📄 FAQ

Frequently Asked Questions

Do I need to get rid of my MSP?

No. We work alongside your MSP. They manage your IT - email, helpdesk, network, backups. We manage your security - endpoint protection, vulnerability scanning, threat monitoring. Most MSPs are glad to have a dedicated security partner handling that piece. We coordinate with your MSP as needed during onboarding and if a security event requires IT follow-up.

Is this a 24/7 SOC?

No, and that's intentional. A 24/7 SOC costs $15,000-30,000 per month because you're paying for humans watching screens around the clock. We use SentinelOne, an AI-powered endpoint protection platform that detects and responds to threats automatically in milliseconds - whether it's 2 PM or 2 AM. We review all alerts, validate findings, and manage your security tools during business hours. For the vast majority of businesses, this provides the same level of protection at a fraction of the cost.

What happens when a threat is detected?

SentinelOne automatically kills the malicious process, quarantines the file, and can roll back affected files to their pre-attack state - all without waiting for a human. We review every detection during the next business day, validate whether it was a true threat or false positive, and notify you with a summary if any action is needed on your end.

What happens if there's a critical threat at 3 AM?

SentinelOne handles it automatically. That's the advantage of next-gen EDR over traditional antivirus. We review the incident the next business morning and send you a clear summary of what happened, what the platform did, and whether any follow-up action is needed.

What's the difference between Security Essentials and Security Professional?

Essentials gives you endpoint protection (EDR), vulnerability scanning, and network discovery — everything a business needs for strong baseline security. Professional adds Tenable-powered continuous vulnerability scanning, external attack surface monitoring, and compliance scanning with evidence documentation for frameworks like CMMC, HIPAA, PCI-DSS, and SOC 2. If you have compliance requirements or handle sensitive regulated data, Professional is the right fit.

How do I reach IonSpark for support?

Place a ticket at this link or email support@ionspark.io for any security questions, concerns, or requests. Support is available Monday–Friday, 8 AM–5 PM MT. Professional plan clients also have phone support. We respond to all inquiries within one business day.

When do I get my security report?

Reports are delivered by email within the first week of each month covering the previous month's activity. The report includes threat detections, endpoint health, vulnerability findings, and prioritized recommendations. Professional plan clients also receive compliance posture scoring, delta analysis, and external attack surface updates.

Can I access the security dashboard?

Yes. We can provision read-only access to your SentinelOne console so you can view your endpoints, threat detections, and vulnerability data anytime. Professional plan clients also have access to their dedicated Tenable tenant. Contact us to set up your login. Configuration changes and policy modifications are managed exclusively by IonSpark to ensure your protections remain consistent.

What should I do if I think we've been compromised?

Email us immediately with as much detail as possible - what you're seeing, which systems are affected, and when it started. If SentinelOne is installed on the affected endpoint, it has likely already contained the threat. Do not attempt to wipe or reimage affected systems before contacting us, as this can destroy forensic evidence.

What should I do if an employee clicks a phishing link?

Contact us and have the employee immediately change their password from a different device. Let us know which endpoint was involved and what link was clicked. We'll check SentinelOne for any resulting threat activity and advise whether additional steps are needed.

A software application is being blocked by SentinelOne. What do I do?

Contact us with the application name, the endpoint it's on, and a screenshot of the alert if possible. We'll review the detection and create an exclusion if appropriate. Do not attempt to disable SentinelOne or create exclusions yourself - all policy changes are managed by IonSpark to prevent gaps in your protection.

Who is responsible for patching?

We identify vulnerabilities and provide specific prioritized recommendations on what to patch and in what order. Your internal IT team or MSP is responsible for applying the actual patches. If you need help coordinating with your MSP on remediation, we're happy to assist.

What do the vulnerability severity levels mean?

Critical - actively exploited vulnerabilities that could allow full system compromise. Patch immediately. High - serious vulnerabilities with known exploits. Patch within 14 days. Medium - vulnerabilities that pose risk but aren't currently being actively exploited. Patch within 30 days. Low - minor issues with minimal risk. Monitor and patch during normal maintenance windows.

How do I add or remove endpoints?

Contact us with the number of new endpoints or devices being decommissioned. We'll provision or remove agent licenses and coordinate with your MSP if needed. New endpoints are typically covered within 24–48 hours. Your monthly invoice adjusts to reflect the updated count.

What if an employee leaves the company?

Follow your normal offboarding process. If their device is being reassigned, no action needed - the agent stays on the device. If the device is being decommissioned, let us know.

Can I request an on-demand scan?

Professional plan clients can request emergency zero-day and tactical scans anytime - they're included in your plan (limited). Essentials plan clients receive scans on the regular monthly schedule. If an urgent scan is needed outside normal cadence, contact us and we'll accommodate.

How is my data kept separate from other clients?

Each client has their own isolated environment. Your SentinelOne tenant is separate from all other clients. Professional plan clients have a dedicated Tenable cloud tenant with full data segregation. All access is controlled through role-based permissions with multi-factor authentication and audit logging.

Will this help with my cyber insurance?

Very likely. Many carriers now require or discount for managed EDR and vulnerability scanning. Having IonSpark managing your endpoint protection gives you concrete answers to insurance questionnaire questions about endpoint security, vulnerability management, and third-party monitoring.

What if I need evidence for an audit or insurance questionnaire?

Contact us and let us know what's being asked. For common requests like proof of EDR deployment, vulnerability scan results, or compliance documentation, we can typically provide what you need within 24–48 hours. We're happy to speak directly with your auditor or insurance carrier if helpful.

How do I upgrade from Essentials to Professional?

Contact us. We'll scope your environment for Tenable scanning, provision your dedicated tenant, and begin compliance scanning. The transition typically takes about a week with no disruption to your existing endpoint protection.

How long does onboarding take?

Most clients are fully deployed within two weeks. We provision your environment, deploy agents to your endpoints or coordinate with your MSP, run an initial baseline scan, and begin recurring monitoring. Onboarding is included at no additional charge.

Is there a long-term contract?

No. Month-to-month with no long-term commitment. Annual prepay is available — pay for 11 months, get 12. We keep clients by delivering value, not by locking them in.

How do I cancel?

Email us with 30 days notice. We'll uninstall agents, deprovision your environment, and provide a final security summary. No cancellation fees on month-to-month plans.