Version: 2019-09-27 Download

Overview

deepwatch Vulnerability Management (VM) solutions provide vulnerability identification and management of the customer’s enterprise IT environment. Currently, deepwatch offers two (2) VM solutions: Identify VM Standard and Identify VM Premium

deepwatch Identify VM Standard includes the following features and capabilities:

  • Initial Deployment or Health Check of VM Solution;
  • Management Services;
  • Knowledge Management; and
  • Support & Training.

deepwatch Identify VM Premium includes the following features and capabilities:

  • All deepwatch Identify VM Standard Features & Capabilities as described above;
  • Prioritized Remediation Recommendations;
  • Zero-Day Alerting and Response;
  • Remediation Advisory;
  • Vulnerability Hunting;
  • Remediation Stakeholder Outreach; and
  • Configuration Baseline Assessments.

Features & Capabilities

Identify VM Standard

Initial Deployment or Health Check of VM Solution

deepwatch deploys supported VM solutions when the customer does not already possess a supported VM solution. deepwatch performs all deployment tasks remotely and requires customer assistance for any physical or virtual appliance installations, agents deployed on customer computing devices, and provisioning of virtual machines.

Customers possessing a supported VM solution receive a health check prior to the transition of management and operational responsibilities to deepwatch. deepwatch then implements or assists with the recommended improvements identified during the health check once approved by the customer.

Management Services

deepwatch provides ongoing management services of a customer's VM solution to enable customer resources to focus on cybersecurity-relevant actions. deepwatch provides management services, health monitoring, and resolution for the following deepwatch deepstack Cloud SecOps Platform components.

Management Services

Reporting

Remediation Advisory

  • Scanner/Agent Onboarding
  • User Provisioning & Deprovisioning
  • VM Solution Upgrades & Patches
  • Troubleshooting
Out-of-the-Box Remediation Scanning as Requested
  •  Policy configuration
Zero-Day Vulnerability Alerts  
  •  Asset Exclusion/Inclusion
   
  • Authentication Monitoring 
   

Knowledge Management

deepwatch’s deepstack Cloud SecOps Platform utilizes ServiceNow’s Knowledge Management functionality to provide shared Knowledge Articles between deepwatch and the customer. In this context, deepwatch provides to the customer a predefined set of Knowledge Articles. Additionally, deepwatch develops for customer for review and approval custom Knowledge Articles within the ServiceNow platform. Knowledge Articles are reviewed at least every three (3) months during pre-defined meetings and as applicable during status meetings.

Support & Training

deepwatch serves as the primary contact for support of all deepwatch deepstack Cloud SecOps Platform components. In this regard, deepwatch provides the support traditionally provided directly from vendors. deepwatch maintains specific support agreements with deepstack Cloud SecOps Platform component vendors in order to address and seek to resolve support-related incidents in a prompt manner. deepwatch also provides customer personnel with training on the deepwatch deepstack Cloud SecOps Platform and its supporting components via in-person and video-based training as well as ServiceNow Knowledge Articles.

Identify VM Premium

In addition to all the features of Identify VM Standard, the deepwatch Identify VM Premium offering includes the following:

Prioritized Remediation Recommendations

deepwatch assigns a VM Subject Matter Expert (SME) that assists with prioritizing vulnerabilities within the customer's environment. The VM SME reviews relevant vulnerability intelligence and applies it against the SME’s knowledge of the customer's environment to ensure that the correct vulnerabilities are prioritized.

Zero-Day Alerting and Response

deepwatch VM SMEs advise customers of applicable Zero-Day vulnerabilities, including their potential impact on the customer. Upon Zero-Day release discovery, the VM SME reviews data gathered from the customer's VM solution and attempts to identify assets within the customer's environment vulnerable to the Zero-Day.

The VM SME then notifies the customer with a list of potentially vulnerable assets within the customer’s environment, along with remediation recommendations to mitigate or resolve the vulnerability.

Remediation Advisory

deepwatch VM SMEs also analyze the customer's VM solution results and provide feedback on how to best mitigate or remediate a particular vulnerability. Recommendations typically include registry key entries, patching, device hardening, and/or the development of a business case to replace or update the vulnerable asset.

Vulnerability Hunting

deepwatch VM SMEs perform active vulnerability hunting within the customer's VM solution in order to try to detect potentially malicious software, configurations, ports, and/or services running based on the customer's requirements or recommendations.

Remediation Stakeholder Outreach

deepwatch VM SMEs reach out to designated customer stakeholders in an effort to serve as an extension of the customer’s cybersecurity team. VM SMEs specifically work with designated stakeholders in the planning, documenting, and remediation activities related to vulnerabilities requiring in-depth analysis.

Configuration Baseline Assessments

deepwatch analyzes customer-provided configuration baselines to conduct configuration baseline assessments. Customers utilize these assessments for the purpose of confirming device compliance with applicable configurations. deepwatch also supports configuration baselines supported by the customer's VM solution. Customers may request up to ten (10) configuration baselines.

Assumptions & Expectations

Authentication

Customers must implement deepwatch's identity solution in order to access the deepstack Cloud SecOps Platform as well as the customer's VM solution. Each customer must federate existing authentication from its identity provider or utilize deepwatch's identity solution as an identity provider in conjunction with deepwatch’s Zero-Trust remote access solution.

VM Solution Dependencies

Each customer is responsible for the deployment of the VM solution including software agents, scanners, and additional cloud connectors within the customer's environments.

The customer is also responsible for ensuring the VM solution, all in-scope devices, and cloud connectors are compatible with and able to communicate with the VM solution management console.

Support

The customer's VM solution must be on the deepwatch Supported VM Solutions list set forth here as may be modified by deepwatch from time to time. Additionally, each customer must maintain active support contracts for all in-scope VM solutions from the product device vendor and add designated deepwatch personnel to the customer's vendor support entitlements.

Travel & Expense

Each customer acknowledges and agrees to follow the deepwatch travel and expense policy provided here.

Virtual Appliance Deployment Assumptions

Each customer must provide a virtual machine infrastructure capable of hosting Linux virtual appliance(s) managed remotely by deepwatch. Each customer must also install a virtual appliance(s) on its virtual machine infrastructure. deepwatch VM SMEs will provide specific virtual machine requirements and specifications during the Onboarding process.

Customers must allow outbound TCP/443 access from their infrastructure environment(s) virtual appliance(s) via the Symantec Secure Access Cloud Zero-Trust solution. Customers are responsible for the virtual appliance infrastructure (host) and networking and deepwatch is responsible for the virtual appliance(s) (guest(s)).

[ Home ]