XTIUM MDR Service Description

1.0    Introduction

XTIUM Managed Detection and Response (MDR) is a comprehensive service provided by XTIUM. The service is designed to protect and secure customers' IT environments by offering 24/7 monitoring, detection, and response to potential security threats. Through the Workbench SaaS-based platform that XTIUM offers as part of XTIUM MDR, the XTIUM Security team gains real-time visibility into alerts, incidents, and investigations, ensuring a proactive approach to security management. We do this through the ingestion of many different security tools to enable end-to-end visibility and response capability.

1.1    Core Service

The primary purpose of XTIUM MDR is to provide continuous security operations, ensuring that organizations are protected from both internal and external cybersecurity threats. The service leverages state-of-the-art tools, processes and methodology to deliver actionable insights, threat detection, and response capabilities tailored to each customer’s environment.

1.2    Executive Summary

Through the combined strength of our 24/7/365 global security operations team, our XTIUM Security Workbench Platform and the aggregation of industry-leading security tools, the scope of the XTIUM MDR service includes:

• 24/7/365 Proactive Security Monitoring: Identifying potential risks before they escalate by including continuous analysis of security events to detect potential breaches.
• Incident Response: Utilizing best practices, including containment, eradication, and remediation processes as defined by the NIST Computer Security Incident Handling Guide.
  • Our Incident Response is AI-driven: We utilize world-class security incident automation platforms that respond with real-time threat investigations as suspicious activity is occurring, not afterwards. With our AI driven SecOPS platforms we filter out the most important critical security threats out of tens of millions of events which enables our SOC Analysts to respond to the most important threats first. Reducing Alert Fatigue and applying our skilled security engineers to the alerts that matter most.
  • Our Incident Response is people-powered: Our global team of SOC analysts responds to threats based upon the NIST Incident Handling Guidelines for Detection & Analysis, Containment, Eradication & Remediation. Our teams work around the clock to proactively investigate indicators of compromise (IOC) and indicators of attack (IOA) to strengthen our customer’s security posture before, during, and after an attack.
• Security Reporting: Our customers receive monthly & quarterly Security Posture reports that provide customers with insights into their security posture and key incidents, helping them make informed decisions and continuously improve defenses. Each report offers a summary of major incidents aligned with NIST guidelines, covering detection, containment, eradication, and remediation. It highlights both AI-driven automation and manual SOC responses, prioritizing critical threats to reduce alert fatigue. Key metrics include alerts processed, prioritized threats, and response times (MTTDetection and MTTResponse). The report also provides emerging threat insights, actionable recommendations, and guidance on posture improvements, ensuring alignment with compliance standards and industry best practices.
• Annual Security Workshop(XTIUM MDR Premium Only): Our Annual Security Workshop offers a comprehensive review of the customer’s security posture over the past year, combined with a collaborative review and revision of the customer’s security roadmap. This workshop provides strategic insights by analyzing trends, major incidents, threat intelligence, and key metrics. The session also examines emerging threats, evolving risks, and compliance changes relevant to the customer’s industry. With actionable recommendations and a revised security roadmap, the workshop ensures the customer’s strategy remains aligned with best practices, strengthens risk management, and positions the organization to proactively address future challenges.

1.3    Service Overview

XTIUM MDR integrates with customers' existing infrastructure, providing real-time visibility and actionable insights into their security operations. The service is supported by a highly skilled team of security analysts who monitor, investigate, and respond to potential threats using advanced detection and automation techniques.

1.4    Service Consumption Model

XTIUM MDR Subscription Service Level Options; we structure subscription agreements with our customers through a package model based on several factors including attack surfaces covered, number of integrations, remediation capabilities, and support level. Our coverage areas include multiple attack surfaces: Endpoint, cloud workload, network/firewall, identity, and SaaS applications. Our three main packages for consumption are XTIUM MDR Essentials, XTIUM MDR Select and XTIUM MDR Premium. The Essentials package is just our MDR service, ingesting up-to 3 supported products; Customer will provide and manage Customer’s security products. The main differences between Select and Premium is that Select ingests only a finite number of security tools and does not include continuous vulnerability scanning and managed SIEM.

