Secureworks Taegis ManagedXDR for OT
Overview ⫘
-
New customers of ManagedXDR or ManagedXDR Elite: For customers purchasing Secureworks® Taegis™ ManagedXDR for OT simultaneously with Secureworks® Taegis™ ManagedXDR or Secureworks® Taegis™ ManagedXDR Elite, prior to onboarding, Secureworks will activate Customer’s Service by provisioning access to Customer’s instance of Secureworks® Taegis™ XDR, which will also provide Customer with access to: 1) online documentation; and 2) instructions to access and deploy the Taegis™ XDR Endpoint Agent.
-
Existing customers of Secureworks® Taegis™ ManagedXDR or Secureworks® Taegis™ ManagedXDR Elite: For customers adding ManagedXDR for OT to an existing ManagedXDR or ManagedXDR Elite subscription, Secureworks will activate Customer’s Service on the effective date of the Transaction Document for ManagedXDR for OT.
The ManagedXDR for OT Service (“Service”) provides Customer with access to a team of security professionals (the (“OT Specialist Team”), herein referred to as the (“Specialist Team”)) to conduct in-depth analysis for investigations as well as orchestrated response and remediation related to Customer’s OT Environment.
The Specialist Team is available 24x7 via chat, email, and ticket. Customer must purchase the ManagedXDR service (“ManagedXDR”) in conjunction with this Service. For more information, see the ManagedXDR service description. As part of ManagedXDR, the ManagedXDR Security Analysts will review and investigate Threats detected within Customer’s XDR (“XDR”) tenant(s). Threats requiring further analysis as determined by Secureworks will result in creation of an Investigation within XDR. The Specialist Team will conduct additional analyses of investigations identified in XDR related to assets associated with Customer’s OT environment. After analysis is completed for each Investigation, the Specialist Team will take appropriate action based on the documentation developed during Onboarding.
All capitalized words and phrases shall have the meanings set forth herein, as defined in the Glossary, or within the Secureworks-applicable agreement, such as the Customer Relationship Agreement.
Service Components ⫘
24x7 Access to OT Specialist Team ⫘
Customer will have access to the OT Specialist Team 24x7 via methods described above. From a remote location, the Specialist Team will conduct work on Customer’s behalf and support Customer as defined herein. The Specialist Team will communicate with Customer through email and Secureworks Ticketing System for support related to the activities described herein. The Specialist Team will also communicate with Customer through telephone solely for OT related investigations deemed by Secureworks to be High or Critical.
Threat Investigations ⫘
The Specialist Team will conduct Threat Investigations aligned to the following categories:
-
OT-specific alert investigations: When event data is sent by supported OT Monitoring Technology and that data triggers an alert in XDR deemed by Secureworks to be a Threat, the Specialist Team will perform an investigation with the goal of understanding the potential impact of the Threat to the Customer’s OT Environment. The Specialist Team will also review and conduct analyses for Investigations that are automatically created through approved automation playbooks within XDR and add the findings to these Investigations.
-
Non-OT-specific alert investigations: When event data from non-OT Monitoring Technology triggers an alert in XDR deemed by Secureworks to be a Threat, initial triage, analysis, investigation will be performed by ManagedXDR Security Analysts (as described in the Threat Detection and Investigation section of the ManagedXDR and ManagedXDR Elite service descriptions). At the conclusion of their investigation, the Specialist Team will conduct further analyses for these Investigations with the goal of understanding the potential impact of the Threat to the Customer’s OT Environment.
For all Investigations, upon confirmation of a Threat by the Specialist Team, the Specialist Team will help orchestrate responses and remediation with Customer, which includes communicating with responsible stakeholders and advising Customer about appropriate actions.
Note
The Specialist Team will focus solely on Cybersecurity Threats identified or validated by XDR. Events generated by Customer OT Monitoring Technology related to SCADA alerts, vulnerability scanning, or patching are not considered Threats by this service and will not be investigated. Such out-of-scope events may be data points included in the investigation of a Cybersecurity Threat.
