Managed Security Services - Endpoint Managed Security on Cloud

Similar documents
Managed Security Services - Automated Analysis, Threat Analyst Monitoring and Notification

Service Description: CNS Federal High Touch Technical Support

Service Description: Software Support

Managed Security Services - Event Collector Implementation, Configuration and Management

IBM Managed Security Services - Vulnerability Scanning

Service Description: Software Support

Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017)

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

IBM Hosted Application Security Services - Pre-Production Application Scanning

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

Version v November 2015

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Service Description: Cisco Technical Services Advantage (Releases 1.0 through 2.3)

Version v November 2015

SERVICE DESCRIPTION MANAGED BACKUP & RECOVERY

IBM Security Intelligence on Cloud

Security Architecture

v February 2016

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

IBM Managed Security Services for Security

Service Description: Advanced Services- Fixed Price: Cisco UCCE Branch Advise and Implement Services (ASF-CX-G-REBPB-CE)

A company built on security

Application Lifecycle Management on Softwareas-a-Service

XO SITE SECURITY SERVICES

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Service Description: Advanced Services Fixed Price Cisco WebEx Advise and Implement Service (0-5,000 Users) (ASF- WBXS-UC-PDIBSE)

WHITE PAPER- Managed Services Security Practices

IBM Vulnerability Management Service

Cisco QuickStart Implementation Service for Tetration Analytics Medium

ISO27001 Preparing your business with Snare

ConRes IaaS Management Services for Microsoft Azure

HPE DATA PRIVACY AND SECURITY

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

SECURITY & PRIVACY DOCUMENTATION

IBM Case Manager on Cloud

Magento Enterprise Edition Customer Support Guide

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

locuz.com SOC Services

SERVICE DESCRIPTION MANAGED FIREWALL/VPN

1 SAP HANA Remote Monitoring

HPE Proactive 24 Service

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

IBM Resilient Incident Response Platform On Cloud

ForeScout Extended Module for Carbon Black

Managed Protection Service for Desktop Firewalls Standard

Skybox Security Vulnerability Management Survey 2012

White Paper. How to Write an MSSP RFP

IBM Internet Security Systems Proventia Management SiteProtector

Information Technology Procedure IT 3.4 IT Configuration Management

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Carbon Black PCI Compliance Mapping Checklist

Service Description: Solution Support for Service Provider Software - Preferred This document

Ryan KS office thesee

Clearswift Managed Security Service for

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

IBM Proventia Management SiteProtector Sample Reports

External Supplier Control Obligations. Cyber Security

Oracle Data Cloud ( ODC ) Inbound Security Policies

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

Vulnerability Management

IBM Resilient Incident Response Platform On Cloud

Integrated, Intelligence driven Cyber Threat Hunting

ForeScout Extended Module for ArcSight

Reinvent Your 2013 Security Management Strategy

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

COMCAST ENTERPRISE SERVICES PRODUCT-SPECIFIC ATTACHMENT SOFTWARE-DEFINED WIDE AREA NETWORKING (SD-WAN)

IBM Cloud Service Description: Watson Analytics

Solution Pack. Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites

Administering System Center 2012 Configuration Manager

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Offer Description for Cisco Cloudlock

Hours of Operation Technical assistance will be provided by telephone or , Monday through Friday, 08:00 AM to 18:00 PM EST (GMT -5).

PCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring

Enterprise SM VOLUME 1, SECTION 5.4: ANTI-VIRUS MANAGEMENT SERVICE

DHIS2 Hosting Proposal

Endpoint Security for DeltaV Systems

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

IBM Infrastructure Security Services - Managed Protection Services for Servers - Select

Kaseya IT Services KASEYA IT SERVICES PROGRAM CATALOG 2014 Q3

ADIENT VENDOR SECURITY STANDARD

Qumu Support and Maintenance Service Agreement

Service Description: Advanced Services Fixed Price. CloudCenter Advise and Implement Medium (ASF-DCV1-G-CC-ME)

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Service Description Managed Protection Services for Networks - Standard

ForeScout Extended Module for HPE ArcSight

PTS Customer Protection Agreement

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Capability Customer Provider

Service Description VMware Workspace ONE

FACTORYTALK PRODUCTIONCENTRE SUPPORT POLICY GUIDEBOOK. Copyright 2007 Rockwell Automation, Inc. All rights reserved.

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Dell Service Description

IBM Hosted Application Security Services - Website Scanning Platform

How to Secure Your Cloud with...a Cloud?

