Managed Detection & Response (MDR)

DeepSeas Managed Detection & Response services (MDR) provide monitoring, detection, analysis, and response to validated security threats within client environments enrolled in one or more DeepSeas' MDR offerings. The DeepSeas Cyber Defense Team evaluates alerts generated by security monitoring technologies deployed within Client environments. When DeepSeas determines that an alert is a legitimate threat to the security of the Client's environment, a threat notification report will be delivered that provides detailed information associated with the threat and recommended courses of action. DeepSeas can also perform response actions, as necessary, in support of responding to threats.

Service Elements

1. Threat Detection - DeepSeas threat detection provides review of alerts from, proactive enterprise search of, and targeted threat hunting using Client security monitoring tools to identify and prioritize cyber threats based on the Managed Detection and Response Service/s purchased:
   1. Endpoint
   2. XDR
   3. Network
   4. OT
   5. SIEM
   6. Email
2. Threat Notification - Threat Notification reports are generated by DeepSeas cyber defense analysts to describe the nature, context, and severity of a validated threat along with remediation recommendations.
3. Threat Response - DeepSeas cyber defense analysts provide Clients with response guidance and/or response actions for resolving threats. Response actions are defined in a mutually approved Client MDR Runbook document.
4. Curated Threat Intelligence - DeepSeas applies curated detection logic and analytics to security monitoring tools deployed in client networks to improve the effectiveness of threat detection and response. DeepSeas MDR clients benefit from continuous technical threat intelligence updates that are applied to tools and platforms managed by DeepSeas. DeepSeas' cyber threat intelligence research team employs a rigorous methodology to generate, curate and publish threat intelligence analytics and detection signatures that are used to enhance the detection technologies deployed within Client networks. The application of cyber threat intelligence improves threat detect and response through timely identification of adversary techniques and indicators and provides increased threat context during response activities.
5. DeepSeas Cyber Defense Platform and Client Portal - DeepSeas Cyber Defense Platform provides customers with a cloud-hosted technology architecture that supports data collection, analysis, automated response, and reporting capabilities across multiple attack surfaces. The DeepSeas Client Portal provides validated threat notification information, threat details, remediation support recommendations, and other information related to the level of service stipulated in the Statement of Work. The Client Portal provides: (a) Threat Notification and Case Management tracking solution which provides visibility into case activities such as real-time threat investigation information, case status, and other actionable information that the Client can use to review and mitigate a validated threat. (b) Metrics and Reporting Insights that quantify the status of Client's MDR services. (c) Knowledge Management Documentation describing the MDR service features and common Client questions. (d) The Ability to Submit questions and Support Requests to the DeepSeas Cyber Defense Team 24x7x365.
6. 24x7 Customer Hotline - The DeepSeas MDR Client Hotline allows Clients to contact the DeepSeas Cyber Defense Team 24 hour a day, 365 days per year through a dedicated client telephone number.

Onboarding Process

1. Threat Response Plan - During onboarding, DeepSeas will work closely with Client stakeholders to jointly develop a Client MDR Runbook, which will detail individual responsibilities for responding to Threat Notifications delivered by DeepSeas. Response actions are typically categorized as one of the following: 
2. Guided Threat Response - Guided Threat Response, also referred to as "Little r," provides clients with recommended response actions that the Client's internal team should complete to contain, mitigate, or remove a threat identified in a DeepSeas Threat Notification.
3. Proactive Threat Response - Proactive Threat response, also referred to as "Big R," includes specific threat containment response actions performed by DeepSeas based upon a defined MDR runbook. Proactive response actions may be combined with guided response actions to facilitate incident resolution. Example proactive response capabilities include endpoint system containment, proxy modification, firewall modification, and custom API integrations.
4. Incident Response - DeepSeas recommends that clients have a retainer with an incident response team in place. Included in the MDR services DeepSeas may recommend client activation of a pre-negotiated incident response retainer to provide dedicated investigation, triage, recovery, and remediation.

The following tables describe DeepSeas' service level agreements (SLAs) and service defaults:

[For example, if the monthly service charge is $10,000 and two (2) service level defaults occur within a given month, then the monthly service charge for that month shall be reduced by 5% (i.e. $500), resulting in a net monthly service charge of $9,500 for that month.]

DeepSeas' Cyber Defense Team identifies potential security threats in Client environments using a combination of alert enrichment and review, open and closed source cyber threat intelligence, enterprise data search, and targeted cyber threat hunting. When DeepSeas identifies and validates a potential security threat in a monitored Client environment, a Threat Notification report is documented and delivered to the Client in alignment with a scaled threat severity model. Threat Notification reports are created in the form of a case event in the DeepSeas client portal. Depending on the threat severity, direct contact is made in accordance with the Client-provided notification escalation order, per the Client MDR Runbook and as described below: