Technical Assistance Services
Technical Assistance Services ⫘
Service Overview ⫘
Technical Assistance Services for Incident Response ("IR") enable you to use the specialized capabilities and insights of Secureworks personnel for fixed scope technical requests with structured outcomes. The list of available Technical Assistance Services for IR is provided further below, and the services are delivered remotely.
Service Methodology ⫘
You are responsible for ensuring Secureworks has access to all information and data required to complete the request for Technical Assistance.
Technology Assistance Services are intended to address isolated technical concerns and are not a substitute for full-scale incident response or comprehensive technical analysis efforts. If you need on-site support, full-scale digital forensic analysis support, full-scale reverse engineering support, or full-scale incident response support, then Secureworks Emergency Incident Response services can be purchased separately.
Outcome ⫘
The format of the deliverable(s) that Secureworks provides to you varies depending on the type of Technical Assistance Service being requested and your data that is available. When technical analysis of data is conducted by Secureworks, a summary of findings and any other notable details discovered during the analysis process will be provided. Findings provided to you may also include recommendations to proceed with additional fixed scope analysis efforts, for you to transition to full-scale incident response efforts or other remedial efforts, or for you to consider leveraging other services catalog options. See the list of available Technical Assistance Services below.
List of Technical Assistance Services ⫘
-
Malware Analysis for isolated and previously collected samples not to exceed 1 sample per request
- Criteria/Scope: One (1) sample per Technical Assistance Service Request
- Service Units Required: 1
- Examples:
- Analysis of a suspicious email with an attachment that may be malicious
- Reverse engineering of malware to extract IOCs and artifacts related to the malware to aid identification of infected hosts and remediation
- Determine the functionality of a given malware sample, its malware family, and whether the threat is targeted
-
Threat infrastructure takedown for websites, domains, or IP addresses used for phishing campaigns or other malicious purposes that have a direct impact on your cybersecurity posture
- Criteria/Scope: One (1) threat infrastructure indicator and not to exceed 14 calendar days of Secureworks best efforts seeking takedown assistance from the appropriate Internet service providers, hosting providers, and domain registrars; Digital Millennium Copyright Act (DMCA) and brand infringement takedown requests are out of scope
- Service Units Required: 2
- Active Directory Password Analysis to provide you with insight into the passwords being used in your environment; items such as weak / predictable credentials and common password themes are provided in a report as well as other notable trends
- Criteria/Scope: For one (1) NTDS.DIT export from up to two (2) Active Directory domains, the NTLM-format hashes will be cracked and results will be provided in the form of a statistical summary report
- Service Units Required: 4