IntelliGO combines many different functions into a single security platform. This provides visbility, control and automation to move companies from unmanaged security to managed security.
The graphic below illustrates how users, devices, applications and their network connections move from an insecure/unmanaged state to managed security through IntelliGO. The documentation for IntelliGO and the interface refer to these from anIT perspective representing a user by their access to credential, devices by their asset information, applications by their attributes and network by ports and access properties.
The process begins by identifying unmanaged security by looking at specific network traffic then scanning switches/access points and devices and deploying agents to devices we find. We then actively look for security hygiene and hunt for threats continously as well as enforce controls over access to the network and systems.
While the platform can do a lot of things the focus is on managing detection and response of security incidents. To do this, the platform provides many different ways to collect and act on your behalf. If run by our CyberSecurity team the intial setup is done by us, if purchased IntelliGO for your own management then the Documentation section of our site helps you configure and ask questions about the product.
IntelliGO as a platform has a number of different components which are included within our agent and server technology. Agents may run transparently or as an application and the server may run as hardware or virtual machine with multiple instances operting as one.
The diagram below illustrates the components that make up the IntelliGO platform.
The components are described below for the server both virtual machines and hardware offer the same features
|Vulnerability Scanner (VA)||Using a combination of scanners the IntelliGO VA Scanner will examine open ports and services and map the vulnerabilities running over those ports and create reporting through web-based dashboards internally.||5.1+|
|Switch Scanner||IntellliGO Switch scanning uses the SSH or Telnet protocol to scan switches and access points for connected devices. A number of network operating systems such as Cisco, Juniper, Aruba/HP, Brocade and others are supported. Pay special attention to versions when scanning and communicating to support.||5.5.4+|
|Probing||IntelliGO will scan Windows, Linux and Macintosh OSX connected devices to pull operating system information without an agent using our Probing feature. This allows agentless inventory of workstations and applications. This requires that a policy for fingerprinting be setup to monitor DHCP traffic for all devices||5.5.4+|
|Data Analysis and Search|
|Elastic Search||IntelliGO will copy log data from databases to in-built elastic search for analysis. This will offer teams monitoring the software to build dynamic dashboards and include data from firewalls, agents, cloud systems and other data points as part of IntelliGO||6.0+|
|Log Collection||To feed the Search engine the log data sent to the server is collected by the in-built log collection which gathers logs directly on the server from forwarded Sylog, Agents and API calls to cloud systems.||6.0+|
|Traffic Collection||Using a SPAN/Mirror/TAP port on the network IntelliGO can listen for DHCP traffic (Fingerprinting) to identify devices as well as full packet capture to examine traffic for both application traffic and intrusion detection against signatures.||6.0+|
|Network Access Control|
|RADIUS Server||IntelliGO provides a complete and customizable RADIUS server internally to accept Authentication, Authorization and Accounting requests from RADIUS clients.||4.0+|
|2 Factor Authentication||Using Android or iOS devices a 2 Factor Authentication client is used to enter time based one-time passwords (TOTP) tokens for VPN, Cloud Applications or other systems. This supports QRCode synchronization for cloud or RADIUS auth with Microsoft Active Directory for VPN||5.0+|
|Certificate Authority||IntelliGO provides Simple Certificate Enrollment Protocol (SCEP) services built-in as a Certificate Authority to manage client certificates distributed in agents for authentication during report submission or RADIUS authentication||4.0+|
|Local User DB||Visitors can be given local usernames and passwords to access the network on the local user database within IntelliGO. Captive Portal is provided by Firewalls or Wireless Access Points/Controllers or Wired Switches to enter the provided username and passwords||4.0+|
|MAC Address DB||The MAC Addresses learned through Switch Scanning or TAP (Fingerprinting)||
|Reporting and Management||Both reporting and management are performed on the web console from the IntelliGO Server. This allows a simple menu driven method for applying settigs and creating visualizations used to analyze data||
The components are described below for the endpoint components:
|Agent Collection Modules|
|OSQuery||OSQuery is used to get detailed infromation about Windows, Macintosh and Linux endpoints. These queries are based on the OSQuery utility packaged wiht the agent.||6.0|
|IOC (Indicator of Compromise)||The IOC Scanner provides OpenIOC 1.1 detection capabilities by downloading libraries of IOC files and scanning Windows workstations (Windows 8.1+ Only). Use Palo Alto Networks APIs to automatically download IOCs from firewalls||5..5.4+|
In-built security hygiene agent examines the endpoint for missing:
Patches: Scanning the Windows Patch management agent (built-in to Windows or through a management client like SCCM).
Anti-Virus: Next-Gen and regular Anti-Virus scanner settings including detections, real-time protection, last-scans, definitions and Firewall settings if applicable.
Encryption, Backup and Application states
On Windows, Macintosh, Apple iOS, Android and Chromebook discover the physical location of devices on and off the network. This setting requires user permission to enable on most current Operating Systems.
|System (Modified Files)||
System settings check for modified files on the local file system.
Check the systems running processes periodically to inspect for unauthorized utilities
Capture the screen for the runs on Windows XP-10, Macintosh OSX 10.5.8+ and depcrecated on iOS 9.3+
Removed in 6.1
Captures the user. XP-10, Macintosh OSX 10.5.8+ and depcrecated on iOS 9.3+
|5.5.4+ Removed in 6.1|
|Agent Analytics Package|
|Packet||Using the in-built packet capture driver for IntelliGO Packet Analysis will map all process traffic outbound and inbound for the device.||6.0+|
|WinLog||Windows Event Viewer logs are collected including Security, Application, System and other custom logs. These are stored and forwarded as far back as required||6.0+|
|Metric||Capturing CPU/Disk/RAM/File System statistics from the agents||6.0+|
|File||Local Log Files such as anti-virus agents, databases or other flat files on the system which change consistently.||6.0+|
|Actions (within Agents)|
|Application Actions||Remove or install applications (iOS/Macintosh AppStore Apps) or Android applications||5.5.4+|
|Wipe Device||Wipe device will remove and factory default all settings. iOS/Macintosh OSX/Android Only.||5.5.4+|
|Lock Device||Lock the device (iOS, Android, Windows, Chromebook, OSX) offer an optional encoded password (OSX, Windows Only).||5.5.4+|
|Alarm||Sound an alarm and alert the user that the device has been reported lost or stolen (Windows, Android, OSX and Chromebook)||5.5.4+|
These components and their installation are described throughout the documentation sections throughout.