Onboarding for Taegis ManagedXDR Enhanced

Overview ⫘

• New customers of ManagedXDR or ManagedXDR Elite: For customers purchasing Secureworks® Taegis™ ManagedXDR Enhanced simultaneously with Secureworks® Taegis™ ManagedXDR or Secureworks® Taegis™ ManagedXDR Elite, prior to onboarding, Secureworks will activate Customer’s Service by provisioning access to Customer’s instance of XDR, which will also provide Customer with access to: 1) online documentation; and 2) instructions to access and deploy the Taegis™ XDR Endpoint Agent/Red Cloak™ Endpoint Agent.

• Existing customers of ManagedXDR or ManagedXDR Elite: For customers adding ManagedXDR Enhanced to an existing ManagedXDR or ManagedXDR Elite subscription, Secureworks will activate Customer’s Service on the effective date of the Transaction Document for ManagedXDR Enhanced.

Onboarding for ManagedXDR Enhanced combines the personnel and processes that encompass Premium Onboarding for ManagedXDR as well as those specific to enabling capabilities for the Enhanced service. For new ManagedXDR customers, you must also purchase Premium Onboarding. For existing ManagedXDR customers, the activities for Premium Onboarding do not need to be performed (no need to purchase Premium Onboarding).

Secureworks Personnel ⫘

Secureworks will provide additional personnel and support during the onboarding process. Throughout onboarding, it is important to understand the roles and responsibilities for you and Secureworks, as well as the Secureworks points of contact during the onboarding process. Primary personnel from Secureworks will be a Project Manager (PM), a Security Consultant (SC), and an Enablement Consultant (EC), which comprise your Onboarding Team. This team will coordinate with your Customer Success Manager (CSM) who will handle service delivery after steady state.

Project Manager (PM) ⫘

The PM will partner with you and serve as your primary operational point of contact during onboarding. The PM will coordinate with the Secureworks Solutions Engineer and sales team to review and validate all information collected during the pre-sales process. The PM will schedule applicable teleconferences during onboarding and track your onboarding progress until steady state is reached.

Security Consultant (SC) ⫘

The SC will lead training and provide onboarding assistance in accordance with the agreed-upon onboarding scope. The SC will support and guide you through the process of deploying agents and setting up supported integrations. The SC will create up to five (5) custom rules and two (2) playbooks during onboarding. The SC will attend teleconferences as applicable until steady state is reached.

Enablement Consultant (EC) ⫘

The EC will lead the discovery workshops and work with you to develop the specific RACI that will govern roles and responsibilities and escalation procedures for the ManagedXDR Enhanced service after steady state is reached. Once the RACI is approved, the EC will develop applicable workflows and an operations guide. As needed, the EC will request and track access to additional tools within your environment. The EC will attend teleconferences as applicable until steady state is reached.

Service Onboarding ⫘

Secureworks will guide your team through steps to set up the processes, procedures, and related work instructions that will be used to deliver the ManagedXDR Enhanced service.

Listed below are primary activities performed during Service Onboarding:

• Define purpose and goals of the overall engagement
• Outline deliverables, timelines, and schedules
• Obtain and document your network environment information
• Obtain and document your current operational process information
• Clarify roles and responsibilities for both your organization and Secureworks personnel
• Align the steady state service objectives to your security strategy
• Establish the required connectivity and access to your network and in-scope platforms and tools (including ticketing system) for service delivery
• Introduce you to the Service Governance function
• Define the baseline for steady state operations
• Develop an operations guide

Phases ⫘

The graphic below indicates the primary phases of onboarding: Discovery, Design, Build, and Integrate. The timeline is approximate; onboarding usually takes 8-14 weeks. The actual time required varies from customer to customer. Meeting this timeline depends on collaboration between you and Secureworks to assure necessary customer resources are available for all activities in all phases of the onboarding process.

Onboarding Time Frame Graphic

Explained in the subsections below are the activities performed during each phase.

Discovery ⫘

Objective: To collect and document information about your current network environment.

Conduct Initial Meeting

Secureworks will schedule and conduct an initial meeting through remote teleconference on a mutually agreed-upon date and time to do the following:

• Initiate the project for implementing the service
• Review objectives and scope
• Introduce participants and discuss team roles and responsibilities
• Provide an overview of the Secureworks project methodology
• Request needed customer documentation
• Agree on date and time for the on-site or remote teleconference Discovery workshop session(s) Note: You will be responsible for all expenses related to on-site workshop(s), including any documented out-of-pocket travel expenses incurred by Secureworks.

