZero agents in your system.
Prerequisites:
- Familiarity with the AWS Console and the following services:
- CloudFormation
- S3
- IAM
- CloudTrail
- KMS (Key Management Service)
- Familiarity with your hypervisor of choice (VMware ESX or Hyper-V)
Install an ActZero virtual machine
A virtual machine (VM) is a tool that enables the user of a computer to set up an environment that behaves and functions as a separate computer. A VM has its own CPU, operating system, network interface, etc. that exists on a physical hardware but remains isolated from the rest of your system. A hypervisor is software that provisions and runs virtual machines.
ActZero works with your Hypervisor or IT Administrator to provision a VM in your environment that connects to security tools and on-premises and cloud environments. It enables ActZero to collect the log file information it needs to monitor and detect events in your environment for signs of suspicious activity.
Access the instructions to Install an Actzero VM.
Forward log files to the virtual machine
Log files are files that record events and activity that occur in your system. ActZero forwards the information that your system’s software and tools log so as to analyze it for signs of suspicious activity and malicious attacks.
ActZero works with your Firewall or IT Administrator to configure all the firewalls in your network infrastructure to forward logs to the ActZero VM.
Access the instructions to Forward log files to VM.
Install endpoint agents
When a computer program communicates with a program or device on a network, the channel through which it communicates has two endpoints. The endpoints send or receive data. Some examples of endpoints are desktop computers, mobile devices, tablets, and servers. Endpoints can be vulnerable to attack as malicious actors use them as entry points into a network.
ActZero works with your Endpoint or IT Administrator to install ActZero agents on endpoints in your network infrastructure. The agent is a program that works on behalf of ActZero to perform continuous, autonomous actions to monitor activity on an endpoint. Each agent transmits metadata about endpoint activity to ActZero so as to analyze and detect suspicious or malicious behavior.
Access the instructions to Install an ActZero endpoint agent.
Configure cloud connections
ActZero offers early access to a cloud detection program by invitation. Contact us to learn more about joining the program to add Managed Detection & Response (MDR) services to your cloud endpoints.
If you have already joined the program, use the Configure cloud detection documentation to assist ActZero in setting up the early access service.
Connect with ActZero
After completing the onboarding process, ActZero begins monitoring your organization’s network infrastructure for suspicious activity and malicious attacks. Further, from the information it has about your network, the ActZero team issues a monthly report that prescribes actions that you and your IT team can take to address any vulnerabilities in your network.
- For any urgent security issues, contact us at any time at 1-855-917-4981.
- Find out how to contact us in case of an non-urgent security issue or question about your service.
- Use the customer portal to review your organization’s most recent security activity and download your monthly report. (Not yet registered to use the portal? Let us know and we can set you up!)
Go further
- Install an Actzero VM in your local environment.
- After you have completed the steps to get started, complete five basic cybersecurity hygiene tasks.
- Learn more about how ActZero's MDR services work.
Was this documentation helpful? Please send us your feedback!