Incident Management Retainer Services Catalog Overview
Overview ⫘
This catalog contains information about the standardized Proactive Services that are available with the Incident Management Retainer (IMR) through use of Service Units only.
This catalog contains a wide range of services that include development of Incident Response / Incident Management capabilities and sustainment services to help reduce the risks and impacts of cyber incidents. The scope for each service is fixed (Secureworks-defined standard scope) and includes defined outcomes; however, Secureworks can work with you to reasonably customize the scope if needed, at the discretion of Secureworks. Depending on your needs, recommendations from Secureworks, available personnel, and other considerations, the services may be conducted remotely or on-site. Any deviations from this Service Catalog shall require a change order.
The Service Unit values listed in this catalog are based on your organizational or network infrastructure size and are subject to adjustment based on the specific engagement objectives and desired outcome.
All services in this catalog, including related communication and documentation, are delivered in English. Local language options may be available; ask your Secureworks Incident Response point of contact.
Initiating Proactive Services ⫘
To initiate any of the Proactive Services listed in this catalog, use one of the following options:
-
Send an email to irservices@secureworks.com
-
Create a ticket in the Ticketing System; see the IMR Ticketing Guidance for instructions
If you do not have sufficient Service Units to initiate a proactive service listed in the catalog, or you want to purchase Service Units, then send an email to irservices@secureworks.com for assistance. You acknowledge and agree that receipt of such email will be from a representative of your organization authorized to commit to your organization to the purchase of additional Service Units and email notification is binding upon your organization.
If you need Emergency Incident Response services, then contact your Secureworks representative to discuss exchanging Service Units for Emergency Incident Response services.
NOTICE: If you purchased the Incident Management Retainer through a Secureworks partner, then you must contact that partner for all purchases including Service Units.
Scheduling and Billing ⫘
If you purchased the Essential or the Essential Plus IMR, then the initial Proactive Services Roadmap and the schedule for delivering services that are listed in this catalog are defined during the IMR Planning Workshop. If you purchased other IMR tiers, then you can use the process explained above to purchase and schedule delivery of services.
For the services listed in this catalog, you will be billed according to the Billing Terms indicated in your Statement of Work. See Service Scheduling and Billing and Utilization of Resources for more information.
Services ⫘
Listed in the tables below are Proactive Services and the number of Service Units required. Many Proactive Services have sizes, which represent the fixed scope efforts: small (S), medium (M), and large (L). In addition, Secureworks can provide the following:
- Programs: Ransomware Preparedness Program: helps your organization understand your level of exposure; evaluate and exercise your ability to detect and respond to a ransomware attack
- Technical Assistance Services: fixed-scope technical requests with structured outcomes
Incident Readiness Services ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| Incident Response Plan Development | 12 | 16 | 24 |
| Incident Response Plan Review | 8 | 16 | 20 |
| Incident Response Playbook Development | Between 4 and 8 depending on subject of playbook and amount of pre-existing planning | ||
Testing and Validation Services ⫘
Application Security ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| Custom Application Security Assessment | 16 | - | 24 |
| Mobile Application Security Assessment | 8 | - | - |
| Secure Code Analysis | 10 | 16 | 22 |
| Web Application Security Assessment | 8 | 12 | 16 |
| Web Service/API Test | 8 | 12 | 16 |
Penetration Testing ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| External Penetration Test | 8 | 16 | 32 |
| Internal Penetration Test | 8 | 16 | 32 |
| Physical Security Testing | 8 | 16 | - |
| Wireless Network Penetration Test | 8 | 16 | 24 |
Specialized Testing ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| Device Penetration Test | 16 | - | - |
| Laptop Penetration Test | 8 | - | - |
| Medical Device Test | 16 | - | - |
| SAP Penetration Test | 16 | - | - |
Security Awareness ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| Phishing Drill - Click and Log | 8 | 16 | - |
| Phishing Drill - Credential Capture | 16 | 24 | - |
| Vishing Drill | 8 | 16 | - |
Security Assessments ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| Active Directory Security Assessment | 10 | 20 | 40 |
| Entra ID Security Assessment | 12 | 24 | 46 |
| Password Cracking and Analysis Assessment | 4 | - | - |
| Threat Hunting Assessment | 10 | 18 | 24 |
| Vulnerability Assessment | 4 | 8 | 12 |
Threat Intelligence Services ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| EBS Info Brief | 8 | - | - |
| Threat Landscape Brief | 4 | - | - |
| Threat Intelligence Support Services | Varies depending on selection | ||
Workshops and Exercises ⫘
Secureworks Adversary Group-led Exercises ⫘
| Service Name | Lite | Standard | Immersive | Add-on |
|---|---|---|---|---|
| Service Units Required | ||||
| Collaborative Adversary Exercise | 4 | 8 | 16 | Replay: 4 |
| Adversary Emulation Exercise | 16 | 36 | - | Extra Time: 8 per week |
| Adversary Simulation Exercise | 16 | 36 | - | Extra Time (1 week): 8 Physical security attacks (1 location): 16 Wireless (1 location): 8 |
See the Adversary Exercises page for more information.
Incident Response-led Exercises ⫘
| Service Name | S | M | L |
|---|---|---|---|
| Service Units Required | |||
| Functional Exercise | 16 | 24 | - |
| Incident Response Fundamentals Training | Varies depending on selection | ||
| Incident Response Tabletop Exercise | 8 | - | - |