Email MDR – Advanced Service

DeepSeas' Advanced Email Managed Detection and Response Service ("Advanced Email MDR") delivers continuous monitoring of user-reported email phishes, 'trace & purge' response support and open-source threat intelligence analysis. Suspicious emails reported by Customer users are isolated and aggregated in a separated, controlled cloud environment and forwarded to the DeepSeas' Cyber Defense Platform for human analysis, triage and disposition. Our team of highly experienced security analysts leverage superior tradecraft to review suspicious emails for evidence of phishing, malware, social engineering, zero-day exploits and other potential cyber threats that are delivered by email. For confirmed phishes, DeepSeas will work to ensure the malicious emails are removed from all Customer inboxes while providing added context around the attacker and campaign.

Service Elements

DeepSeas Email MDR includes the following service elements:

• Customer users who report suspected phishes receive an initial response acknowledging their submission.
• DeepSeas will update and maintain a "VIP list" so that responses to Customer VIP users who submit suspected phishes are prioritized and responded to first.
• Suspected phishes will be investigated within four (4) hours of their submission by a user.
• Upon disposition of the phish, Customer user will receive a notification of disposition based on a standard or client-specific template.
• If a true positive phish is confirmed, the Customer will be sent a notification detailing our findings.
• Whenever possible, DeepSeas will leverage open source intelligence to analyze malicious URLs and provide additional details about the sender and/or campaign.
• DeepSeas will conduct 'trace and purge' activities to remove true positive phishing emails from all user inboxes across the Customer's environment.
• When possible, DeepSeas will execute blocking actions according to a mutually-agreed playbook.
• DeepSeas will provide to Customer basic reporting about the Email MDR service performed on a monthly basis.

DeepSeas, together with the Customer, will complete the following process to onboard and initialize the Email MDR service:

1. Kick-Off - DeepSeas and the Customer participate in a joint call to confirm services, define a Customer MDR Runbook and notification template, and agree on other key details regarding the Services that shall be provided. During the Kick-Off, the Customer is introduced to their Technical Support Engineer (TSE) / Service Delivery Manager (SDM). (Estimated duration <1 week)
2. Integrate with DeepSeas Email Analysis Framework - DeepSeas will i) provide Customer with email forwarding address to establish a connection between Customer's Microsoft Outlook and the DeepSeas Email Analysis Framework; ii) add appropriate entitlement(s) in ServiceNow, and run a test phish to affirm appropriate workflows. (Estimated duration <1 week)
3. Service Optimization & Go-Live - DeepSeas services are fully operational and adjusted as needed to meet Customer needs, as defined in the Statement of Work. DeepSeas will provide reports and on-going communication to the Customer. (Estimated duration 2+ weeks)

• 'Trace and purge' requires appropriate access to Microsoft Defender console for DeepSeas analysts, or API access for automated trace and purge.