Lenovo Security Console – Powered by Coronet - User Guide

   Contents

   Introduction

   System Requirements

   Coronet Setup

   Assigning Coronet Licenses to Users

   Coronet’s Endpoint Access

   Coronet Protection Modes and Rules

   Coronet Events

 

Introduction:

Lenovo Security Console – Powered by Coronet, is a SaaS (Software as a Service) Cybersecurity platform that provides ease of set up and can be configured in less than 3 minutes. It requires no implementation or monitoring and provides an invisible layer of protection for your cloud applications.

With an all-in-one solution that covers an organization’s DLP (Data Loss Protection) and Access Management, while also acting as a CASB (Cloud Access Security Broker).

Lenovo Security Console – Powered by Coronet is intended for SMBs (Small and Medium-sized businesses).

 

System Requirements:

Lenovo Security Console – Powered by Coronet, is a cloud-based solution. Setup and configuration are performed via a Web browser application.

Lenovo Security Console – Powered by Coronet, includes an optional, monitoring of device security posture, requiring users to install the Coronet Client and to enroll their devices.

Current Coronet Client supported devices are:

   Operating System

   Version

   Windows

   Windows 7 and above

   macOS

   macOS 10.12 and above

   Android

   Android 4.4.2 and above

   iOS

   iOS 9.0 and above

 

Lenovo Security Console – Powered by Coronet, supports specific cloud services:

  • Office 365
  • Google G-Suite
  • Dropbox
  • Box
  • Slack
  • Salesforce

 

Coronet Set up:

After the Lenovo Security Console – Powered by Coronet account has been created, the customer’s IT Administrator will need to login to the Coronet Console and complete three simple steps:

  1. Connect supported cloud services.
  2. Assign Coronet Licenses to users.
  3. Optional: Send users a Coronet client download link.

Connecting Supported Cloud Services:

  1. Sign in to the Coronet Console https://cloud.coro.net/:

mceclip0.png

2.  From the menu > CONFIGURE > Services

mceclip1.png

 3. Click on the Add Services button and select the service you wish to connect.

 

mceclip0.png

4.  Each service has step-by-step instructions with screenshots, guiding the user on how to connect the service.

mceclip1.png

5. After completing configuring each service, test the connection.

mceclip2.png

6. If the connection is successful, the service will appear in the Services list, with the status Connected:

mceclip3.png

mceclip4.png

Assigning Coronet Licenses to Users:

Once a service is connected and synced with Coronet, user email addresses are imported into the Coronet console but are not automatically assigned licenses.

Note: Coronet only monitors users that have been assigned a license.

The number of licenses that can be assigned is based on the number of user licenses the customer purchased.

 

1. Sign into the Coronet Console: https://cloud.coro.net

mceclip5.png

2. From the main menu: MANAGE > Users

mceclip6.png

3. Check the users for which you want to assign a license. 

mceclip7.png

4. From the Bulk Actions button, click on Assign License to User 

mceclip8.png

 

mceclip9.png

5. You will receive an alert that the Licenses have been assigned. 

mceclip10.png

6. The User will be marked as being assigned a license

mceclip11.png

Un-assign Coronet user licenses:

1. Check the users you wish to un-assign licenses.

mceclip0.png

2. From the Bulk Actions button, click on Remove user’s license

 mceclip1.png

3. You will receive an alert that the licenses have been removed

mceclip2.png

4. The license will no longer be assigned

mceclip3.png

Coronet’s Endpoint Access:

If your organization requires tracking and mitigating user device vulnerabilities (i.e., vulnerable devices with old operating systems, compromised/jailbroken devices, OS vulnerabilities, or WIFI network threats), you can send users a link to download and install the Coronet Client. After installation, the user must enroll the device to the company’s Coronet account.

1. Send the user the link to download and install the Coronet Client: https://www.coro.net/download

mceclip4.png

2. After installation, the user will be prompted to enter their corporate email account and click on the Activate button

mceclip5.png

3. An email will be sent to the user with the Coronet verification code

mceclip6.png

4. The user enters the code and clicks on the Verify button

mceclip7.png

5. The Coronet Client will be associated with the company’s Coronet account

mceclip8.png

 

Coronet Protection Modes and Rules:

Coronet can identify and can automatically mitigate cybersecurity risks. There are three types of threat mitigations:

  1. Silent mode (creates only Console events).
  2. Alert the user
  3. Alert the user and take specific mitigation actions

By default, Coronet is initially set to Discovery mode, where all the security policy rules are set to Silent mode.

mceclip9.png

Coronet is pre-configured with a set of default Rules (CONFIGURE > Rules):

mceclip10.png

mceclip11.png

In general, Coronet rules are made of several different types of rules that are divided into four categories:

1. User Behavior: “User Access” Rule (before login) and “Service Activity” Rule (after login).
2. Service Threats: “Service Threats” Rule (Malware and Ransomware).
3. Data Leakage Protection: “DLP – File Type,” “DLP – Content,” “DLP – Email” Rules
4. Endpoint Security: “Network access by threat,” “Network access by list” Rules

 

Each rule is made of the following attributes:

  1. Rule type
  2. Rule name
  3. Rule scopes
  4. Rule threat triggers
  5. Rule threat mitigation actions
  6. Rule notification action

Rules can be Enabled or Disabled, edited, and deleted.

The user can also create additional custom rules (based on the above types of rules).

 mceclip12.png

After letting the system run in Discovery mode for 1-2 weeks, customers should switch to Protection mode to better protect their organization.

Coronet Events:

When a rule is triggered, an event is created. You can view the list of events under INVESTIGATE > Events

mceclip13.png

mceclip14.png

Click on an event row to display additional information

mceclip15.png

We created a Best Practices guide that can accompany such events. Its purpose is to assist the SMB to reduce events

mceclip16.png

The events table can be filtered by clicking on the funnel button

mceclip17.png

mceclip18.png

 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.