2.0 Core Service Features

2.1 Incident Detection and Response

XTIUM MDR provides 24/7/365 incident detection and response services - using a combination of automated monitoring tools and expert analysis. This ensures rapid identification and mitigation of cybersecurity threats across the customer’s IT environment.

2.2 Threat Intelligence and Analytics

The XTIUM MDR platform incorporates advanced threat intelligence feeds to enhance detection capabilities.

2.3 Transparent Security Operations

XTIUM MDR offers full reporting transparency into security operations through the XTIUM Monthly SOC Report.

3.0    Service Engagement Process

3.1    Kickoff Call

The XTIUM MDR service begins with a comprehensive Kickoff Call to establish clear communication channels, align on expectations, and ensure that all stakeholders are informed of the service’s objectives. During this call, the following topics are covered:

• Introduction to the XTIUM MDR Team: Meet several of the security analysts and service managers who will be responsible for monitoring and managing the customer’s security.
• Service Scope Review: A detailed review of the services provided under XTIUM MDR, ensuring clarity on what is included in the Managed Detection and Response (MDR) services.
• Access and Onboarding: Discuss access requirements for the customer’s IT environment, including the setup of security monitoring tools and any integration with existing platforms.
• Timeline and Deliverables: Set expectations for the onboarding timeline, initial reporting, and ongoing deliverables such as threat detection reports and incident reviews.
• Escalation Paths: Define the escalation paths for incidents, ensuring that both teams understand the appropriate contacts for critical situations.

3.2    Customer Responsibilities

To ensure the success of the XTIUM MDR service, the customer has the following responsibilities:

• Provide Access to Systems: The customer must grant XTIUM the necessary access to their IT infrastructure, integrated platform consoles & necessary APIs to allow for continuous monitoring and incident response.
• Timely Communication: Prompt communication is critical for incident resolution. The customer must ensure that key contacts are available for communication in the event of an incident.
• Participation in Regular Reviews: The customer is expected to participate in monthly and or quarterly security reviews to assess performance and identify opportunities for improvement.
• Compliance with Security Recommendations: Implementing recommended security changes, such as patching vulnerabilities and updating configurations, is essential to maintain the effectiveness of the XTIUM MDR service.
• Incident Documentation: The customer must provide any relevant information or documentation requested by the XTIUM MDR team during an investigation.
• Customer Technical lead: The Customer will designate a Technical Lead who is able to either perform technical functions or incorporate the appropriate colleagues to complete tasks that include:
  • Provision VMs for XTIUM MDR’s Assembler Technology
  • Provide API keys for connectivity in the Customer’s infrastructure/tools

3.3    XTIUM MDR Onboarding:

Schedule Timeline for XTIUM MDR & Customer Onboarding

Week 1

• Planning Call
• Turn on technology (XTIUM MDR Assemblers, API access, etc.)
• Create/revise Team Playbook
• Success criteria review
• Weekly feedback

Week 2

• Incident Simulation (Playbook test)
• Customer Security Service Manual Review
• Weekly feedback

Week 3

• Identify & Resolve Workflow gaps
• Document device configuration recommendations
• Test Playbook
• Fine-tune detection thresholds
• Weekly feedback

Week 4

• Revisit success criteria
• Service Debrief and review of metrics
• Shift to monthly cadence
• Summary feedback meeting

4.0    Service Delivery

4.1    Monitoring and Alerting

• The XTIUM MDR service includes 24/7 monitoring of customer environments to detect potential threats in real time. The service utilizes advanced monitoring technologies combined with expert human analysis to ensure effective detection and response to incidents.

