Layer 1


PRODUCT BRIEF

Managed Detection & Response


Download PDF


SERVICE DETAILS

Quickly detect, respond, and harden your security posture against modern cyberattacks. Our Detection & Response service, powered by Alert Logic, leverages a cloud-first security platform backed by 24/7 expertise to hunt down advanced cyberthreats, perform forensics and mitigate impact.


Detection & Response, powered by Alert Logic provides comprehensive visibility into your entire security posture through its cloud-based, purpose-built, fully monitored platform.

BENEFITS

  • Protect critical resources, both on-premises and in the cloud
  • 24/7 ‘eyes on glass’ monitoring by Security Operations (SOC) team
  • Identified threats are evaluated and include remediation recommendations
  • Robust Client Portal with detailed reporting and log search capabilities

PROTECTION BUNDLES

We offer two security bundles to maximize the protection of your environment, both on-premises and in the Cloud:

  • ESSENTIALS – Vulnerability Scanning (Internal & External)
  • PROFESSIONAL – Vulnerability Scanning + 24×7 monitoring & alerting by the Security Operations Center (SOC)
  • No client provided hardware required, Xamin provides options for a fully managed Physical or Virtual appliance.
  • All bundles offer predicable monthly pricing based on users, servers and devices.
  • An Onboarding project is required.
  • Xamin will provide firewall configuration information, including IP addresses, port rules and DNS configuration information needed to facilitate communication.

CLOUD-FIRST SECURITY

Detection & Response, powered by Alert Logic is a purpose-built Cloud security platform technology.  Our team of security experts work closely with you to understand your unique needs and business context, empowering you to resolve whatever threats may come.

Knowledge of your risk provides vital context to enable the most appropriate response.  Industry data, continuous research and machine-learning from aggregated data of thousands of customers are all leveraged to provide actionable solutions to harden your internal and external security posture. The Detection & Response platform delivers real-time reporting and provides access to information on risk, vulnerabilities, remediation activities, configuration exposures, and compliance status. We enable you to focus on a prioritized order of threats that need further triage, drill down into threats to act on or mitigate exposure and provide intuitive visualization of risk.

Detection & Response, powered by the Alert Logic monitoring platform, analyzes network traffic and more than 60 billion log messages each day, providing coverage across your entire attack surface and bringing together asset visibility and security analytics for cloud, networks, applications, and endpoints in on-premises, hybrid, and cloud environments.


ESSENTIALS BUNDLE

Vulnerability Scanning of both internal and external resources enables you to discover, benchmark and harden your environment against cyberthreats with regularly scheduled internal and external scans of critical infrastructure.  Scheduled quarterly business review (QBR) meetings with the Client Experience Team help to analyze and reinforce your security posture.

PROTECT

RISK MONITORING:  Scan for vulnerabilities, misconfigurations and exposure across critical endpoints, networks, and cloud environments.

RISK PRIORITIZATION:  Recommendations are enriched with digital risk information to add greater context, quantify your exposure, and to prioritize actions.

ASSET DISCOVERY:  Map, profile, and classify assets on your network to help you understand and protect your attack surface.

BENCHMARK

HARDENING:  Reveal configuration errors and hardening drift against known benchmarks.

RISK SCORING:  Prioritized view of digital risks that exist in your environment, weighted based on severity and benchmarked against industry peers.

ANALYSIS:  Automated and exportable risk score trends, action lists, executive summary and risk assessment reports.

HARDEN

REMEDIATE:  Resolve identified critical and high vulnerabilities, validate and verify that the vulnerabilities have been successfully addressed.

REPORTING:  Create automated and ad-hoc reports with rich charts and dashboards for compliance and executive reporting to elevate visibility and close gaps.

PROFESSIONAL BUNDLE

Professional combines all the features of Detection & Response Essentials, adding Event Log Monitoring, Log Retention and Search.  Professional provides 24×7 ‘eyes on glass’ monitoring of perimeter devices, networks and endpoints to detect, respond and harden your environment against modern cyberattacks.

PROTECT

VISIBILITY:  Discover and collect security events across your existing technology stack to profile assets and monitor security logs from multiple sources.

