Sensei's security features and web categorization capabilities are delivered through Sunny Valley Network's Cloud Threat Intelligence System, also known as SVN Cloud.
Serving millions of queries every day, SVN Cloud is a large database consisting of reputation and security information for over 150 million web sites with new ones continuously added. SVN Cloud enables Sensei to quickly respond to malware threats and virus outbreaks in real time.
SVN Cloud provides Sensei users with the following features:
- Real-time security threat intelligence
- Web site categorization
- Site reputation and ranking (for use with TLS Inspection Whitelisting/Blacklisting)
How SVN Cloud Works
SVN Cloud data is queried in real time whenever Sensei detects a device in an organization's protected network that is trying to initiate a connection. The Sensei packet engine then processes the flows, queries them from the nearest cloud servers and decides on the faith of the flows based on the cloud-delivered information and the system policy configurations.
Communication between Sensei and SVN Cloud servers use an encrypted proprietary protocol  flowing on UDP ports 5355 and 5356. For strictly filtering outbound connections, Sensei users will need to allow communication to the SVN Cloud servers via these UDP ports.
 To be migrated to Google's QUIC in Q3 2020.
Sourcing SVN Cloud Data
The information and threat intelligence data provided via SVN Cloud is the result of an information fusion using the following information sources:
- Commercial threat intelligence feed
- Sunny Valley Networks' threat intelligence tools
- Sunny Valley Networks' SOC
- Partner feedback
- User feedback
Managing Cloud Reputation and TI Settings
The SVN Cloud threat intelligence settings let users:
- Enable/Disable the cloud reputation and web categorization engine
- Manually clear the cloud cache, a fast in-memory local cache of Sensei cloud queries and responses
- Set local domain settings to be excluded from cloud queries
- Select the optimum cloud servers for fast cloud queries
In order to configure SVN Cloud for Sensei, go to Sensei -> Configuration -> Cloud Threat Intel in the Sense Configuration tab (Figure 1).
Security and Privacy
SVN makes the privacy and security of all cloud queries a top priority. To that end, sessions between Sensei deployments and the Cloud system are encrypted with industry standard AES-256 encryption.
Incoming query data is held anonymously and not tied to any personally identifiable information (PII) such as IP addresees. Upon processing, the query data is immediately deleted and purged. Additionaly, per the SVN data processing policy, we do not store incoming data older than 7 days (maximum).
SVN Cloud Hosted on Google Cloud
SVN has partnered with Google Cloud to establish a robust, secure-by-default, reliable and scale-able infrastructure, details below.
The SVN Cloud database and SVN back-end systems are built and hosted using the Google Cloud infrastructure.
| SVN Cloud serves from the following locations: