01

 

 

How does OREV achieve data-collection and communications with “zero impact” on the machine or network performance?

 

  • OREV has an agent installed on every machine collecting data locally, non-stop.

  • OREV agent uses native light weight APIs in an economic fashion, so it does not impact the monitored machines. Heavy or unsafe APIs like WMI are not used.

  • The design of the agent is fine tuned to balance accurate data collection with low overhead. Therefore the agent takes minimal resources – it is designed to take less than 1% of CPU capacity.

  • The agent also has its own 'safety mechanism’ which makes sure that the load on the machine will be minimal, and shut itself down if the machine is overloaded (e.g. during boot).

TECHNICAL QUESTIONS

 

02

Is the OREV software system dependent on the version of Windows?
  • No. It is not dependent on the version of desktop or server versions of Windows.

03

What platforms are supported by OREV? MS? Linux?
  • OREV supports Windows. Linux and Android had passed our feasibility testing and will be developed on demand.

04

How is software distributed over the network?
  • Distribution of the Agent software is usually done via standard tools like SMS or GPO, and also may be done manually.

05

Does OREV require a client on every machine?
  • Yes, it requires an agent at each endpoint.

06

How the data collected?
  • An agent is installed on all of the network components i.e. workstations, servers , printers, virtual-machines etc .

  • Data is continuously collected and transferred to the OREV server which stores the encrypted data in a database.

  • The data collection pace is scheduled and controlled by the OREV server.

  • To minimize data volume and the pace, both have been optimized.

07

How is an agent protected?
  • OREV Agent consists of processes running under a Management Service. One can kill the agent processes but the Service will restore it. If someone (Network Administrator) stops the Service, an alert will be issued. It can be also programmed to shut down the station.

          

08

How is an agent protected?
  • OREV Agent consists of processes running under a Management Service. One can kill the agent processes but the Service will restore it. If someone (Network Administrator) stops the Service, an alert will be issued. It can be also programmed to shut down the station.

09

10

11

How is data collected by the agents , protected in the network?
  • Data collected by OREV agents are compressed and encrypted on each of the machines before being sent to the OREV server. All network traffic is encrypted.

What encryption does OREV S/W use?
  • The encryption uses a key based on the IP address, motherboard ID, BIOS ID and more.

12

How does it monitor machines outside of the network?
  • Once OREV Agent is installed, it monitors the machine internally at the CPU level. For example, if a laptop disconnects, the agent will continue to monitor the mobile device. When it reconnects to the network, the collected data will be sent to the OREV server.

13

How complicated is it to install the OREV S/W in a network?
  • The installation of the OREV S/W is a two stage process.

  • First, a dedicated OREV server is prepared. it takes approximately about 1 hour to install the OREV software.

  • Second, the “agent” software is distributed to the client machines. The time it takes depends on the distribution tools used by the client. Agent upgrades are done within OREV system.

14

What exactly is the OREV S/W mechanism and how much intervention is required while operating ?
  • OREV was designed to be self-governing, zero maintenance.

  • Administrator access is only needed during agent distribution and server installation. Once installed, each agent is sending encrypted data to the OREV server no further support is required.

  • The data collected by the OREV Agent is kept and sent encrypted to the OREV Server. The user can view historical data from that server, or use the same screens to request online data from the agents using the secured protocol.

  • Data file content is never accessed by the agent. The agent can monitor and recognize a list of file names, sizes or checksums, but it does not access the contents of any of those files.

15

What is the overhead (time, memory, network usage, etc.) required by the OREV  software?
  • The data sent from the OREV Agent to the OREV server is compressed and encrypted. Each client sends approximately 50 KB of data per day. The server capacity required per day for each IP address is about 1.5mB. The total amount of memory of the server is directly related to the number of machines and the desired period for archiving.

16

Does OREV have alert features?
  • OREV offers a programmable alert feature that the Administrator can define. For example, OREV Flare can detect unauthorized internet breach (even if disconnected from the organizations network) and sends alerts to a dedicated OREV remote server. A classic alert can be an anomaly to a station profiled activity.

17

What is the follow up on an alert?
  • The follow up is determined by the enterprise management and the network Administrator to meet the organization’s needs.

18

Can OREV take action against behavior anomalies?
  • Currently, OREV can only alert of an anomaly in station behavior. Actionable controls are in design and will be available in Q2 2015.

19

Can OERV control downloads by end-users ?
  • OREV can’t stop a download, it can only monitor and record file identities. Actionable controls are in advanced design stages.

20

Can OREV prevent or detect penetration attempts like a firewall?
  • OREV detects abnormal station activity, processes, ports and communications. It does detect security breaches but does not prevent it. Only an effective Firewall can prevent a breach.

21

How does OREV  prevent Zero Day Attack ?
  • The OREV system identifies all new objects on a machine, such as new process, new listener port, change of executables, etc., and thereby it can identify or prevent ZDA.

  • Once there is information on a specific threat, obtained from any source (in a form of any file, executable, etc.), OREV can analyze and identify the infection that could spread across the organization and determine the proper action to handle it.

22

What is the manpower required to manage the system, create and view reports?
  • OREV maintenance is a few hour per month to check the network vitality. Upgrading the server or the client S/W version seamless.

  • Creating and viewing reports depends on management requirements. One of OREV’s largest customers have 5 dedicated people that handle monthly reports and on demand reports. However, if there is a departmental requirement for specific reports of interest, that is a management decision for additional personnel. Customers may also request consulting hours.

  • Smaller customers have contracts enabling OREV to log in via VPN to create reports remotely as needed.

23

23

Are OREV reports customizable? Can searches and reports be done in real time?
  • A large variety of real-time reports can be delivered from a single source based on the vast amount of data collected and its algorithm, which identifies network anomalies.

  • OREV provides flexible and customized searches and enables reports specific to each software module.

  • The OREV S/W allows for partitioning of enterprise data collection, and thereby facilitates controlled viewing of information.

  • There are also roughly 100 generally available online reports that can be requested, enabling operational machine comparisons. These reports can be added to tailored batch reports.

24

Can OREV detect underutilized S/W licenses?
  • OREV monitors all installed software, related processes and enables data analysis to measure Software license usage. It can also monitor Web Application usage by monitoring HTTP requests.

Does OREV do asset management?
  • Yes. The data collected by all OREV agents enables accurate asset management, including both hardware, software and other licensed assets.