Conduct Discovery Workshop

Secureworks will conduct a workshop with you to perform environment and process discovery, and obtain and document the following environment information:

• Tools and platform-related documentation and details
• Network infrastructure diagrams and traffic flow details regarding different event sources
• Device category lists, configuration management database (CMDB) information, and details about any other methods used for process integration and account details
• Any relevant user and group access lists
• Details for any custom modifications to platform(s)—e.g., custom reports, dashboards, apps, integrations

Conduct Process Discovery

Secureworks will work with you to obtain and document any relevant security operations processes such as:

• Your current Information Security (IS) and Incident Response (IR) processes, procedures, and workflow
• Contact and escalation points for security incidents within your organization

Develop Project Plan

The Secureworks PM will work with your Project Manager to develop the initial project plan for Service Onboarding. This plan will detail the activities that are performed during the remaining phases of onboarding. Your Project Manager will be expected to indicate your activities and/or dependencies that need to be included such as resources, customer and third-party dependencies, change requests, and network freezes. Secureworks will send you an Initial Project Plan through email, containing the information listed below as applicable:

• Activities and tasks required for project
• Target dates and milestones for activities
• Estimated durations for each activity
• Target completion dates
• Responsible personnel
• Agreed-upon primary milestones
• Risk Register creation (as agreed upon with you)

After you review the Initial Project Plan, you and Secureworks will discuss and align on any necessary changes. The revised Project Plan is then considered finalized. Any variance will be tracked and discussed during weekly status meetings so that appropriate measures can be taken to mitigate or reduce any potential delays that could impact primary milestones.

Design ⫘

Objective: To validate customer information and to make informed design choices and recommendations to define your future state operations

Establish Access and Connectivity

Secureworks will work with Customer to perform the following:

• Establish remote connectivity and network access through customer-provided VDI or Secureworks connectivity solution for web-based applications
• Request and track user account credentials for accessing your network environment and any in-scope platforms that will be used by the Enhanced Team
• Request and track user account credentials for accessing your in-scope ticketing system(s)

Define Future State Operations

Secureworks will work collaboratively with you to develop a description of your current and future state operations. Some examples of topics that will be discussed during this activity include, but are not limited to, the following:

• Remote connectivity
• Ticketing system and processes
• Process for onboarding new data sources
• Standard data sources already onboarded
• Existing third-party threat intelligence feeds
• Existing risk/compliance reports
• Existing integrations with third-party technologies/data sources
• Number and types of investigated tickets/alerts (Alerts) (historical)
• Number and types of resolved/escalated tickets (historical)

Build ⫘

Objective: To implement the design elements defined in the previous phase in developing an operations guide to follow for steady state delivery of the ManagedXDR Enhanced service.

Develop Operations Guide

Secureworks will work collaboratively with you to develop the content for the operations guide that will be used as the basis for delivering the ManagedXDR Enhanced service during steady state. The operations Guide is a living document, used internally by the Secureworks Enhanced Team to deliver the service to you, and it is updated as often as needed by Secureworks.

Integrate ⫘

Objective: To enable and practice activities that are expected to be performed during steady state.

Stabilization

Secureworks will work with customer to simulate “live” operations during normal business hours to test processes and team interactions. Primary activities that occur include the following:

• Work jointly with you to determine the duration and end date of stabilization
• Guide and coordinate stabilization activities
• Confirm that ticket workflow management activities are being performed as expected
• Confirm that the ticketing tool’s reporting capabilities are aligned with service objectives
• Confirm access to data sources that are required to enable reporting capabilities
• Confirm that Authorized Security Contacts and Designated Services Contacts can interact with the services as required

The Onboarding Checklist below is used to capture primary criteria:

• Connectivity solution configured, access to your environment is validated
• Supported Endpoint agent is deployed to at least 40% of your licensed assets
• Enhanced Team is credentialed with access to all in-scope customer tools
• Agreed-upon RACI and workflows are in use and providing expected results
• Agreed-upon operations guide is in use and providing expected results
• Playbooks tested by the Enhanced Team are providing expected results
• Tool and playbook training for the Enhanced Team successfully completed
• Validated that reporting capabilities meet service objectives and enable future service improvements
• Agreed-upon Governance framework established

At the end of the Integrate phase, which includes completing the checklist, you will be transitioned to Steady State on the agreed-upon end date of stabilization.

Suggested Resources ⫘

As part of your onboarding plans to ensure productive onboarding and integration of the service in your security practice, listed below are the roles we suggest that you include from your organization.

Roles	Responsibilities
Security Engineer/Analyst	Management of Secureworks® Taegis™ XDR, application users, supported log source integrations, and event handling
System Administrator	Deployment of endpoint agent and Taegis™ XDR Collector, and hypervisor configuration
Network Engineer/Administrator	Configuration of logging for supported network devices
Security Manager	Integration of XDR into your organization's security practice and operating processes
Project Manager	Initiating, planning, executing, controlling, and closing the work of your team in alliance with the Secureworks project management resource, to achieve activation of XDR and the ManagedXDR service

Customer Responsibilities ⫘

Below are your primary responsibilities during onboarding to ensure a smooth transition from initiation to steady state. Additional responsibilities may arise as needed to support aspects of the implementation that are unique to your specific information systems and environment.

1. Provide contact information for initial XDR Administrator (Tenant Admin) registrant to be used by Secureworks to provision the XDR application.
2. Create user accounts for additional users of XDR and maintain all user accounts, ensuring that contact information for each user is complete and accurate.
3. Configure and manage hypervisor resources to support the deployment of XDR Collector.
4. Configure and maintain supported on-premises log source and cloud integrations in accordance with XDR log format requirements.
5. Deploy the XDR Collector and successfully configure at least one supported integration.
6. Deploy compatible Endpoint Agents on endpoints. Once at least 40% of Licensed Volume is deployed, the transition to Steady State can begin.
7. Respond to Secureworks communications in a timely manner and ensure attendance of the necessary customer POCs for all teleconferences to ensure timely completion of onboarding.