24x7 MONITORING:  Monitor both internal and IaaS environments around the clock for threats and risks, allowing you to focus on other important areas of your business.

THREAT HUNTING:  Analyze and catch threats across all diverse security logs.

RESPOND

INVESTIGATION:  Analysis of detected threat activity, minimizing time wasted on false positives.

RETAIN & SEARCH:  Encrypted security logs are archived for 12 months by default with robust search capabilities for routine review and security event forensics.

INCIDENT RESPONSE:  Detect and respond to critical security incidents to prevent and contain the spread of advanced cyberthreats.

RECOVER

REMEDIATION:  We work directly with your team for remediation tasks and strategy recommendations.

ROOT CAUSE:  Investigation into the root cause of incidents to harden your posture.

INTELLIGENCE:  Security event observations and recommendations are enriched with threat feed data, global threat research and threat hunting to provide granularity and context.

Service Overview

SERVICE REQUIREMENTS:

Xamin has partnered with Alert Logic to power all Detection & Response services.  Alert Logic is an industry leader in Managed Detection & Response services, recognized as a Visionary on the Gartner Magic Quadrant. SECURITY APPLIANCE:

  1. 1.Detection & Response requires a minimum of one Security Appliance to be deployed in the primary client site, with two flexible deployment options to choose from:
    1. a.OPTION 1:
      1. i.Virtual Appliance
        1. 1.Fully managed, VMware or Hyper-V virtual appliance installed on existing client virtual infrastructure.
          1. a.Virtual Appliance resource requirements (i.e CPU, Memory, Storage) will vary based on deployment sizing.
          2. b.https://docs.alertlogic.com/requirements/appliance-requirements.htm
        2. 2.The Security Appliance must be connected to the primary Core switching network such that it can see all network devices that are to be monitored.
    2. b.OPTION 2:
      1. i.Physical Appliance:
        1. 1.Fully managed, physical hardware appliance.
          1. a.Client to provide rack or shelving space for the physical hardware.
          2. b.Physical Appliance requirements will vary based on deployment sizing:
          3. c.https://docs.alertlogic.com/requirements/appliance-requirements.htm
        2. 2.The Security Appliance must be connected to the primary Core switching network such that it can see all network devices that are to be monitored.

FIREWALL RULES:

  1. 1.Detection & Response services require firewall rules for secure communications to and from the Alert Logic SOC datacenter.
  2. 2.Current firewall requirements for United States deployments:
    1. a.https://docs.alertlogic.com/requirements/us-firewall-rules.htm

OPERATING SYSTEM AND BROWSER REQUIREMENTS:

  1. 1.The Detection & Response client portal supports the current version and the previous major version of the following Operating Systems and Internet browsers:
    1. a.https://docs.alertlogic.com/requirements/operating-system-browsers.htm

SECURITY AGENT REQUIREMENTS:

  1. 1.The Security Agent requires the following pre-requisites for installation on all Operating Systems to be monitored:
    1. a.https://docs.alertlogic.com/requirements/agent.htm

SCOPE OF SERVICES:
Essentials Bundle

SERVICE FEATURES

The Essentials Bundle includes the following features:

  • Automated Vulnerability Scanning
  • Automated Reporting
  • Product Licensing
  • Self-service Client Portal access

SERVICE ONBOARDING

  1. 1.Xamin will conduct an onboarding project with the assistance of Alert Logic security experts to install the service and conduct discovery scans to identify devices and endpoints on the selected networks to be scanned.
  2. 2.Xamin will work with the Client to identify discovered devices and determine if any device exclusions are necessary based on the Client environment. Devices can be excluded based on IP Address, IP Address range(s) or exclusions of devices on separate vLAN's.
  3. 3.Once the onboarding is complete:
    1. a.Automated vulnerability scanning of the environment will commence.
    2. b.Client will be provided with automated reporting and access to the self-service client portal.

CLIENT PORTAL:

  1. 1.The Detection & Response Essentials service provides a Client Portal that is available 24/7/365 (excluding planned Maintenance windows).
  2. 2.The portal provides self-service features and information to enhance the Detection & Response Essentials service experience.

