nDiscovery - Frequently Asked Questions

Why monitor and analyze logs?

NIST says it best: “The routine analysis and review of security logs benefits organizations by identifying fraudulent activity, operational problems, policy violations, and security incidents, as well as provides the necessary information to help resolve these problems. Logs can also be useful for establishing baseline activity, exposing long-term problems, performing auditing and forensic analysis, and tracking operational trends.”

Why subscribe to nDiscovery?

nDiscovery is a comprehensive, customized log inspection and analysis service that transforms your raw logs into valuable insight and actionable intelligence. nDiscovery’s sophisticated data analysis technology combined with human intelligence expertly mines the log data to identify events that may be putting your organization at risk.

View our video about the benefits of a log analysis service

Is nDiscovery a Security as a Service (SaaS) solution?

Yes, nDiscovery is a cost effective SaaS! The service eliminates the need to invest in costly hardware devices, software applications, or dedicated resources. It works with the raw logs that are natively generated by network devices and applications, which are securely transmitted to the Sage SAS70/SSAE16 certified data center, subject to a customized code based inspection, and then expertly reviewed by nDiscovery analysts.

What types of logs are analyzed by nDiscovery?

The most common logs reviewed by nDiscovery are generated by:

  • Windows Servers*
  • Firewalls*
  • MS-SQL & Oracle for Windows databases
  • IIS/Apache web servers
  • Switches
  • Routers
  • VPN Devices
  • VCenter Hosts
  • Email Gateways
  • VMware Hosts
  • Wireless Access Points
  • RSA Authentication Manager
  • NetScaler
  • SAN/NAS Devices

What does nDiscovery look for?

nDiscovery is designed to detect threats and identify “at risk” events, provide oversight for administrative and third-party management, and report on security-related operational issues.

  • Threats and at risk events include unauthorized access, malware, data leakage and suspicious activity.
  • Oversight includes reporting on administrative activity, user management, policy changes, remote desktop sessions, configuration changes and unexpected access.
  • Security-related operational issues includes reporting on patch installation, software installation, service management, reboots, bandwidth utilization and DNS/DHCP traffic.

What is the notification process?

nDiscovery reports are generated for each log cycle (generally 24 hours) and posted to the nDiscovery client portal. The reports provide a consolidated view of activity and are designed to be equally useful for both technical and non-technical personnel. Issues that require attention are designated an “nDiscovery Item” and are given prominence at the beginning of the report as well as posted on the nDiscovery Items page in the nDiscovery portal.

If an issue requires immediate attention, the reporting process is escalated and the client is contacted directly by phone and/or email.

Does nDiscovery provide real-time alerting?

Yes, our nAlert option provides you with real-time alerting of network events. Logs are collected every five minutes, and you are notified about specific events in real-time. The basic option delivers preconfigured alerts for critical security events. We also offer a premium option that gives you the
ability to configure the events for which you want to receive notification.

Notifications are sent via email and/or text.

For how long are the reports available?

The reports are published in PDF format; clients are encouraged to download and save them locally. However, nDiscovery reports are archived and available as long as the subscription is active.

What do Examiners, Auditors and Risk Managers have to say about nDiscovery?

Examiners, Auditors and Risk Managers consistently praise nDiscovery. They rely on it for assurance that an organization's logs are expertly analyzed on a scheduled basis, providing an audit trail that documents when and by whom the nDiscovery reports are read as well as insight into how the organization responds to identified issues.

Can my organization afford nDiscovery?

nDiscovery is a cost-effective solution, guaranteed!  In fact, by eliminating the need to invest in hardware, software and dedicated resources, nDiscovery can actually save your organization thousands of dollars.

View nDiscovery subscription costs

How is nDiscovery priced?

nDiscovery is a subscription-based service. Subscription fees are determined by type of device and either the total number of devices or number of log events per day. There are no up-front costs or long-term contracts, and billing is quarterly.

Our most comprehensive and cost-effective subscription program is the nDiscovery Enterprise License, which provides unlimited licensing for all supported network devices for one flat monthly fee. Firewalls and
Windows Servers must be licensed to be eligible for Enterprise.

View nDiscovery subscription costs

How can I learn more about nDiscovery?

Request an interactive demonstration of nDiscovery to experience the power of the service first-hand.

Request a demo now