Documente Academic
Documente Profesional
Documente Cultură
Welcome Guide
Page | 1
Table of Contents
ABOUT THIS DOCUMENT .......................................................................................................................... 3
INTRODUCTION TO THE ERT PREMIUM SERVICE ................................................................................. 3
INITIAL DEPLOYMENT PROCESS OF DEFENSEPRO CPE .................................................................... 3
PREREQUISITES ........................................................................................................................................ 4
FILLING OUT THE ERT PREMIUM SETUP FORM........................................................................................... 4
Customer Contact Procedure Section ............................................................................................. 4
VPN and Firewall Piercing ............................................................................................................... 5
ERT PREMIUM ROUTINE ............................................................................................................................ 6
ERT PREMIUM CUSTOMERS CONTACT POINTS .......................................................................................... 7
ERT HOTLINE ........................................................................................................................................... 7
MONTHLY REPORT .................................................................................................................................... 8
Page | 2
About This Document
This document is intended for Radware's Emergency Response Team (ERT) Premium
customers.
Prerequisites
Before the process can begin the device has to be fully connected including:
DefensePro is wired and receiving traffic.
Customer Vision is connected to all relevant DefensePros.
Network policies are configured.
In the ERT Premium Setup Form, in the section “Customer Contact Procedure,” you specify the
step-by-step instructions that the ERT 24/7 team will follow when ERT detects an on-going
attack.
Notes:
ERT personnel will follow your instructions, but may make recommendations based on its
best practices.
It is very important to be precise in your instructions. ERT members are instructed to follow
these instructions to the letter.
ERT divides the security events into three risk severities: HIGH, MED, and LOW. The following
table describes, according to risk severity, the method that ERT uses to contact you.
LOW No immediate contact. First, ERT investigates and contacts the customer only if the
risk escalates.
Page | 4
Here is an example of instructions provided by an example customer, called DummyPay at
www.dummypay.com.
ERT Premium customers are being monitored constantly by security and network systems,
during routine and attacks ERT makes modification on the customers on premises equipment.
This remote action requires ERT Premium customers to allow remote connectivity.
Customer can chose between two plans to support that:
VPN
SNMPv3
VPN
For VPN setup contact us at ert-soc@radware.com to coordinate VPN setup. We will involve
our ERT-NOC team in the process.
SNMPv3
To allow Radware to remotely access your equipment open your firewall and any other relevant
network entity. In the firewall you will need to configure
Customer IPs – include all DefensePro and Vision IP as follows.
Radware IPs – include the IPs specified in the ' Radware IPs Table' below accordingly to
you location.
Protocol, ports and direction – according to the ' Protocol, Ports and Direction Table'
below.
US 38.104.206.101
Page | 5
38.104.206.102
EMEA 149.6.43.75
149.6.43.78
Page | 6
ERT Premium Customers Contact Points
Note: Radware Technical Support updates ERT on any incoming requests.
The following table describes the procedure for ERT Premium customers to contact Radware:
Issue Type Examples Contact Point Contact Methods
Technical support APSolute Vision is not Radware Technical Technical support
responding. Support
ERT Hotline
ERT Premium customers are entitled to continuous phone access directly to ERT. This is
referred as the ERT Hotline. The ERT Hotline ensures the fastest response and guarantees that
we meet the SLA.
If there is any problem with the hotline, contact Radware Technical Support by phone.
Important: In case of emergency, use the hotline to immediate access ERT ,; do not only send
an email to the ERT or Radware Technical Support. Only the hotline guarantees an immediate
response.
Issues that are not urgent can and should be addressed by email.
ERT Premium customers receive a hotline access code and code numbers in the following
format.
Page | 7
Monthly Report
As part of the routine procedure, ERT sends a monthly report to the customer. ERT sends each
report by the 10th of each month. The report covers the previous calendar month. The report
lists the attacks occurred and includes the ERT’s analysis and security insights.
Along with the monthly report, ERT conducts a conversation with the customer.
Maintenance Activities
ERT Premium customer configuration is not static and often changes occur. The changes
include:
Network and policy configuration
Security configuration
Software version and signature file
The changes occur for various reasons that acts as the trigger for those configuration including:
Additional or modified customers assets and services
New security threats
Feedback learned from previous attack experienced by this customer or by another
customer
New protections released in new software version or bug fixes.
Page | 8
The ERT analyst will contact the customer according to the 'Customer Contact Procedure'
Attack Mitigation
If an attack is on-going the ERT will verify that the mitigation is effective. If not the ERT will
reinforce the mitigation.
During prolong attacks campaigns ERT will report to the customer periodically and at least once
a day. The report will include the attack vectors and mitigation efforts. In very intensive attack
campaigns ERT will report more often and may always keep an open bridge with the customer.
Note that some customer are permanently under certain attack vector in which case there is no
special reporting by ERT unless the attack breaks its pattern.
Summary Report
Once the attack is over ERT will send a summary. For most attacks a summary email will be
sent including:
Attack Analysis
Mitigation Actions
Future Recommendations
For sever attack campaigns a detailed PDF report will be sent.
Page | 9