ROBUST REPORTING:

  1. 1.Automated delivery of detailed reports that outline, rank and classify identified vulnerabilities.
  2. 2.Detailed threat information is provided in the reports and via the Client Portal

BUSINESS HOURS SUPPORT:

  1. 1.Xamin will provide live Technical Support during Business Hours for service requests related to the Detection & Response platform. Technical support is provided for troubleshooting of the service features only.
    1. a.Client Submitted Requests:
        1. 1.Support requests can be submitted during posted Business Hours via:
          • Desk Director
          • E-mail
          • Phone
        2. 2.An Xamin support technician will triage the Support Ticket and will provide a response based on the agreement SLA.
        3. 3.The support technician will troubleshoot and resolve the issue directly with the end user that requested the service.
  2. 1.If remediation of vulnerabilities is desired:
    1. a.OPTION 1:
      1. i.Add additional support services to your support Agreement.
      2. ii.Firewall Management
        1. 1.Remediation of Critical and High findings related to the firewall infrastructure are included as part of the Agreement fees for Firewall Management.
      3. iii.Infrastructure Protection + Support
        1. 1.Remediation of Critical and High findings related to server, storage and network infrastructure are included as part of the Agreement fees for Infrastructure Protection + Support services.
      4. iv.Remediation of all Medium & Low findings are charged on an hourly basis.
      5. v.Remediation of all Workstation findings are charged on an hourly basis
    2. b.OPTION 2:
      1. i.Remediation services can be provided upon request on an hourly basis if no Support Agreement is in place.
      2. ii.Requires that Xamin is provided remote access to the affected system(s) for remediation.

AFTER HOURS SUPPORT:

  1. 1.For Clients under a Support Agreement:
      1. i.Client submitted requests:
        1. 1.Emergency support is only available for platform availability issues.
        2. 2.Requests can be submitted via Phone only to our Emergency support line.
        3. 3.All other requests will be addressed at the beginning of the next business day.
    2. a.For Clients not under a Support Agreement:
      1. i.Client submitted requests:
        1. 1.Xamin does not offer emergency support for clients not under a Support Agreement.
        2. 2.All requests will be addressed at the beginning of the next business day and billed on an hourly basis.

SCOPE OF SERVICES:
Professional Bundle

SERVICE FEATURES

The Professional Bundle includes the following features:

  • The Professional bundle includes all the features of the Essentials Bundle
  • 24/7 'eyes on glass' Security Operations Center (SOC)
  • 24/7 critical event monitoring, response, triage and client contact
  • Product Licensing
  • Automated Reporting
  • Self-service Client Portal access
  • 100MB/day/node storage allocation
  • 12 month rolling log retention

SERVICE ONBOARDING

  1. 1.Xamin will conduct an onboarding project with the assistance of Alert Logic security experts to install the service and conduct discovery scans to identify devices and endpoints on the selected networks to be protected.
  2. 2.Xamin will work with the Client to identify discovered devices and determine if any device exclusions are necessary based on the Client environment. Devices can be excluded based on IP Address, IP Address range(s) or exclusions of devices on separate vLAN's.
  3. 3.Xamin will configure devices selected for Event Log Monitoring to ensure logs are securely transferred to Alert Logic for continuous monitoring and analysis.
    1. a.The Professional bundle includes 100MB/day/node storage allocation.
    2. b.Log usage not to exceed an aggregated average of 100MB/day/node in any calendar quarter.
    3. c.Additional charges will be required if log storage exceeds the limits shown above.
  4. 4.Once the onboarding is complete:
    1. a.Automated vulnerability scanning of the environment will commence.
    2. b.Event Logs for onboarded devices will be ingested and monitored 24/7 by the Alert Logic SOC team.
    3. c.Security threats will be ranked on severity with detailed threat information and remediation recommendations.
    4. d.Critical threats will be escalated and triaged by the Alert Logic SOC team.
      1. i.Xamin will be notified 24/7/365 of any escalated threats that are deemed Critical.
    5. e.Client will be provided with automated reporting and access to the self-service client portal.
    6. f.Event logs will be securely stored and retained by Alert Logic
      1. i.All ingested event logs are fully searchable via the self-service client portal.
      2. ii.The Professional bundle includes an initial 12 months of rolling log retention.
      3. iii.Longer terms available (up to 7 years) to meet compliance and/or policy requirements.

