Lenovo Security Console – Powered by Coronet, is a SaaS (Software as a Service) Cybersecurity platform that provides ease of set up and can be configured in less than 3 minutes. It requires no implementation or monitoring and provides an invisible layer of protection for your cloud applications.
With an all-in-one solution that covers an organization’s DLP (Data Loss Protection) and Access Management, while also acting as a CASB (Cloud Access Security Broker).
Lenovo Security Console – Powered by Coronet is intended for SMBs (Small and Medium-sized businesses).
Lenovo Security Console – Powered by Coronet, is a cloud-based solution. Setup and configuration are performed via a Web browser application.
Lenovo Security Console – Powered by Coronet, includes an optional, monitoring of device security posture, requiring users to install the Coronet Client and to enroll their devices.
Current Coronet Client supported devices are:
Windows 7 and above
macOS 10.12 and above
Android 4.4.2 and above
iOS 9.0 and above
Lenovo Security Console – Powered by Coronet, supports specific cloud services:
- Office 365
- Google G-Suite
Coronet Set up:
After the Lenovo Security Console – Powered by Coronet account has been created, the customer’s IT Administrator will need to login to the Coronet Console and complete three simple steps:
- Connect supported cloud services.
- Assign Coronet Licenses to users.
- Optional: Send users a Coronet client download link.
Connecting Supported Cloud Services:
- Sign in to the Coronet Console https://cloud.coro.net/:
2. From the menu > CONFIGURE > Services
3. Click on the Add Services button and select the service you wish to connect.
4. Each service has step-by-step instructions with screenshots, guiding the user on how to connect the service.
5. After completing configuring each service, test the connection.
6. If the connection is successful, the service will appear in the Services list, with the status Connected:
Assigning Coronet Licenses to Users:
Once a service is connected and synced with Coronet, user email addresses are imported into the Coronet console but are not automatically assigned licenses.
Note: Coronet only monitors users that have been assigned a license.
The number of licenses that can be assigned is based on the number of user licenses the customer purchased.
1. Sign into the Coronet Console: https://cloud.coro.net
2. From the main menu: MANAGE > Users
3. Check the users for which you want to assign a license.
4. From the Bulk Actions button, click on Assign License to User
5. You will receive an alert that the Licenses have been assigned.
6. The User will be marked as being assigned a license
Un-assign Coronet user licenses:
1. Check the users you wish to un-assign licenses.
2. From the Bulk Actions button, click on Remove user’s license
3. You will receive an alert that the licenses have been removed
4. The license will no longer be assigned
Coronet’s Endpoint Access:
If your organization requires tracking and mitigating user device vulnerabilities (i.e., vulnerable devices with old operating systems, compromised/jailbroken devices, OS vulnerabilities, or WIFI network threats), you can send users a link to download and install the Coronet Client. After installation, the user must enroll the device to the company’s Coronet account.
1. Send the user the link to download and install the Coronet Client: https://www.coro.net/download
2. After installation, the user will be prompted to enter their corporate email account and click on the Activate button
3. An email will be sent to the user with the Coronet verification code
4. The user enters the code and clicks on the Verify button
5. The Coronet Client will be associated with the company’s Coronet account
Coronet Protection Modes and Rules:
Coronet can identify and can automatically mitigate cybersecurity risks. There are three types of threat mitigations:
- Silent mode (creates only Console events).
- Alert the user
- Alert the user and take specific mitigation actions
By default, Coronet is initially set to Discovery mode, where all the security policy rules are set to Silent mode.
Coronet is pre-configured with a set of default Rules (CONFIGURE > Rules):
In general, Coronet rules are made of several different types of rules that are divided into four categories:
1. User Behavior: “User Access” Rule (before login) and “Service Activity” Rule (after login).
2. Service Threats: “Service Threats” Rule (Malware and Ransomware).
3. Data Leakage Protection: “DLP – File Type,” “DLP – Content,” “DLP – Email” Rules
4. Endpoint Security: “Network access by threat,” “Network access by list” Rules
Each rule is made of the following attributes:
- Rule type
- Rule name
- Rule scopes
- Rule threat triggers
- Rule threat mitigation actions
- Rule notification action
Rules can be Enabled or Disabled, edited, and deleted.
The user can also create additional custom rules (based on the above types of rules).
After letting the system run in Discovery mode for 1-2 weeks, customers should switch to Protection mode to better protect their organization.
When a rule is triggered, an event is created. You can view the list of events under INVESTIGATE > Events
Click on an event row to display additional information
We created a Best Practices guide that can accompany such events. Its purpose is to assist the SMB to reduce events
The events table can be filtered by clicking on the funnel button