deepwatch Endpoint Solutions provide monitoring, management, and operation of customer’s Endpoint Detect and Response (EDR) solutions. deepwatch currently offers one endpoint solution; Protect Endpoint.
deepwatch Protect Endpoint includes the following features and capabilities:
deepwatch configures customer’s centralized EDR management solution for new implementations or performs a health-check and reconfiguration of existing centralized EDR management solutions.
deepwatch configures customized endpoint profiles or modifies existing endpoint profiles based on a combination of vendor recommendations, customer input, and deepwatch experience. These profiles are adjusted throughout the subscription duration at the customer’s request. The number of profiles included in the Protect Endpoint subscription is identified in each customer’s Order Form.
In collaboration with customer, deepwatch develops the appropriate governance rules in order to identify the following:
deepwatch monitors customer EDR solutions for notable events, operational issues, and overall health by integrating the EDR solutions into deepwatch’s deepstack Cloud SecOps Platform.
deepwatch performs platform configuration and patch management on behalf of deepwatch customers for in-scope EDR solution components. This includes updating the platform software and firmware as well as implementing changes requested via the deepwatch portal. Customer requests are prioritized and performed during the agreed upon maintenance window. Changes that cannot be addressed during the maintenance window are addressed at the next mutually agreed upon maintenance window.
deepwatch reviews all requested changes and identifies any technical issues with performing any requested change prior to scheduling the proposed software update and/or configuration change during the maintenance window.
deepwatch performs profile changes as approved by customer during the designated maintenance windows. deepwatch reviews all requested changes and identifies any technical issues with performing any requested change prior to scheduling the proposed profile change during the maintenance window. Customers may request up to five (5) emergency profile changes per month outside of the mutually agreed upon maintenance window.
deepwatch takes customer authorized active response actions utilizing the capabilities of the customer’s EDR solution. Common examples include:
Active response actions not included as native functionality within the customer EDR solution are not in-scope for deepwatch’s Protect Endpoint solution.
deepwatch’s deepstack Cloud SecOps Platform utilizes ServiceNow’s Knowledge Management functionality to provide shared Knowledge Articles between deepwatch and customer. deepwatch provides a predefined set of Knowledge Articles to customer. Additionally, custom Knowledge Articles are developed by deepwatch within ServiceNow, which notifies customer for review and approval. Knowledge Articles are reviewed at least every three (3) months during pre-defined meetings and as applicable during status meetings.
deepwatch serves as the primary contact for customer personnel for support of all deepwatch deepstack Cloud SecOps Platform components. In this context, deepwatch provides the support traditionally provided directly from vendors. deepwatch maintains specific support agreements with deepstack Cloud SecOps Platform component vendors in order to address and seek to resolve support related incidents in a prompt manner. deepwatch provides customer personnel with training on the deepwatch deepstack Cloud SecOps Platform and its supporting components via in-person and video-based training as well as ServiceNow Knowledge Articles.
Customer must implement deepwatch's identity solution to access the deepstack Cloud SecOps Platform as well as customer’s centralized EDR management solution. Customer must federate existing authentication from its identity provider or utilize deepwatch's identity solution as an identity provider in conjunction with deepwatch’s Zero-Trust remote access solution.
Customer acknowledges and agrees to provide access to in-scope centralized EDR management solutions to facilitate solutions delivery.
Customer must hold an active deepwatch Detect Analytics subscription or execute a deepwatch Detect Analytics subscription before the start date for its deepwatch Protect Endpoint subscription.
Customer is responsible for the deployment of the EDR solution software agents on its endpoint devices.
Customer is also responsible for ensuring EDR solution software agents are able to communicate with the centralized EDR management solution.
Each in-scope EDR solution must be on the deepwatch Supported Endpoint Solutions list set forth here as may be modified by deepwatch from time to time Additionally, customer must maintain active support contracts for all in-scope EDR solutions from the product device vendor and add deepwatch personnel to customer’s vendor support entitlements.
Customers acknowledge and agree to follow the deepwatch travel and expense policy provided here.
Customer must provide a virtual machine infrastructure capable of hosting Linux virtual appliance(s) managed remotely by deepwatch. Customer must also install virtual appliance(s) on its virtual machine infrastructure, configured with at least the following specifications:
Customer must allow outbound TCP/443 access from their environment(s) virtual appliance(s) via the Symantec Secure Access Cloud Zero-Trust solution. Customers are responsible for the virtual appliance infrastructure (host) and networking and deepwatch is responsible for the virtual appliance(s) (guest[s]).