CLIENT PORTAL

  1. 1.The Detection & Response Professional service provides a Client Portal that is available 24/7/365 (excluding planned Maintenance windows).
  2. 2.The portal provides self-service features including fully searchable logs, access to reporting, and information to enhance the the Detection & Response service experience.

ROBUST REPORTING:

  1. 1.Automated delivery of detailed reports that outline, rank and classify identified vulnerabilities. Detailed information is provided in the reports and via the Client Portal

BUSINESS HOURS SUPPORT:

  1. 1.Xamin will provide live Technical Support during Business Hours for service requests related to the Detection & Response platform. Technical support is provided for troubleshooting of the service features only.
    1. a.Client Submitted Requests:
        1. 1.Support requests can be submitted during posted Business Hours via:
          • Desk Director
          • E-mail
          • Phone
        2. 1.An Xamin support technician will triage the Support Ticket and will provide a response based on the agreement SLA.
        3. 2.The support technician will troubleshoot and resolve the issue directly with the end user that requested the service.
  2. 1.If remediation of vulnerabilities or security events is desired:
    1. a.OPTION 1:
      1. i.Add additional support services to your support Agreement.
      2. ii.Firewall Management
        1. 1.Remediation of Critical and High findings related to the firewall infrastructure are included as part of the Agreement fees for Firewall Management.
      3. iii.Infrastructure Protection + Support
        1. 1.Remediation of Critical and High findings related to server, storage and network infrastructure are included as part of the Agreement fees for Infrastructure Protection + Support services.
      4. iv.Remediation of all Medium & Low findings are charged on an hourly basis.
      5. v.Remediation of all Workstation findings are charged on an hourly basis
    2. b.OPTION 2:
      1. i.Remediation services can be provided upon request on an hourly basis if no Support Agreement is in place.
      2. ii.Requires that Xamin is provided remote access to the affected system(s) for remediation.

AFTER HOURS SUPPORT:

  1. 1.Critical Security Events:
    1. a.For Clients under a Support Agreement:
      1. i.Escalated Security Events:
        1. 1.Xamin will be notified by the SOC team for escalated Critical events.
        2. 2.Xamin will notify & the Client via the Emergency Call Tree.
        3. 3.Xamin will work to troubleshoot and resolve the issue(s).
      2. ii.Client submitted requests:
        1. 1.Emergency support is only available for platform availability issues.
        2. 2.Requests can be submitted via Phone only to our Emergency support line.
        3. 3.All other requests will be addressed at the beginning of the next business day.
    2. b.For Clients not under a Support Agreement:
      1. i.Escalated Security Events:
        1. 1.Client will be notified directly by the SOC team for escalated Critical events.
      2. ii.Client submitted requests:
        1. 1.Xamin does not offer emergency support for clients not under a Support Agreement.
        2. 2.All requests will be addressed at the beginning of the next business day and billed on an hourly basis.

OUT OF SCOPE OF SERVICES:

HOURLY SUPPORT:

  1. 1.Support for the following items will be charged on an hourly basis. Xamin will seek approval prior to commencing work.
    1. a.Hourly support items include, but are not limited to:
      1. i.Troubleshooting of security observations ranked as Informative, Low or Medium.
      2. ii.Requests for non-emergency work to be completed After Hours.
      3. iii.Customized event correlation.
      4. iv.Onsite Support.
      5. v.Hourly fees are billed in 1 minute increments.
  2. 2.If the Client has contracted the following services in addition to Detection & Response and hardware/software is included in the Support Catalog, hourly charges may be considered in scope, covered by the Agreement and not subject to hourly charges:
      • Firewall Management
      • Infrastructure Protection + Support

SERVICE LEVEL AGREEMENT

TECHNICAL SUPPORT HOURS:

Xamin Technical Support Hours:

    1. a.Business Hours: 8:00 AM – 5:00 PM CST Monday – Friday.
    2. b.Emergency support is provided outside of normal business hours.
    3. c.Holidays and office closures are determined on an annual basis and are available at: https://www.xamin.com

RESPONSE TIME


Contact us

Have any questions?

[email protected]