Understanding Product Usage

Updated 2 years ago by admin

Use of each product in the Censornet platform is limited by the number of licenses that have been purchased.

Additionally – for Web Security and CASB (Inline Mode) - a Fair Usage Policy applies to personal device and guest device use.

This article describes how Product Usage is calculated and provides practical advice on how to analyse usage to ensure the number of licenses purchased is not exceeded.

Censornet internal monthly reporting identifies over usage and occasionally instances of consistent or repeated over usage are passed to the sales team for commercial consideration and resolution.

How is Product Usage calculated

The following table describes the metrics used to calculate Product Usage during a calendar month. For the avoidance of doubt, a calendar month is calculated from the first to the last day of the month, e.g. January 1st to 31st, April 1st to 30th, etc.

Product

Usage Calculation

Web Security / CASB Inline Mode (including Gateway AV & Image Content Analysis)

a) The number of unique usernames - excluding Active Directory domain name (e.g. domain.local) and machine accounts (e.g. server01$) that have made at least one HTTP request in the period. For the avoidance of doubt, a block page constitutes an HTTP request.

b) The number of unique device MAC addresses that are not associated with a username and have made at least one HTTP request in the period.

Usage is the sum of (a)

The Fair Usage Policy covers (b)

Note: undeclared shared usernames or disabled authentication may require a statement of declared usage to be agreed with your account manager

CASB (API Mode)

a) The number of unique usernames detected across all connected Cloud Applications. For the avoidance of doubt, it is not possible to determine if john@domain.com using Box.com is the same user as john.doe@domain.com using Dropbox.com - this will class as two unique usernames.

Usage is the sum of (a)

Email Security

a) The number of active primary mailboxes (excluding aliases and distribution lists) that have sent or received at least one email in the period

For a mailbox to be chargeable the primary flag must be set to true and the objectClass in Active Directory must be user or NULL ("NULL" is included for environments where Active Directory is not used).

Shared mailboxes, Distribution Lists (DLs), resources etc will have an objectClass most commonly of group or msExchDynamicDistributionList for on-premise or sharedMailbox for Office 365 / Exchange Online. These are not counted towards product usage.

If you are using Azure Active Directory you must grant the correct permissions to allow synchronisation of shared mailboxes, otherwise they will be indistinguishable from standard users and subject to billing.

Mailboxes that match the criteria above also need to be Active Mailboxes in order to be chargeable. An Active Mailbox is a mailbox that has received or sent at least one email message in the period (month). A received email is classed as an email received by the service that has been quarantined, delivered or an attempted delivery.

Usage is the sum of (a)

Please also be aware of Bulk Email and Fair Usage terms.

Compliant Email Archive

a) The number of mailboxes configured to journal or redirect emails to the Compliant Email Archive product

Usage is the sum of (a)

Multi-Factor Authentication (MFA)

a) The number of user objects that are synced from Active Directory to the Censornet platform.

Usage is the sum of (a)

Verifying Product Usage

The Activity Reports provided as part of the Analytics section can be used to verify Product Usage quickly and easily.

The examples below assume you are analysing a report that was generated for the previous month. If additional time has passed, the Timespan option should be changed to "Specific" and the desired date range should be entered. Please note that the specific date range is subject to Data Retention periods.

Web Security / CASB Inline Mode

Navigate to the Analytics section of the USS Dashboard and select the Web Activity by Hits report.

Set the Timespan to "Last Month" and copy and paste the username or device MAC address into one of the filter fields below, then Run Report to generate results.

The results will provide details of each HTTP request the username or device has made during the period.

Email Security

The Product Usage report provides a list of primary mailboxes that have sent or received at least one email during the period. Navigate to the Analytics section of the USS Dashboard and select the Email Activity report.

Set the Timespan to "Last Month" and copy and paste the email address into either the recipient or the sender filter field.

Do not fill in both recipient and sender fields at the same time - run one filter at a time to determine if the mailbox was the recipient or the sender during the period.

The results will provide details of each email the mailbox received / sent during the period.

CASB - API mode

The Product Usage report provides a list of unique usernames across all connected Cloud Applications. Navigate to the Analytics section of the USS Dashboard and select the Cloud Activity (API) report.

Set the Timespan to "Last Month" and copy and paste the username into the User (E-mail) field.

The results will provide details of each event the username has made during the period.

Multi-Factor Authentication (MFA)

Navigate to the Products sections of the USS Dashboard and select the Active Directory option from the Settings menu on the left.

The number of synchronised Active Directory objects will be shown in the Count column. If you have multiple domain connections, the counts should be added together.

It is possible that some user objects may not have synchronised with the MFA platform. These will be identified with a yellow triangle icon within the User objects list. These users do not count towards MFA usage.


How did we do?