Cisco Active Threat Analytics Essential Security Addendum to the Service Description for Cisco Managed Services

Transforming Security from Defense in Depth to Comprehensive Security Assurance

IBM Managed Security Services General Provisions Services Description

Transcription:

Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document for IBM Security Services ( Order Document ). If there is a conflict between the terms in the documents, the terms of the Order Document prevail over those of this document, and the terms of this document prevail over those of the agreement specified in the Order Document ("the Agreement"). Capitalized terms not otherwise defined in this document are defined in the Agreement or any other referenced document, and have the same meaning in this document as ascribed to them therein. This document describes the Services and incorporates by reference the following contract document(s). The terms and conditions contained in the incorporated document(s) are in addition to the terms and conditions contained herein. Contract Document(s) Document # Managed Security Services General Provisions I126-8484 Standard Services Deployment and Activation I126-7794 The document(s) identified above are located at: http://www.ibm.com/services/iss/wwcontracts. From this security services contract documents portal, Client selects the applicable country to access the above documents. If any documents are not accessible, please request a copy from Client's IBM sales contact. 1.1 Services IBM will provide Endpoint Managed Security on Cloud ( Services ) which include advanced malware protection, detection and environment monitoring. Services will provide support for a variety of endpoint/host platforms such as laptops, desktops, and servers and are available under three (3) service tier levels: Essential, Standard, and Enterprise. Services may include the following core service features as selected in the Order Document. Additionally, the Client may purchase add-on(s) to the core offering as described in this document. This Service provides the following capabilities: a. Essential service tier provides support of server endpoints only via a centralized, multi-tenant management console where monitoring and reporting are provided in support of regulatory compliance; b. configuration of the management infrastructure; c. connection to a security event and incident management tool for threat intelligence and analytics (optional); d. automated threat monitoring and threat detection; e. advanced correlation and threat prioritization; f. Enterprise service tier provides advice on remediation actions; however, this level of support is optional for other service tiers; g. quarterly checkpoints; and h. ongoing configuration and endpoint telemetry (policy) tuning. Optional Services Optional services are available to provide a more comprehensive level of support, increasing IBMs ability to support remediation and reporting activities. If any of the following optional services are selected or specified in the Order Document, IBM will provide support for these services upon Client request. Vendor Liaison Support including 24x7 Severity 1 response including level 3 support. Specialized Policy Configuration requests provide for the Client to request changes to the policy s managing the Client s servers. I126-7744-EN-01 08-2017 Page 1 of 7

Additional Meeting Attendance can be provided to allow attendance at an additional weekly meeting in support of Client needs. Customized Report Design and Daily Execution based upon the Client requirement. Consulting Services which allow for the Client to request IBM assistance to investigate and resolve specific issues. 1.1.1 Services Activities Implementation IBM will provide implementation based on service tier level selected in the Order Document. IBM Responsibilities IBM will: (1) complete initial environmental assessment as part of implementation; (2) provide security product technical support information for implementation provided by the vendor to delivery team; (3) provide high level transition plan for Client execution; (4) onboard tenant onto vendor management console and test connectivity; and (5) configure vendor management console and policies based on standard vendor s best practices. b. if Standard or Enterprise service tier is selected, perform the activities above related to Essential service tier and provide a remote (usually via conference call) 2-hour workshop including: (1) introduction of personnel providing service(s), confirmation of location(s); (2) review of IBM incident management and workflow procedures and processes; (3) discussion of pre-emptive incident preparation best practices; and (4) discussion of current threat and risk levels, and telemetry policy tuning. Client Responsibilities Client will: (1) provide a single point of contact to work with the IBM on issues pertaining to implementation; (2) support the environmental assessment; (3) execute transition plan provided by IBM (task tracking, change management, communication, status reporting, etc.); (4) endpoint support teams are required to provide software installation, troubleshooting of managed endpoints (system administration team for servers) including installing security product/upgrades on servers; (5) provide the necessary network access and remote access to allow server endpoints to access the vendor management console or cloud instance and support testing the access; (6) be responsible for verification and resolution for any compliance issues including maintaining documentation for audit readiness; (7) be responsible for purchase of any hardware and/or software required for Services as well as updates as required by IBM; (8) open any ticket required via the problem management system used by the Client to support the server s security software implementation for endpoints; and (9) be responsible for ensuring vendor support contract for agent s license support is in place and maintained at the level the Client determines is required and I126-7744-EN-01 08-2017 Page 2 of 7

