My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Critical Insight, Inc. 5/2/2023
>
Contracts
>
Agreement
>
Other Procurement Agreements
>
Critical Insight, Inc. 5/2/2023
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/14/2024 3:44:46 PM
Creation date
6/2/2023 11:56:10 AM
Metadata
Fields
Template:
Contracts
Contractor's Name
Critical Insight, Inc.
Approval Date
5/2/2023
Council Approval Date
1/1/1999
End Date
5/17/2030
Department
Information Technology
Department Project Manager
Steven Hellyer and Kevin Walser
Subject / Project Title
Managed Detection and Response Services
Tracking Number
CB 2023-056 MDR Services
Total Compensation
$1,087,010.00
Contract Type
Agreement
Contract Subtype
Other Procurement Agreements
Retention Period
6 Years Then Destroy
Imported from EPIC
Yes
Document Relationships
Critical Insight, Inc. 3/14/2024 Amendment 1
(Contract)
Path:
\Documents\City Clerk\Contracts\Agreement\Other Procurement Agreements
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
17
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
<br />Critical Insight® and the Critical Insight logo are the trademarks of Critical Insight, Inc. <br />©2023 Critical Insight, Inc. All rights reserved. <br />4 <br /> <br />• FOR DATA STREAMS THAT INCLUDE FUNCTIONALITY THAT <br />ENABLES CI TO TAKE ACTION IN THE CUSTOMER <br />ENVIRONMENT, CI WILL WORK WITH THE CUSTOMER TO <br />PERIODICALLY TEST ACTIONS TO ENSURE SERVICE QUALITY. <br />MANAGED <br />DETECTION AND <br />RESPONSE <br />(CI-MDR) <br /> <br />RESPONSE: <br />• INVESTIGATION TICKET CREATED AND ASSIGNED TO CI ANALYST <br />WITH A GOAL TO CONCLUDE THE INVESTIGATION WITHIN THE <br />SPECIFIED SLA (SEE SLA AGREEMENT) <br />• ANALYSTS INVESTIGATE AND ATTEMPT TO CONFIRM AN INCIDENT <br />HAS OCCURRED BY ANALYZING RELEVANT AND AVAILABLE DATA <br />• IN THE COLLECTOR ENVIRONMENT, “RELEVANT DATA” REFERS <br />TO THE PACKET CAPTURE, NETWORK FLOWS AND SYSTEM LOGS <br />FROM 30 SECONDS PRIOR TO UNTIL 30 SECONDS AFTER THE <br />SUSPECT ACTIVITY IN STANDARD INVESTIGATIONS. WHEN <br />WARRANTED, THE TIME PERIOD MAY EXPAND. <br />• FOR ALL OTHER ENVIRONMENTS, RELEVANT AND AVAILABLE <br />DATA REFERS TO ALL DATA THAT CI IS ABLE TO CAPTURE AND <br />EFFECTIVELY MONITOR FROM THE APPROVED DATA STREAMS. <br />• CONFIRMATION OCCURS WHEN EVIDENCE OF ATTACK OR <br />COMPROMISE IS VERIFIED BY A CI ANALYST <br /> <br />TIERED RESPONSE: <br />• FOR ALL CONFIRMED INCIDENTS, NOTIFY CUSTOMER WITHIN THE <br />SPECIFIED SLA (SEE SLA AGREEMENT) <br />• FOR URGENT OR HIGH SEVERITY INCIDENTS, A FINAL INCIDENT <br />ACTION PLAN WILL BE DELIVERED TO CUSTOMER AT THE TIME THAT <br />ALL RELATED TICKETS ARE CLOSED. THE REPORT WILL INCLUDE: <br />• SUMMARY OF INCIDENT <br />• SUMMARY OF ANY CONFIRMED ACTIONS TAKEN (BY CI AND/OR <br />CUSTOMER) <br />• FINAL STATUS AND/OR RESOLUTION <br /> <br />RAPID QUARANTINE: <br />• IF CUSTOMER HAS A DATA STREAM THAT INCLUDE ACTIONS SUCH AS <br />ISOLATING ENDPOINT,QUARANTINE ENDPOINT, OR BLOCK ACCOUNT <br />THE CUSTOMER CAN COMPLETE A RAPID QUARANTINE PLAYBOOK TO <br />AUTHORIZE CI TO TAKE ADDITIONAL REMEDIATION ACTIONS. <br />• CI WILL TAKE ACTIONS GOVERNED BY THE MUTUALLY AGREED RAPID <br />QUARANTINE PLAYBOOK WHEN ANY INVESTIGATION REACHES THE <br />THRESHOLDS DETERMINED IN THE PLAYBOOK. <br />• ONCE AN INVESTIGATION REACHES THE THRESHOLDS, CI WILL EXECUTE <br />ACTIONS DETAILED IN THE RAPID QUARANTINE PLAYBOOK WHICH MAY <br />INCLUDE BUT ARE NOT LIMITED TO: <br />• USE AN EDR PRODUCT TO QUARANTINE AN ENDPOINT <br />• USE MICROSOFT AZURE ACTIVE DIRECTORY TO BLOCK AN ACCOUNT <br />• REACH OUT TO CUSTOMER FOR APPROVAL TO QUARANTINE <br />• NOTIFY CUSTOMER OF INCIDENT <br />
The URL can be used to link to this page
Your browser does not support the video tag.