Secureworks ManagedXDR-Managed iSensor Add-on
service descriptions isensor managedxdr
Overview ⫘
The Secureworks® Taegis™ ManagedXDR–Managed iSensor Add-on Service (“Service”) enables detection and prevention of network-based threats using the Secureworks iSensor® appliance (“iSensor”) in conjunction with the ManagedXDR service. All capitalized words and phrases shall have the meanings set forth herein, as defined in the Glossary, or within the Secureworks-applicable agreement, such as the Customer Relationship Agreement.
The iSensor is a virtual or physical appliance that is an Intrusion Detection System (“IDS”) / Intrusion Prevention System (“IPS”), and Customer will install the iSensor within Customer’s network. The iSensor uses Secureworks Threat Intelligence to detect and prevent network-based threats. The iSensor will monitor and inspect Customer’s network traffic using the Secureworks Counter Threat Unitâ„¢ (CTU) (“CTU”) countermeasures and signatures to identify and block malicious traffic in real time. In addition, the iSensor will continuously collect network telemetry that detectors within XDR use to detect threats and alert Customer. Customer must be subscribed to the Secureworks ManagedXDR service to use iSensor. Any service, activity, or engagement not explicitly defined herein is considered out of scope.
Note
This is a per-tenant Service. If Customer has more than one tenant (i.e., Additional Managed Tenant) for which the Service needs to be provided, then the Service must be purchased for each of Customer’s tenants.
Service Components ⫘
iSensor Security Event Monitoring and Alerting ⫘
Secureworks analysts will monitor all high and critical alerts generated by the iSensor. When a high or critical alert triggers a true positive, a Security Investigation (based on Security Events) will be created within XDR, and Customer will be notified using a combination of notifications through email, telephone, and within XDR. The Security Investigation contains details about the alert (e.g., time, hostname, IP addresses, user information), related alerts that provide additional context, and remediation steps.
Network Threat and Malware Detection and Prevention ⫘
Using signature-based detection, threat intelligence, and correlation, Secureworks will detect malware exfiltration and command control activity. As an option, the iSensor can be configured inline in Customer’s network to allow active blocking of malicious traffic.
The CTU research team continually evaluates threats and provides countermeasure support for the iSensor. Countermeasures such as signatures, fingerprinting, and IP blacklists are examples of threat intelligence used by the iSensor. Countermeasures and other detection capabilities will be updated on the iSensor using encrypted VPN channels.
iSensor Availability Monitoring ⫘
Secureworks must be able to connect to the iSensor using Internet Control Message Protocol (“ICMP”) and Secure Shell (“SSH”). Secureworks conducts availability validations for the iSensor and will triage connectivity issues. Upon detection of loss of iSensor availability, Secureworks will notify Customer through electronic notification, and Customer will troubleshoot networking issues. If such troubleshooting is unsuccessful, then Customer can contact Secureworks to jointly find the root cause and remediate the issue.
Software Maintenance for iSensor ⫘
Components of the iSensor, which may include Secureworks or third-party software, may occasionally require updating. Secureworks will install software patches and updates as part of the Service when the following conditions apply:
- Software patch or update can be performed remotely, with limited or no on-site assistance from Customer
- Software patch or update does not require Customer to upgrade/replace the iSensor
When vulnerabilities are disclosed, Secureworks assesses the applicability of each disclosure (and related patch or patches, if available) to Customer’s iSensor. Secureworks will notify Customer about critical vulnerabilities that apply to the iSensor.
Return Materials Authorization (“RMA”) Assistance ⫘
If the iSensor is determined to be in a failed or faulty state and requires replacement, then Secureworks can initiate and fulfill the RMA process. Customer is responsible for maintaining a valid support contract and licensing for the iSensor.
Implementation ⫘
The standard service implementation period begins after Secureworks reviews and approves Customer’s signed Transaction Document and ends when the Service is made available to Customer. Secureworks will provide remote assistance (e.g., through teleconference) to Customer to ensure proper implementation of the iSensor. If Customer needs a physical iSensor, then arrangements will be made to ship the iSensor to a Customer-designated location.
Customer Obligations ⫘
Customer will perform the obligations listed below, and acknowledges and agrees that the ability of Secureworks to perform its obligations hereunder are dependent on Customer’s compliance with these obligations. Noncompliance with Customer obligations relative to this Service may result in suspension of the Service.