Investigation Procedures ⫘
The Specialist Team will primarily operate within XDR as well as Secureworks internal tools. The Specialist Team will investigate all XDR alerts determined by Secureworks teams to be Threats. The Specialist Team will perform investigations based on Secureworks best practices, the initial findings of ManagedXDR Security Analysts, and business context provided by the Customer during Onboarding and in an on-going fashion, as well as follow the escalation procedures for OT related Threats that will be developed by Customer and Secureworks during Onboarding. Additionally, the Specialist Team will directly access Customer’s supported OT Monitoring Technology, as needed, to enhance their investigations. Access for the Specialist Team to such platforms must be provided and maintained by the Customer. Customer acknowledges that not providing or maintaining this access for the Specialist Team limits the service that the Specialist Team can provide until the access is restored. The Specialist Team will use the Customer’s OT Monitoring Technology to conduct analyses, identify additional business context, and determine their recommendations.
Note
The Specialist Team does not conduct any activities related to managing Customer’s systems and tools (e.g., no software license or platform/configuration management).
Service Phases ⫘
There are two primary phases for delivering the Service: Onboarding and Steady State.
Onboarding ⫘
This phase will be managed by an assigned Program Manager (“PM”). The PM will coordinate the activities that must be completed during this phase. Secureworks will guide Customer through multiple activities to help ensure that the Specialist Team has the access, familiarity, and context needed to deliver the Service to Customer. Onboarding is expected to be completed within 6-8 weeks; timeline will be based on dependencies and the project plan that will be agreed-upon during Onboarding.
Steady State ⫘
Steady State commences when the Onboarding Checklist is completed and Customer has satisfied all Steady State requirements for the standard ManagedXDR service, which must accompany this Service (see ManagedXDR Onboarding Guide). During Steady State, the Specialist Team will conduct investigations and apply Customer’s business context based on their knowledge of OT security and information from Customer’s supported OT Monitoring Technology. When the Specialist Team confirms a Threat, they will advise on response and remediation for Customer and will collaborate with Customer-designated personnel as appropriate.
The table below indicates timing and activities conducted by Secureworks during the Service Phases. Please note that timing is approximate and predicated on Customer performing its responsibilities described herein.
Phase | Activities |
---|---|
Onboarding | Timing: Upon start of Services Term
|
Steady State | Timing: 6-8 weeks after Onboarding begins
|
Customer Obligations ⫘
Customer is required to perform the obligations listed below and acknowledges and agrees that the ability of Secureworks to perform its obligations hereunder are dependent on Customer’s compliance with these obligations. Noncompliance with Customer obligations relative to this Service may result in limitations and reduced service capabilities or suspension of managed components of the Service.
Customer will do the following:
- Ensure that all ManagedXDR obligations are met (see Customer Obligations for ManagedXDR).
- Customer must acquire and maintain supported OT Monitoring Technology to provide network telemetry of Customer OT environments.
- Provide and maintain Specialist Team access to Customer supported OT Monitoring Technology.
- Maintain proper tagging and labeling within XDR to ensure visibility into the OT portion of the Customer environment.
- Ensure list of Customer’s authorized contacts remains current, including permissions and associated information.
- Obtain consent and authorization from the applicable third party, in form and substance satisfactory to Secureworks, to permit Secureworks to provide the Service if Customer does not own network resources such as IP addresses, tools, systems, hosts, facilities or web applications.
Additional Information ⫘
Billing for the Service begins at the same time as billing for XDR. Contact account manager or refer to the official terms as stated on Customer’s Transaction Document from purchase for the most up-to-date details. See the documentation within XDR for information about compatible browsers, Integrations, detectors, dashboards, and training.
Warranty Exclusion ⫘
While the Service is intended to reduce risk, it is impossible to completely eliminate risk, and therefore Secureworks makes no guarantee that intrusion, compromises, or any other unauthorized activity will not occur on Customer’s systems.
Glossary ⫘
Term | Definition |
---|---|
Alert | Prioritized occurrences of suspicious or malicious behavior detected by a detector in XDR. |
Investigation | A central location within XDR that is used to collect evidence, analysis, and recommendations related to a Threat that may be targeting an asset in a Customer’s IT environment. Investigations are categorized into types, such as Security and Incident Response. |
Parties | Customer and Secureworks are referenced jointly using this term. |
Security Analyst | A Secureworks security expert who analyzes alerts deemed High and Critical for customers, and creates and escalates Investigations. Note: A Security Analyst may also be referred to as a ManagedXDR analyst or an MXDR analyst across other Secureworks documentation. |
Services Term | Period of time identified in the Transaction Document during which Services will be delivered to Customer. |
Threat | Any activity identified by XDR that may cause harm to an asset in a Customer’s IT environment. |