Layer 1


PRODUCT BRIEF

Detection & Response Service



SERVICE DETAILS

Quickly detect, respond, and harden your security posture against modern cyberattacks. Our Detection & Response service, powered by Alert Logic, leverages a cloud-first security platform backed by 24/7 expertise to hunt down advanced cyberthreats, perform forensics and mitigate impact.


Detection & Response, powered by Alert Logic provides comprehensive visibility into your entire security posture through its cloud-based, purpose-built, fully monitored platform.


BENEFITS

  • Protect critical resources, both on-premises and in the cloud
  • 24/7 ‘eyes on glass’ monitoring by Security Operations (SOC) team
  • Identified threats are evaluated and include remediation recommendations
  • Robust Client Portal with detailed reporting and log search capabilities


PROTECTION BUNDLES

We offer two security bundles to maximize the protection of your environment, both on-premises and in the Cloud:

  • ESSENTIALS – Vulnerability Scanning (Internal & External)
  • PROFESSIONAL – Vulnerability Scanning + 24×7 monitoring & alerting by the Security Operations Center (SOC)
  • No client provided hardware is required to implement Detection & Response. Xamin provides options for a fully managed Physical or Virtual appliance.
  • All bundles offer predicable monthly pricing based on users, servers and devices.
  • An Onboarding project is required.
  • Xamin will provide firewall configuration information, including IP addresses, port rules and DNS configuration information needed to facilitate communication.

ESSENTIALS BUNDLE

Vulnerability Scanning of both internal and external resources enables you to discover, benchmark and harden your environment against cyberthreats with regularly scheduled internal and external scans of critical infrastructure.  Scheduled quarterly business review (QBR) meetings with the Client Experience Team help to analyze and reinforce your security posture.

PROTECT

RISK MONITORING:  Scan for vulnerabilities, misconfigurations and exposure across critical endpoints, networks, and cloud environments.

RISK PRIORITIZATION:  Recommendations are enriched with digital risk information to add greater context, quantify your exposure, and to prioritize actions.

ASSET DISCOVERY:  Map, profile, and classify assets on your network to help you understand and protect your attack surface.

BENCHMARK

HARDENING:  Reveal configuration errors and hardening drift against known benchmarks.

RISK SCORING:  Prioritized view of digital risks that exist in your environment, weighted based on severity and benchmarked against industry peers.

ANALYSIS:  Automated and exportable risk score trends, action lists, executive summary and risk assessment reports.

HARDEN

REMEDIATE:  Resolve identified critical and high vulnerabilities, validate and verify that the vulnerabilities have been successfully addressed.

REPORTING:  Create automated and ad-hoc reports with rich charts and dashboards for compliance and executive reporting to elevate visibility and close gaps.

PROFESSIONAL BUNDLE

Professional combines all the features of Detection & Response Essentials, adding Event Log Monitoring, Log Retention and Search.  Professional provides 24×7 ‘eyes on glass’ monitoring of perimeter devices, networks and endpoints to detect, respond and harden your environment against modern cyberattacks.

PROTECT

VISIBILITY:  Discover and collect security events across your existing technology stack to profile assets and monitor security logs from multiple sources.

24x7 MONITORING:  Monitor both internal and IaaS environments around the clock for threats and risks, allowing you to focus on other important areas of your business.

THREAT HUNTING:  Analyze and catch threats across all diverse security logs.

RESPOND

INVESTIGATION:  Analysis of detected threat activity, minimizing time wasted on false positives.

RETAIN & SEARCH:  Encrypted security logs are archived for 12 months by default with robust search capabilities for routine review and security event forensics.

INCIDENT RESPONSE:  Detect and respond to critical security incidents to prevent and contain the spread of advanced cyberthreats.

RECOVER

REMEDIATION:  We work directly with your team for remediation tasks and strategy recommendations.

ROOT CAUSE:  Investigation into the root cause of incidents to harden your posture.

INTELLIGENCE:  Security event observations and recommendations are enriched with threat feed data, global threat research and threat hunting to provide granularity and context.

SCOPE OF SERVICES:
Essentials Bundle

VULNERABILITY SCANNING:

  1. 1.The Essentials Bundle includes the following features:
      • Product Licensing
      • Automated Reporting
      • Self-service Client Portal access
  2. 2.Xamin will conduct an onboarding project with the assistance of Alert Logic security experts to install the service and conduct discovery scans to identify devices and endpoints on the selected networks to be protected.
    1. a.Xamin will work with the Client to identify discovered devices and determine if any device exclusions are necessary based on the Client environment. Devices can be excluded based on IP Address, IP Address range(s) or exclusions of devices on separate vLAN's.
  3. 3.Once the onboarding is complete, automated vulnerability scanning of the environment will commence and the Client will be provided with reporting and detailed information in the Client Portal.