(10) provide client relationship management and assume all Client interfacing responsibilities during onboarding. b. if Standard or Enterprise service tier is selected, perform the activities above related to Essential service tier and the following: (1) agree to identify relevant subject matter experts and/or Client contact(s) to participate in the workshop and provide required information as required by the environmental assessment; (2) within one month of any expiration or termination of Services, unless agreed in writing by IBM at the time, return all products or assets (including without limitation all whole or partial copies thereof) and destroy and certify as such in writing to IBM all documentation and all IBM Confidential Information; (3) provide Agent instance and support subscription at recommended level (purchasing assistance may be provided by IBM; (4) provide the necessary network connectivity for endpoints to access the Agent cloud instance; (5) be responsible for ensuring vendor support contract for agent s license support is in place and maintained at the level the Client determines is required; and (6) be responsible for verification and resolution for any compliance issues including maintaining documentation for audit readiness. 1.1.2 Services Activities Steady State As steady state begins there will be an initial tuning phase for telemetry tuning, learning, and contextual awareness. During this phase, IBM will provide steady state activities listed below for a specific set of endpoints and/or for a duration (not to exceed eight (8) weeks) mutually agreed upon by Client and IBM during the Service kickoff. Following the completion of the tuning phase, the Service is considered to be in Steady State. IBM will provide Steady State support during 08:00 AM 05:00 PM, Monday Friday in delivery center s local time zone and based on service tier level selected in the Order Document. IBM Responsibilities IBM will: (1) maintain and monitor health and availability of vendor management console applications to ensure proper function, including downloading new definition, pattern files, vendor product updates, and policy and configuration updates; (2) perform daily status checks of the console once daily; (3) inform Client s Point of Contact when endpoint security software upgrade should be executed, as required; (4) respond to any health and availability issues pertaining to the vendor console management application; (5) notify Client when endpoint security software upgrade should be executed (e.g., endpoints reporting out of date components), as required; (6) attend up to one hour-long meeting per quarter to review anti-virus status; (7) notify Client or appropriate agents via standard monthly report of any anomalous events e.g., malware detected, but not cleaned, endpoints reporting out of date components; (8) notify Client s Point of Contact, if malware is detected on a Client supported endpoint; (9) provide one (1) monthly malware defense management report; and (10) modify console alerts for notification of compliance issues per vendor recommendation only. b. if Standard service tier is selected, perform the activities above related to Essential service tier and the following: I126-7744-EN-01 08-2017 Page 3 of 7

(1) provide automated detection and threat monitoring based on the intelligence feed, and other telemetry obtained from a security information and event management system, if applicable); (2) categorize security events/incidents priority based on the National Institute of Standards and Technology s security incident categorization, modified as follows: (a) (b) (c) (d) critical event: critical business impact, unauthorized access, brand damage, data theft, compromised asset; high event: significant business impact, potential loss of data, denial of service; medium event: malware or malicious code, potential loss of service, data, business impact; and low event: reconnaissance or scans or probes, policy violations or improper usage, others and uncategorized event. (3) provide correlation and prioritization of threat events using knowledge of Client s environment, current threat landscape and global threat intelligence; (4) notify Client contact(s) regarding security events using one or more of the following means: electronically or via telephone; (5) make recommendations to Client as to any remediation actions to be performed on endpoints in response to an identified threat, if applicable; (6) take additional action in the case malware detected warrants further remediation, which may include but not limited to: (a) (b) banning process hashes (ban a process hash so that the process cannot be run again on hosts reporting to this management server and any running version of it is terminated); and endpoint isolation (isolate a computer from the rest of the network, leaving only connections needed for access to its sensor by the management server. (7) provide a digital threat/incident summary report and remediation recommendations/actions taken, if applicable; (8) make up to five (5) policy changes per month, as appropriate and required; (9) provide quarterly briefing checkpoints (up to two (2) hours via conference call) to review incident reports, any changes to incident reporting procedures, telemetry, processes, workflows, and technologies; (10) host operational cadence call one (1) hour per month; (11) provide one (1) weekly standard report for threat and incident; (12) monitor the Services infrastructure and remediate issues as necessary; (13) perform patches and upgrades of the management system; (14) notify Client if sensors require updating; and (15) notify Client if parts of the IBM solution become unreachable. c. If Enterprise service tier is selected, perform the activities above related to Essential and Standard service tiers and the following: (1) provide 24x7 on-call support for Severity 1 related Client situations; (2) act as primary vendor interface for any issues or communication requiring the vendor s assistance; (3) deliver intelligence and remediation instructions as applicable; (4) respond to Client s requests for investigations; (5) make up to five (5) additional policy changes for a total of ten (10) per month, as appropriate and required; (6) host operational cadence call one (1) hour per week; I126-7744-EN-01 08-2017 Page 4 of 7

