MSP Active Protect is an extension of the Firewalla Box’s Active Protect.
By leveraging extended data visibility (30-day or 180-day flows) and machine-learning-based Firewalla Intelligence running inside your MSP instance, MSP Active Protect can help you analyze your network’s behavior and optimize your alarms.
MSP Active Protect is currently in the beta stage. Since alarms can be generated or archived in multiple ways, we continue refining how the analysis results are presented. During the beta stage, the algorithms used are much less aggressive.
MSP Active Protect
Imagine you have a smart security camera outside your home. When you arrive home each day at 6PM, your camera detects this motion and uploads the data to its cloud. The Firewalla App then sends an alarm indicating an abnormal upload from the camera. Since the Firewalla App only retains flow data for 24 hours, your daily arrival always appears abnormal.
Firewalla MSP, however, offers 30- or 180-day data retention, providing more information for Firewalla Intelligence to analyze. MSP Active Protect can analyze your security camera’s upload behavior over the past 30 or 180 days to identify normal patterns.
It adds two new features:
- Alarm Optimizer: Automatically archives alarms identified as normal behavior. This feature improves the accuracy of your alarms and reduces false positives.
- Advanced Behavioral Alarm: Generates new alarms and identifies new anomalies. This feature ensures that you focus on the important alarms and take notice of behavioral anomalies.
How to enable MSP Active Protect
MSP Active Protect is enabled by default. You can click Active Protect on the left navigation bar to turn on/off Alarm Optimizer and Advanced Behavioral Alarm for different boxes separately.
Please note that this feature is only available to boxes in 30-Day and 180-Day Flows seats.
When Active Protect is on, the Active Protect page will display a chart showing the number of alarms archived or generated over the past 30 days. Click on the chart to drill down and view the corresponding alarms.
It will take you to the Alarms page with the filter, “ActiveProtect: Archived” or “ActiveProtect: Generated.” Click on any alarm to view more details.
Active Protect Analysis
For most archived alarms, you’ll find a tab called Active Protect Analysis, which displays statistics on flow counts between the device, its destination, and between all devices on the specific box and the destination.
The flows and data transferred for the current day will be displayed on the rightmost bar of the bar graph. Based on Firewalla Intelligence, if the statistical trend appears normal, the bar will be shown in blue, otherwise, the bar will be red.
Besides statistical-based analysis, Firewalla also has other methods to improve alarm generation/handling. Therefore, the Active Protect Analysis tab may not be available for all alarms. As MSP Active Protect is still in Early Access/Beta, we continue to improve how to best present the analysis behind the scenes.
Comments
0 comments
Please sign in to leave a comment.