OT MDR – Standard Service

DeepSeas' Operational Technology (OT) Managed Detection and Response Service ("OT MDR") provides 24x7x365 threat detection, analysis, and response to potential threats found within Customer's manufacturing, industrial and/or other OT environment(s). Threats are detected and verified by the DeepSeas cyber defense analysts by reviewing alerts from an OT threat detection technology installed on Customer's (or the Customer's 3rd party) OT network. Threat detection includes monitoring of alerts by DeepSeas cyber defense analysts who triage, examine, and categorize alerts generated from a supported OT security technology.

Service Elements

• OT Security Asset Inventory: An inventory report that details OT assets in Customer monitored OT environments. OT Asset Inventory enables increased context and understanding of OT environments.
• OT Security Risk Reports
  • Vulnerability Risk Reports: A report that describes OT asset vulnerabilities and severity based upon asset visibility and threat intelligence.
  • Process Integrity Risk Reports: Reports that will leverage data from passive OT monitoring tools to provide customer with OT process integrity information.
  • Site Risk Profile Reports: A report that will provide Customer OT site staff with ta summary of security risks related to a specific OT site location.
• Validated Threat Notifications: Contextualized, prioritized, and actionable notification of cyber security threats that align ownership and enable clear action

DeepSeas has developed a library OT specific threat detection analytics that power alerts, dashboards, and reports within DeepSeas' Cyber Defense Platform to enable increased contextualization of the validated threat notifications and related reports. DeepSeas will update and tune OT threat detection analytics as necessary to meet the service outcomes defined by working with the Customer. As part of its OT MDR service DeepSeas will also provide an OT specific Customer MDR Runbook that describes general remediation recommendations to specific categories of OT threats. During the initial scoping discussions DeepSeas, in working with the Customer, will identify one or more Customer points of contact who will be responsible for response to Validated Threat Notifications that are created by DeepSeas.

DeepSeas will work with the Customer to create an implementation plan that will consist of gathering and confirming relevant information, scoping, and deploying OT data collection architecture, implementing detection rules, use cases and service activation. Together, DeepSeas and Customer will complete the following steps to onboard and initialize OT MDR:

1. Assess - DeepSeas and the Customer will conduct a series of workshops to understanding the existing OT environment. This will include topics such as existing OT security data sources, key stakeholders, skills needed to respond to validated threats within the OT environment. (Estimated duration 2-3 weeks)
2. OT Passive Monitoring Tool Deployment - If not already in place the Customer will deploy a supported OT passive monitoring tool and the centralized management console to the identified locations with the OT network to enable threat detection. Integration is confirmed when telemetry data flow from the OT Passive Monitoring Tool is established from the appliance(s) to DeepSeas. (Estimated duration 4+ weeks, depending on number of sites)
3. Baseline - As the data is integrated into DeepSeas Cyber Defense Platform, the DeepSeas Cyber Defense Team will begin monitoring the OT threat detection alerts and begin notifying the Customer of validated threats while creating a baseline for priorities, focus, and response. (Estimated duration 5+ weeks, depending on number of sites)
4. Enhancement - If additional data sources were identified during the assess step, DeepSeas will work with the Customer to onboard that data and configure ingestion of enrichment and source data. (Estimated duration 6 weeks)
5. Managed Operations - DeepSeas will provide Customer with remote services that deliver essential response actions as agreed on in customer contract. (Ongoing)