CLIENT PORTAL:

  1. 1.The Detection & Response service provides a Client Portal that is available 24/7 (excluding planned Maintenance windows). The portal provides self-service features and information to enhance the Detection & Response service experience.

ROBUST REPORTING:

  1. 1.Automated delivery of detailed reports that outline, rank and classify identified vulnerabilities. Detailed threat information is provided in the reports and via the Client Portal

BUSINESS HOURS SUPPORT:

  1. 1.Xamin will provide live Technical Support during Business Hours for service requests related to the Detection & Response platform. Technical support is provided for troubleshooting of the service features only.
    1. a.Client Submitted Requests:
        1. 1.Support requests can be submitted during posted Business Hours via:
          • Desk Director
          • E-mail
          • Phone
        2. 2.An Xamin support technician will triage the Support Ticket and will provide a response based on the agreement SLA.
        3. 3.The support technician will troubleshoot and resolve the issue directly with the end user that requested the service.
  2. 1.If remediation of vulnerabilities or security events is desired:
      1. i.OPTION 1 - Add additional support services to your support Agreement.
        1. 1.Firewall Management
        2. 2.Infrastructure Protection + Support
        3. 3.Workstation Protection + Support
        4. 4.Remediation of Critical and High findings are included as part of the Agreement fees for the above services.
        5. 5.Remediation of Medium & Low findings are charged on an hourly basis.
      2. ii.OPTION 2 - Remediation services can be provided upon request on an hourly basis if no Support Agreement is in place.
      3. iii.Both options above require Xamin to have remote access to the affected system(s) for remediation.

AFTER HOURS SUPPORT:

  1. 1.Xamin will provide Emergency support for events related to Detection & Response platform availability only.
    1. a.Requests can be submitted via Phone only to our Emergency support line.
  2. 2.All other requests will be addressed at the beginning of the next business day.

SCOPE OF SERVICES:
Professional Bundle

VULNERABILITY SCANNING + EVENT LOG MONITORING:

  1. 1.The Professional Bundle includes the following features:
      • All features of the Essentials Bundle
      • 24/7 'eyes on glass' Security Operations Center (SOC)
      • 24/7 critical event monitoring, response, triage and client contact
      • Product Licensing
      • Automated Reporting
      • Self-service Client Portal access
  2. 2.Xamin will conduct an onboarding project with the assistance of Alert Logic security experts to install the service and conduct discovery scans to identify devices and endpoints on the selected networks to be protected.
  3. 3.Xamin will work with the Client to identify discovered devices and determine if any device exclusions are necessary based on the Client environment. Devices can be excluded based on IP Address, IP Address range(s) or exclusions of devices on separate vLAN's.
  4. 4.Xamin will configure devices selected for Event Log Monitoring to ensure logs are securely transferred to Alert Logic for continuous monitoring and analysis.
    1. a.NOTE: additional charges may be required if log storage exceeds the limits included in the Professional package.
  5. 5.Once the onboarding is complete:
    1. a.Automated vulnerability scanning of the environment will commence and the Client will be provided with reporting and detailed information in the Client Portal.
    2. b.Event Logs will be monitored 24/7 by the Alert Logic SOC team. Identified threats will be triaged by the SOC team and the Client will be notified of any threats deemed Critical. Events will be ranked on severity with detailed threat information and remediation recommendations.
    3. c.Event logs will be securely retained and logs are fully searchable via the Client portal.
      1. i.Default retention is 1 year, with longer terms available (up to 7 years).

CLIENT PORTAL:

  1. 1.The Detection & Response service provides a Client Portal that is available 24/7. The portal provides self-service features and information to enhance the the Detection & Response service experience.