(7) provide one (1) daily standard reports for threat and incident; (8) provide up to five (5) customized designed reports for execution; (9) meet with Client to identify specific requirement; (10) develop the custom report and adjust the steady state processes to include delivery of the report; and (11) execute the custom report daily and delivery to Client s Point of Contact. Client Responsibilities Client will: (1) provide a single point of contact to work with the IBM on issues pertaining to Steady State support; (2) maintain all software licenses for software products used as part of the service; (3) notify the IBM focal point, through an agreed upon process, when there are standardized software image upgrades and/or change schedules; (4) coordinate incident management responsibilities and respond to all health and availability issues not directly related to the security management console; (5) be responsible for verification and resolution for any compliance issues including maintaining documentation for audit readiness; (6) open any ticket required via the problem management system used by the Client to support the server s security software for endpoints including but not limited to security product remediation, repair, a product patch or minor upgrade, as applicable; and (7) endpoint support teams are required to provide support for software installation, troubleshooting and maintenance of managed endpoints and relays (e.g., System Administrator or Server Support teams for servers). b. if Standard or Enterprise service tier is selected, perform the activities above related to Essential service tier and the following: (1) maintain Agent instance (assistance may be provided by IBM); (2) identify endpoint support teams required for support related to software installation, troubleshooting and maintenance of managed endpoints (system administration team for servers); (3) identify endpoint support teams required for support related to software installation, troubleshooting and maintenance of managed endpoints (system administration team for servers); (4) maintain all software licenses for software products used as part of the Services; (5) review incident tickets, alerts, reports, and events provided to the Client via other electronic and/or telephone means; (6) implement recommended remediation techniques, if available and applicable; (7) request threat hunting / additional analysis for up to any remaining number of investigations specified in the Order Document, if applicable; (8) provide written approval for any and all remediation and recommended actions as required by IBM; (9) give IBM prior written notice of any software or hardware alterations or attachments which may affect Services; (10) ensure appropriate Client entities are available for quarterly briefings; (11) install sensors as recommended by IBM; and I126-7744-EN-01 08-2017 Page 5 of 7

(12) be responsible for verification and resolution for any compliance issues including maintaining documentation for audit readiness. 1.1.3 Optional Services Activities IBM will provide support for the following optional services based on the selection specified in the Order Document and upon Client request. IBM Responsibilities a. If Essential or Standard service tier and if Vendor Liaison is selected in the Order Document, IBM will: (1) act as primary vendor interface for any issues or communication requiring the vendor s assistance; (2) provide 24x7 on-call support for Severity 1 related Client situations; (3) deliver Intelligence and remediation instructions as applicable; and (4) respond to Client s requests for investigations. b. If Specialized Policy Configuration is selected in the Order Document, IBM will implement policy changes to the infrastructure for specific servers at the Client s request. c. If Customized Report Design and Daily Execution is selected in the Order Document, IBM will: (1) meet with Client to identify specific requirement; (2) develop the custom report and adjust the steady state processes to include delivery of the report; and (3) execute the custom report daily and delivery to Client s Point of Contact; d. If Additional Meeting Requirement is selected in the Order Document, IBM will participate in a weekly one (1) hour meeting as an additional meeting requirement during the contract period. e. If Consulting Service Requirement is selected in the Order Document, IBM will provide up to eight (8) hours of consulting services. Client Responsibilities a. If Essential or Standard service tier and if Vendor Liaison is selected in the Order Document, Client will: (1) ensure that requests for level 3 support are submitted by the assigned focal point; (2) be responsible for ensuring vendor support contract(s) is established and maintained at the tier level as identified by the vendor through the life of the contracts; (3) acknowledge that IBM recommends that Client s support contracts include 24x7 access to a named technical account manager assigned to the Client account by the software vendor; and (4) acknowledge that if the appropriate vendor level of support is not maintained by the Client, the Client is responsible for any impact the level of vendor support may have on Services. b. If Specialized Policy Configuration is selected in the Order Document, Client will: (1) provide IBM with details of requested report; and (2) accept delivery of customized reports daily for distribution to tenant. c. If Customized Report Design and Daily Execution is selected in the Order Document, Client will: (1) provide IBM with details of requested report; and (2) accept delivery of customized reports daily for distribution to tenant. d. If Additional Meeting Requirement is selected in the Order Document, Client will: (1) provide invitation to additional one (1) hour weekly meeting; and (2) outline agenda to be considered. I126-7744-EN-01 08-2017 Page 6 of 7

e. If Consulting Service Requirement is selected in the Order Document, Client will provide direction regarding requested activity. I126-7744-EN-01 08-2017 Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback