XDR Health Check

Professional Services Health Check

Service Overview ⫘

Periodically, you may want to understand how well you are leveraging your Secureworks® Taegis™ platform and how your automated processes, custom rules, reporting, and technology integrations are benefitting your security posture. The Secureworks® Taegis™ XDR Health Check focuses on your XDR tenant and provides actionable recommendations to drive better platform adoption and maximize value from your investment.

The XDR Health Check provides a complete tenant overview, but chiefly focuses on three key areas of operation:

• Data Ingestion
• Automations
• Customizations

Data Ingestion ⫘

XDR searching and alerting capabilities are dependent on data ingested from your assets and cloud services. This data needs to be normalized and parsed inline with our detailed requirements to ensure correct schema alignment. In this module, we analyze the integration and asset data coming into XDR and provide feedback when we observe sub-optimal data ingestion practices, ensuring that you can be confident that your event data is maximizing XDR detection possibilities.

Automations ⫘

Through our engagements with our customers, we know that many Security Operations Centers are resource constrained. To reduce the potential impacts of this challenge, process automation and proactive responses are a core feature of XDR. In this section of the Health Check, we analyze the current utilization of the playbooks and connectors in your tenant and provide actionable feedback as to where improvements can be made. We will also make recommendations for additional automations that would benefit based on your integrated assets as well as alert trends and investigation handling.

Customizations ⫘

Every business has its own use cases that can be linked to regulatory requirements or internal security use cases. To support these needs, XDR provides multiple opportunities for customization including:

• Custom rules for business defined use cases
• Custom parsers to normalize and parse data from currently-unsupported data sources
• Custom automations providing proactive responses or enrichment and notification of SOC processes
• Auto investigations to promote alerts of interest to SOC personnel
• Service, platform, and operational reporting

To ensure that you are using these important features optimally, we analyze and document your use of these areas and provide actionable, best-practice recommendations for enhancement.

Report Delivery ⫘

Once all of the modules have been analyzed, we will create a report and present our findings to you for discussion. The report will provide an overview of the perceived tenant health aligned to the three core areas and the observations and recommendations for each area. All of our recommendations are actionable, meaning that changes can be made within the tenant to immediately improve and enhance your XDR experience.

Enhancement Session ⫘

The final element of the Health Check is the Enhancement Session. This three-hour session will look to implement as many of the recommendations made within the report as possible to enhance your XDR experience. Typical outcomes from these sessions can include:

• New asset or integration onboarding assistance
• XDR standard playbook creation
• XDR custom rule or report creation
• Ad-hoc training on XDR-related topics

Scheduling and Booking Information ⫘

To find out more or to book an XDR Health Check, contact your Account Manager or Customer Success Manager.