ROBUST REPORTING:

  1. 1.Automated delivery of detailed reports that outline, rank and classify identified vulnerabilities. Detailed information is provided in the reports and via the Client Portal


BUSINESS HOURS SUPPORT:

  1. 1.Xamin will provide live Technical Support during Business Hours for service requests related to the Detection & Response platform. Technical support is provided for troubleshooting of the service features only.
    1. a.Client Submitted Requests:
        1. 1.Support requests can be submitted during posted Business Hours via:
          • Desk Director
          • E-mail
          • Phone
        2. 1.An Xamin support technician will triage the Support Ticket and will provide a response based on the agreement SLA.
        3. 2.The support technician will troubleshoot and resolve the issue directly with the end user that requested the service.
  2. 1.If remediation of vulnerabilities or security events is desired:
      1. i.OPTION 1 - Add additional support services to your support Agreement.
        1. 1.Firewall Management
        2. 2.Infrastructure Protection + Support
        3. 3.Workstation Protection + Support
        4. 4.Remediation of Critical and High findings are included as part of the Agreement fees for the above services.
        5. 5.Remediation of Medium & Low findings are charged on an hourly basis.
      2. ii.OPTION 2 - Remediation services can be provided upon request on an hourly basis if no Support Agreement is in place.
      3. iii.Both options above require Xamin to have remote access to the affected system(s) for remediation.

AFTER HOURS SUPPORT:

  1. 1.Critical security event(s) - for Clients under a support agreement:
    1. a.Xamin will be notified by the SOC team of Critical events needing attention.
    2. b.Xamin will communicate with the Client via the Emergency Call Tree.
    3. c.Xamin will work to troubleshoot and resolve the issue(s).
  2. 2.Xamin will provide Emergency support for Client submitted requests related to platform availability only.
    1. a.Requests can be submitted via Phone only to our Emergency support line.
  3. 3.All other requests will be addressed at the beginning of the next business day.

OUT OF SCOPE OF SERVICES:

HOURLY SUPPORT:

  1. 1.Support for the following items will be charged on an hourly basis. Xamin will seek approval prior to commencing work.
  2. 2.Hourly support items include, but are not limited to:
      • Requested troubleshooting of security observations ranked as Informative, Low or Medium.
      • Requested remediation of security threats ranked as Informative, Low or Medium.
      • Requests for emergency or non-emergency work to be completed after posted Business Hours.
      • Customized event correlation.
      • Onsite Support.
      • Hourly fees are billed in 1 minute increments.
  3. 1.If the Client has contracted the following services in addition to Detection & Response and hardware/software is included in the Support Catalog, hourly charges may be considered in scope, covered by the Agreement and not subject to hourly charges:
      • Firewall Management
      • Infrastructure Protection + Support
      • Workstation Protection + Support

EXCLUSIONS:

  1. 1.Xamin does not provide support for the items listed below. Exclusions items include, but are not limited to:
      • Security Event Forensics beyond the initial event discovery, triage and remediation recommendations.
      • Line-of-Business Application Support (i.e. usability)
      • Customized Application Support
      • VOIP / Telecommunications
      • Physical Cabling
      • End of Life Hardware & Software
      • End of Life Operating Systems
      • Application Development
      • Web Development
      • End User Training

SERVICE LEVEL AGREEMENT

TECHNICAL SUPPORT HOURS:

  1. 1.Xamin Technical Support Hours:
    1. a.Business Hours: 8:00 AM – 5:00 PM CST Monday – Friday.
    2. b.Emergency support is provided outside of normal business hours.
    3. c.Holidays and office closures are determined on an annual basis and are available at: https://www.xamin.com

SERVICE LEVEL AGREEMENT (SLA) METRICS:

SLA measurement metrics are defined by the categories below:

