VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third-party updates | This Wednesday | 12 PM EST / 6 PM CET

Homepage 5 Frequently Asked Questions

Frequently Asked Questions

What endpoint data does Action1 store in the Cloud?

Action1 maintains your list of endpoints, which includes computer names, IP addresses, and connection statistics. It also performs short-term caching of your endpoint data in the Cloud for efficiency purposes. When you run a query, Action1 Cloud contacts your endpoints to query information, temporarily caches the query results in the cloud, and then shows it to you in the web console or sends via email (for scheduled queries). After that, your endpoint data is permanently deleted from Action1 Cloud. As a result, you always have up-to-date live information from your endpoints (instead of out-of-date data collected hours or even days ago). When an alert is generated, it is sent by an agent to Action1 Cloud first, and then Action1 Cloud sends it via SMTP to your email address, deleting the alert contents right afterward. Action1 also stores some diagnostic information (see Logs) for 7 days. If you want any of this data to be deleted sooner than stated, please contact our technical support.

Where are Action1 cloud servers hosted?

Action1 cloud servers are hosted by Amazon Web Services in data centers located in Virginia, USA, and Frankfurt, Germany. If your organization is subject to any local data privacy regulations that restrict you from trusting the above-mentioned location, please contact technical support to discuss your requirements.

How secure is Action1 Cloud?

Action1 was designed to take full advantage of state-of-the-art built-in security mechanisms of Amazon Web Services and with strict internal processes that ensure the highest standards of customer data protection. For example, internally we use multi-factor authentication, data encryption, and access on the need-to-know-basis, ensuring that no single person in our organization has ‘keys to the kingdom’ at any time. All communication between Action1 Cloud and Action1 Agents and Deployer occurs via the latest revision of SSL/TLS protocol with mutual authentication and encryption that provides complete protection against eavesdropping, data tampering, and even man-in-the-middle attacks. The Action1 Agent and Deployer distribution packages have security authentication information automatically embedded into them at download time (private encryption key, authentication certificate, and your customer ID) and no unauthenticated or clear-text communication ever occurs. Automatic agent updates are also secure from DNS spoofing and other sophisticated attacks because each downloaded update is verified for integrity to make sure it comes from the trusted source. To learn more about our secure architecture and internal organizational practices, please schedule a free demo and we will happily walk you through this.

Why don't you use SMS for multi-factor authentication in Action1 console?

Multi-factor authentication is designed to bring an extra layer of security to the sign-in process — after entering credentials, you are prompted to provide a one-time code. SMS is no longer considered safe since phone number ownership can be easily revoked and violated. In Action1, we recommend using authentication apps such as Google Authenticator, Twilio Authy, Duo Mobile, or Microsoft Authenticator. Also, you can leverage one-time codes sent to your corporate email. MFA ensures a higher level of protection while keeping your organization in line with data security standards.

Action1 Deployer asks me for credentials with Administrator rights — why?

Administrator credentials are used by Action1 Deployer only to deploy Action1 Update service that in turn deploys agents on your network. Action1 Deployer never sends these credentials to Action1 Cloud or to your agents. If you are unable to provide administrative credentials to Action1 Deployer, other deployment options are available, such as via Group Policy, manual or batch installation. Please refer to online documentation or contact technical support if you need help with this.

What TCP/IP ports does Action1 use?

Action1 Deployer and Action1 Agents use secure connections over TCP port 22543 to communicate with Action1 Cloud, so you need to have this TCP port open for direct outbound connections (bypassing any proxy servers). The inbound port 22551 should be open as well to allow 2P2 file distribution. For detailed information, see Firewall Configuration.

How many endpoints does Action1 support per customer?

Action1 was designed from the ground up as a cloud-based technology with almost unlimited scalability to support millions of endpoints. Multi-tiered architecture automatically scales as more agents are rolled out.

How much space is available per customer?

Your storage quota depends on the number of endpoints connected to Action1 Cloud. Action1 typically reserves 1 GB per endpoint. For example, for a 100 endpoints license, we’ll provide you with up to 100 GB to store packages. If you need additional space, feel free to contact us. We can extend your storage quota for an upcharge.

Does Action1 Agent utilize any significant system resources?

Action1 agent is a tiny executable file (less than 6 MB) with a minimal resource footprint. Unless alert rules are enabled, it sits idle most of the time, waiting for your queries. If alerts are enabled, it uses slightly more CPU, memory, and disk resources, depending on the number of alert rules enabled and the complexity of these rules (such as filters applied to it). Generally, it uses only about 10-15 MB of disk space, 30-50 MB of memory and occasionally consumes 1 CPU to process queries and monitor alert conditions.

What are the network bandwidth requirements?

Action1 uses an efficient communication protocol that has little overhead. When using queries, the amount of bandwidth utilized depends on the query output (number of results returned). When using alerts, it generally consumes about 5 KB per alert generated (and there is a fixed number of alerts that can be generated: it’s currently set to 10 alerts per rule per hour). Plus there is some overhead related to automatic agent updates, which happen from time to time. Every update is roughly 6 MB in size for each endpoint and it generally happens a few times per month as we continuously improve the functionality of the service. However, the update overhead can be substantially reduced if Action1 Deployer is utilized. In this case, the update is downloaded from Action1 Cloud only once and then it automatically gets distributed to all the agents via the local network.

What underlying product or service do you host?

Action1 was built from the ground up without using any third-party products or services other than Amazon Web Services. We do not host any third-party products on our servers, and we do not utilize any third-party products or services. Also, as a technology company, it’s our policy to NEVER outsource any of our core technology activities, including development, DevOps, or technical support.

Why can't I just use PowerShell scripts to accomplish the same functionality?

Fair question. Yes, you can accomplish almost everything under the Sun by utilizing scripting. However, in this case you have to take into account all the risks and maintenance costs, deal with complexity, scalability, and reliability issues. You can find almost any kind of script or utility online and use it at your own risk, running it under administrative credentials. You also have to maintain the scripts as your systems and processes evolve. Managing, interpreting, and automatically analyzing data generated by scripts on a regular basis is a very tedious task that can require substantial management framework (scheduled tasks, encrypted data storage, email alerts, etc). On top of all that, add network connectivity issues (are all of your endpoints online 100% of the time?) and general reliability and security of your custom system. Action1 takes care of these issues and adds a lot of additional value via uniform data analytics capabilities and efficient real-time data processing.

Still have questions? Please refer to online documentation or contact support.