Version: 2019-05-10 Download

Overview

deepwatch Vulnerability Management (VM) solutions provide monitoring and management of the Customer’s VM environment. Currently, deepwatch offers two (2) VM solutions: Identify VM Standard and Identify VM Premium.

deepwatch Identify VM Standard includes the following features and capabilities:

  • Deployed & Managed VM Solution;
  • Initial deployment of a new VM Scanning Solution -or- Health Check of an existing VM Scanning Solution
  • Internal/External Assessments (Agent-based & Agent-less);
  • Out of Box Dashboards/Reporting Management

deepwatch Identify VM Premium includes the following features and capabilities:

  • All deepwatch Identify VM Standard features & capabilities;
  • Custom Dashboards & Reports;
  • Prioritized Remediation Recommendations
  • Fully Managed VM Program;
  • Remediation Stakeholder Outreach;
  • VM Program Continuous Improvement; and
  • Configuration Baseline Assessments.

Features & Capabilities

Identify Vulnerability Management Standard

deepwatch Managed VM Solution

deepwatch provides ongoing services of Customer’s VM environment to enable Customer’s resources to focus their efforts on cybersecurity-relevant actions. deepwatch provides management services, health monitoring and resolution for the following deepwatch Platform components.

Management Services

Reporting

Remediation Advisory

  • Scanner/Agent Onboarding
  • User Provisioning & Deprovisioning
  • Vulnerability Management Solution Upgrades & Patches
  • Troubleshooting
Out-of-the-Box Remediation Scanning as Requested
 Policy configuration Zero-Day Vulnerability Alerts  
 Asset Exclusion/Inclusion    
Authentication Monitoring     

Deployment or Health Check

deepwatch will deploy the supported vulnerability scanning solution in the event that the Customer does not already have the solution deployed. deepwatch will perform all deployment tasks remotely and will require the assistance of the Customer for any physical or virtual appliance installations, agents deployed on Customer computing devices, and provisioning of virtual machines for the purposes of hosting part of the VM scanning solution.

For a Customer who already has a supported vulnerability scanning solution deployed, deepwatch will perform a health check of the deployed solution as part of the transition of management and operational tasks to deepwatch. deepwatch will then implement or assist with the recommended improvements that are approved by the Customer as a result of the health check process.

Knowledge Management

The deepwatch Platform utilizes ServiceNow’s Knowledge Management functionality to provide shared Knowledge Articles between deepwatch personnel and Customer. deepwatch provides a pre-defined set of Knowledge Articles specific to Customer. Additionally, custom Knowledge Articles are developed by deepwatch personnel within ServiceNow, which notifies Customer’s personnel for review and approval. Knowledge Articles are reviewed at least every three (3) months during pre-defined meetings and as applicable during weekly status meetings.

Support & Training

deepwatch serves as the primary contact for Customer’s personnel for support of the all deepwatch Platform components. As such, deepwatch provides the support traditionally provided directly from vendors such as Qualys, Tenable, Kenna, Demisto, and Anomali. deepwatch maintains specific support agreements with deepwatch Platform component vendors to accelerate support related incidents. deepwatch provides Customer’s personnel with training on the deepwatch Platform and its supporting components via in-person and video-based training, and knowledge articles.

Identify Vulnerability Management Premium

In addition to all the features of Identify Vulnerability Management Standard, Premium includes the following:

Prioritized Vulnerability Recommendations

deepwatch provides a Vulnerability Management Subject Matter Expert that will help prioritize vulnerabilities within the customer’s environment. The VM SME will take vulnerability intelligence and apply the intelligence against their knowledge of the customer’s environment to ensure that the correct vulnerabilities are being prioritized to protect the critical assets within the environment.

Zero-Day Alerting and Response

Deepwatch’s Vulnerability Management Subject Matter Expert will notify customers of applicable Zero-Day vulnerabilities and notify them of the potential impact. Upon being notified of a Zero-Day being released, the VM SME will review data gathered from the Vulnerability Management solution and attempt to identify assets within the environment that are vulnerable to the Zero-Day prior to detection from the VM solution being deployed or created.

The VM SME will then notify the customer with a list of the assets that could be vulnerable to the Zero-Day and provided recommendations on how a customer should respond to the vulnerability in order to mitigate or resolve the issue.

Remediation Advisory

deepwatch provides Vulnerability Management Subject Matter Experts that will analyze results from the Vulnerability Management Tool and provide feedback on how to mitigate or remediate a particular vulnerability to your security team. Recommendations would include registry keys, patching, hardening controls, or the writing of a business case to replace or update the asset in question with providing security context around the vulnerability.

Vulnerability Hunting

Active hunting within your Vulnerability Management Solution to discover unwanted software, configurations, ports, or services running within the environment based on customer requirements or recommendations.

Remediation Stakeholder Outreach

The Vulnerability Management Subject Matter Expert will reach out to key stakeholders, provided by the customer, and work as a full extension of the security team. During this time the VM SME will work with stakeholders in planning, documenting, and remediation activities that need specific assistance in why they were detected or how to implement them in an effective and safe environment.

Configuration Baseline Assessments

deepwatch will work with baselines provided by the Customer to perform configuration baseline assessments. These assessments are for the purpose of confirming that a set group of endpoint systems comply with a defined standard accepted by the Customer. deepwatch will support any baseline that is natively available or readily imported, into the supported vulnerability management tool. deepwatch reserves the right to limit the number of baselines to ten (10) per customer.

Volume Tier

deepwatch Vulnerability Management is segmented into tiers based on the number of live IP addresses being actively scanned by the vulnerability scanning tool or tools being utilized for this solution. Deepwatch will provision to provide this solution for up to the number of IP’s identified on the Order Form, including keeping up to one year of vulnerability scan data for historical review and compliance evidence.

deepwatch will perform discovery scanning on all networks appropriately owned or managed by the Customer as allowed by the EULA associated with the vulnerability scanning tool or tools in use.

Assumptions & Expectations

Authentication

Customer will utilize deepwatch's identity solution to access deepwatch-related systems. Examples include Splunk, Demisto, and ServiceNow. Customer may federate existing authentication from their identity provider or may utilize deepwatch's identity solution as an identity provider.

Virtual Appliance Deployment Assumptions

Customer will provide a virtual machine infrastructure capable of hosting Vulnerability Management Solution in which the scanners will be configured with recommended settings from the VMS. The deepwatch Vulnerability Management team will provide recommended changes to standard configuration based on the customer’s environment.

Customer will allow outbound TCP/443 access from Customer environment virtual appliance(s) via the Luminate.io zero-trust solution. Customer is responsible for the virtual appliance infrastructure (host) and networking, while deepwatch is responsible for the virtual appliance(s) (guest[s]).

Endpoint Interaction

Customer will be responsible for deploying scanning agents onto Customer endpoints as needed, with guidance provided by deepwatch as appropriate. Scanning agent system requirements and installation instructions vary by technology.

Customer will be responsible for all direct interaction with scanning targets, and for defining any systems which must be explicitly excluded from scanning.

Travel & Expense

Customer acknowledges and agrees to follow the travel and expense policy provided here.

[ Home ]