  1. 1.RESPONSE TIME:
    1. a.SLA falls outside the acceptable range when any of the below are met:
      1. i.Response times fall below 95% for Emergency and High level tickets.
      2. ii.Response times fall below 90% for Medium to Low level tickets.
    2. b.Support Requests - Business Hours, Client Submitted:
      1. i.Sev 1 | Emergency:
        1. 1.Major productivity impact.
        2. 2.Network wide outage or emergencies affecting multiple users.
        3. 3.Response - 15 minutes or less.
      2. ii.Sev 3 | High:
        1. 1.Issues that impact productivity of a small group of users.
        2. 2.Response – 90 minutes or less.
      3. iii.Sev 4 | Medium:
        1. 1.Issues that impact productivity of individual users.
        2. 2.Response – 4 hours or less.
      4. iv.Sev 5 | Low:
        1. 1.Issues that need attention but are not adversely affecting productivity.
        2. 2.Response – 24 hours or less.
    3. c.Support Requests - Emergency, Client Submitted:
      1. i.24/7 support is provided after business hours, requests are submitted via phone only.
      2. ii.Sev 1 | Emergency:
        1. 1.Major productivity impact.
        2. 2.Network wide outage or emergencies affecting multiple users.
        3. 3.Response - 30 minutes or less.
  2. 2.CUSTOMER SATISFACTION (CSAT):
    1. a.SLA falls outside the acceptable range when any of the below are met:
      1. i.Failure to provide a survey option to the end user.
      2. ii.Failure to provide a satisfying support experience for end users:
      3. iii.Xamin must maintain an average of 90% positive surveys measured over an 8-week rolling period with a minimum survey count of 10.
    2. b.Upon closure of completed tickets, the individual who opened the ticket will be sent a survey request.  Should the user submit a survey response, it will be recorded in our system for CSAT tracking.
      1. i.Survey responses:
        1. 1.Positive
        2. 2.Neutral
        3. 3.Negative
        4. 4.Comment boxes are available for adding details.
    3. c.Should the client feel that their CSAT is falling, they should immediately contact their Relationship Manager.  The Relationship Manager will review submitted Survey Scores, Ticket data and System Health reports to determine any trends or changes in CSAT.
  3. 3.HEALING PERIOD:
    1. a.CLIENT has 120 days to correct any deficiencies in non-supported hardware and/or software.  Xamin reserves the right to enforce SLA's from that point forward.  Support will be ‘best effort' until a best practice computing environment can be mutually agreed upon.
    2. b.XAMIN has 45 days to remedy any SLA deficiencies.  Failure to remedy within this timeframe constitutes a state of non-delivery.
  4. 4.MONETARY CONSIDERATION:
    1. a.Monetary consideration is triggered when one or more of the SLA metrics fall into a state of non-delivery. In this scenario the next monthly invoice will be reduced by 10% of invoice total. This reduction will remain in place until service levels are restored.  If SLA's are not restored after the 3rd consecutive month, CLIENT will have the right to renegotiate or terminate the current contract.

Technical Overview

CLOUD-FIRST SECURITY

Detection & Response, powered by Alert Logic is a purpose-built Cloud security platform technology.  Our team of security experts work closely with you to understand your unique needs and business context, empowering you to resolve whatever threats may come.

Knowledge of your risk provides vital context to enable the most appropriate response.  Industry data, continuous research and machine-learning from aggregated data of thousands of customers are all leveraged to provide actionable solutions to harden your internal and external security posture. The Detection & Response platform delivers real-time reporting and provides access to information on risk, vulnerabilities, remediation activities, configuration exposures, and compliance status. We enable you to focus on a prioritized order of threats that need further triage, drill down into threats to act on or mitigate exposure and provide intuitive visualization of risk.

Detection & Response, powered by the Alert Logic monitoring platform, analyzes network traffic and more than 60 billion log messages each day, providing coverage across your entire attack surface and bringing together asset visibility and security analytics for cloud, networks, applications, and endpoints in on-premises, hybrid, and cloud environments.


SERVICE REQUIREMENTS:

Xamin has partnered with Alert Logic to power all Detection & Response services.  Alert Logic is an industry leader in Managed Detection & Response services, recognized as a Visionary on the Gartner Magic Quadrant. SECURITY APPLIANCE:

  1. 1.Detection & Response requires a minimum of one Security Appliance to be deployed in the primary client site.
  2. 2.Detection & Response offers two flexible deployment options to choose from:
    1. a.OPTION 1:  Virtual Appliance:
      1. i.Fully managed, virtual appliance installed on existing client virtual infrastructure.
      2. ii.Virtual Appliance requirements will vary based on deployment sizing:
        1. 1.https://docs.alertlogic.com/requirements/appliance-requirements.htm
    2. b.OPTION 2:  Physical Appliance:
      1. i.Fully managed, physical hardware appliance.
      2. ii.Physical Appliance requirements will vary based on deployment sizing:
        1. 1.https://docs.alertlogic.com/requirements/appliance-requirements.htm
    3. c.The Security Appliance must be connected to the primary Core switching network such that it can see all network devices that are to be monitored.

FIREWALL RULES:

  1. 1.Detection & Response services require firewall rules for secure communications to and from the Alert Logic SOC datacenter.
  2. 2.Current firewall requirements for United States deployments:
    1. a.https://docs.alertlogic.com/requirements/us-firewall-rules.htm

OPERATING SYSTEM AND BROWSER REQUIREMENTS:

  1. 1.The Detection & Response client portal supports the current version and the previous major version of the following Operating Systems and Internet browsers:
    1. a.https://docs.alertlogic.com/requirements/operating-system-browsers.htm

SECURITY AGENT REQUIREMENTS:

  1. 1.The Security Agent requires the following pre-requisites for installation on all Operating Systems to be monitored:
    1. a.https://docs.alertlogic.com/requirements/agent.htm

Contact us

Have any questions?

bizdev@xamin.com