Active XDR Subscription ⫘
Customer will maintain an active XDR subscription; a lapse will result in iSensor service degradation (such as not processing Security Events).
Connectivity ⫘
Customer will provide and maintain remote network connectivity to Customer’s environment, including ensuring sufficient network Bandwidth, and the in-scope Device(s) that are necessary for Secureworks to perform the Service. Customer will also allow connectivity from Secureworks IP range to Customer location(s) as applicable to the Service.
Communications ⫘
Customer will communicate with Secureworks through XDR to submit all requests and report issues. It is Customer’s responsibility to notify Secureworks of any Customer-side network or system changes that could affect the Service.
Hardware and Software Procurement ⫘
Unless Customer chooses to use a virtual iSensor, Customer will purchase or lease the hardware necessary for Secureworks to deliver the Service. If a virtual iSensor will be used, then Customer will download the applicable software from the Secureworks-provided download location.
Virtual Environment ⫘
Customer is responsible for Customer’s virtual environment. Customer will provide the Guest Virtual Machine (“Guest VM”)—which resides on a Hypervisor—on which the Secureworks-provided image (the Virtual iSensor) will be installed. Customer must provision the Guest VM with the following required resources for proper functionality and delivery of the iSensor: CPU, memory, storage capacity, and network resources.
Secureworks provides two images for the Virtual iSensor. Provided below are Secureworks the default specifications for each image. These specifications may need to be adjusted depending on iSensor performance and the amount of inspected network traffic. Customer must install one of the images on the Guest VM, and Customer will need to adjust the settings for the iSensor as needed to meet the demands of Customer’s environment.
| Item | Small Image | Large Image |
|---|---|---|
| CPU | 4 cores | 8 cores |
| Memory | 4 GB | 8 GB |
| Storage | 60 GB | 60 GB |
| Inspection Throughput | 500 Mbps | 1,000 Mbps |
Warranty Exclusion ⫘
Deployment of the Service does not achieve the impossible goal of risk elimination, and therefore Secureworks makes no guarantee that intrusion, compromises, or any other unauthorized activity will not occur on Customer’s network.
Additional Information ⫘
Billing for iSensor will commence when Steady State begins. See the frequently asked question (“FAQ”) for “What is ManagedXDR steady-state monitoring and when does it begin?” listed here: (https://docs.ctpx.secureworks.com/mxdr/mxdr_faq/).
See the documentation within XDR (https://docs.ctpx.secureworks.com/) for information about compatible browsers, integrations, detectors, dashboards, and training. Other information is also available, including release notes.
Glossary ⫘
| Term | Description |
|---|---|
| Additional Managed Tenant | An add-on service for ManagedXDR and ManagedXDR Elite that provides Customer with more than one XDR tenant. |
| Bandwidth | The amount of network traffic, measured in bits per second, that is being inspected by the associated iSensor. |
| Counter Threat Unit (“CTU”) | Internal team of security experts that research and analyze threat data across Secureworks global Customer base and actively monitors the threat landscape. Provides threat intelligence that extends visibility into cyber threats beyond the edges of the networks of Secureworks Customers. The threat intelligence, applied to technology and the Secureworks suite of services, enables Customers to expand visibility and reduce the time it takes to see and respond to them, thereby resisting and avoiding cyberattacks. |
| Device(s) | Equipment that is in scope for the Service. |
| End of Life (“EOL”) | The date on which all support for a product ends, which includes any software upgrades, hardware upgrades, maintenance, warranties or technical support. |
| End of Sale (“EOS”) | The date on which a product is no longer available for purchase. |
| Security Event | Identified occurrence of a system or network state that may be malicious, anomalous, or informational, which is ingested into the Secureworks technology infrastructure. |
| Security Investigation | A central location within XDR that is used to collect evidence, analysis, and recommendations related to a threat that may be targeting an asset in a Customer’s IT environment. |
| Guest | Separate and independent instance of operating system and application software that operates on a Virtual Host. |
| Virtual Host | Virtual Machine host server that provides the physical computing resources, such as processing power, memory, disk, and network I/O. |
| Hypervisor | Virtual machine monitor that isolates each Guest, enabling multiple Guests to reside and operate on the Host simultaneously. |
| Virtual Machine (“VM”) | A logical instance of the physical Host that houses the operating system of the Guest. |