SIEM Platform Management (DeepSeas-Hosted)

The DeepSeas Platform Management service supports the Client’s overall security posture through the end-to-end oversight and management of the Client’s mission-critical cyber tools to ensure their optimal deployment and configuration and provide continuous monitoring and maintenance. 

The DeepSeas Technology Operations Center (TOC) delivers the Platform Management service. The TOC comprises experts and practitioners who employ vendor-specific knowledge, broad security experience, and industry best practices to provide tailored support for client environments. DeepSeas engineers will leverage principles and techniques from site reliability engineering and DevOps to achieve maximum uptime and flexibility of client security tools.

The objectives of the Platform Management Service for Security Incident and Event Management (SIEM) platforms hosted by DeepSeas are as follows:

• Sustain and enhance Client security posture by deploying, configuring, maintaining, and updating in-scope security tool(s) and infrastructure. 
• Optimize performance and reliability of critical security tool(s) through ongoing tuning and resource monitoring.
• Proactively update and patch security tool(s) to address vulnerabilities and improve functionality.
• Increase the return on investments in security tools and infrastructure.
• Apply cyber practitioner expertise to security infrastructure to strengthen overall cyber posture.

The following list describes the typical steps DeepSeas undertakes with the Client to onboard and initialize our Platform Management service. The estimated duration measures the time DeepSeas requires to complete the tasks performed by DeepSeas personnel. The Client will be required to take actions to enable DeepSeas personnel; these tasks are not included in the duration estimates.

1. KICK-OFF (Estimated Duration: <1 Week) - DeepSeas and the Client participate in a joint call to confirm services, establish the current and desired state of tool deployment, validate access requirements, and begin any user provisioning processes.
2. INITIAL DEPLOYMENT, CONFIGURATION & VALIDATION (Estimated Duration: 1-2 Weeks) - DeepSeas and the Client will work together to complete any deployment activities. DeepSeas will finalize and validate the initial operating configuration.
3. ESTABLISH MONITORING AND CONFIGURATION STANDARDS (Estimated Duration: 1 Week) - DeepSeas will integrate the cyber tool into our monitoring systems and validate performance and availability visibility. DeepSeas will document the baseline configuration and establish available safeguards to prevent unauthorized changes.
4. SERVICE OPTIMIZATION AND GO-LIVE (Estimated Duration: Ongoing) - DeepSeas service is fully operational and adjusted as needed to meet the Client’s needs, as defined in the statement of work.

The following tables describe DeepSeas' service level agreements (SLAs) and service defaults:

Client responsibilities are summarized below:

• Provide access and permissions, as required by the specific technology, to DeepSeas TOC personnel. 
• Provide points of contact for notification and collaboration to deliver the service.
• Conduct the administration, operation, and management of tools and systems outside of the scope of service, which may be required to enable the deployment and configuration of the cyber tool

Clients contracting IT services with another Managed Service Provider (MSP) may have that provider fulfill these responsibilities.

DeepSeas responsibilities are summarized below:

• Provide a monitoring system for monitoring the performance and availability of the cyber tool.
• Manage support requests with the cyber tool vendor.
• Provide support for critical outages of the cyber tool.
• Provide a change management process, or integrate the TOC with your existing change management process.
• Provide all required personnel information of TOC team members who may require user accounts within your identity system.