  • Security Operations Center (SOC): XTIUM MDR operates through a dedicated SOC, staffed with experienced security analysts. The SOC is responsible for the continuous monitoring of customer environments and the identification of potential security events.
  • Automated Alerts: Alerts generated by the XTIUM MDR platform are analyzed and triaged by the SOC team. High-priority alerts are escalated immediately to the customer for investigation and action.

4.2    Incident Reporting

Customers receive timely incident reports that include detailed analysis of security events and actionable recommendations.

• Immediate Incident Notification: Critical security incidents are reported to the customer in real time, with detailed context on the nature of the threat and recommended actions.
• Monthly Summary Reports: In addition to real-time alerts, XTIUM MDR provides a monthly summary report of all security events, including metrics such as the number of incidents detected, incident severity, and time to resolution. XTIUM MDR analyzes alerts and incidents for our customers and develops reports and recommendations for improving the defensive posture of the environments we monitor. By leveraging past alerts and investigative actions, XTIUM MDR can uncover opportunities for our customers to reduce security incidents and intrusions.
• Quarterly Service Reviews: The service includes comprehensive quarterly reviews with the customer to discuss security posture, analyze trends, and make strategic recommendations for improving defenses.
   
  • Quarterly trends around alerts, investigations, and incidents.
  • Notable Incidents and mitigation of risks associated with them.
  • Detection coverage and recommendations using the MITRE ATT&CK framework Enterprise Mitigations and CIS Benchmarks.
  • Discussion around strategic objectives and how XTIUM MDR can help.

5.0    Incident Response

5.1    Incident Response Process

XTIUM MDR follows a structured incident response process to ensure swift and effective action when a security event occurs. The process includes:

• Detection: Continuous monitoring identifies potential incidents in real-time.
• Analysis: Each alert is analyzed to determine the nature, scope, and severity of the incident. This is done using industry-leading tools and expertise from the XTIUM MDR team.
• Response:
  • SOC Team Rules Engine: Once an incident is confirmed, immediate steps are taken to contain the threat and prevent further spread across the customer’s environment. Depending on the severity, the response can include isolating affected systems, suspending services, or other containment measures. Because our rules engine is normalized across multiple security technologies, customers benefit from threat detection techniques independent of their specific endpoint, firewall, and network detection security products. Restrictions apply - See section 9 for approved Security Data ingestion feeds.
  • Response Automation: By automating investigative tasks, XTIUM MDR’s analysts prosecute alerts and detections more thoroughly because time consuming tasks are pre-executed and incorporated into the security incident response process. Replacing task-oriented work with decision-making results in a higher quality work product from XTIUM MDR’s SOC
• Eradication: XTIUM MDR team works with the customer to remove the root cause of the incident, whether it be malware, unauthorized access, or another form of compromise.
• Remediation: Once the threat has been eradicated, remediation efforts are initiated to restore affected systems and services to normal operation. This may include restoring data from backups and applying additional security measures to prevent future incidents (Backup management is not included in our standard XTIUM MDR package offerings but can be included as an Add-on Service).
• Post-Incident Review: A comprehensive review of the incident is conducted to analyze the cause, assess the response, and identify areas for improvement. The customer receives a detailed report outlining the incident, actions taken, and recommendations for future prevention. Applies only to P1 severity incidents that lead to widespread outages.

5.2    Incident Escalation

XTIUM MDR employs a structured escalation path to ensure that incidents are handled promptly and by the appropriate personnel:

• Tier 1 Escalation: Initial analysis and investigation of the alert by the XTIUM MDR SOC team.
• Tier 2 Escalation: If the incident is determined to be severe, it is escalated to the XTIUM MDR senior security engineers for deeper investigation and remediation.
• Tier 3 Escalation: In cases of critical incidents, the XTIUM MDR leadership team and the customer’s key stakeholders are engaged to ensure swift resolution and communication across both teams.

5.3    Incident Communication

During an incident, communication is key to effective resolution. The XTIUM MDR team ensures that customers are kept informed throughout the incident lifecycle:

• Real-time Updates: Customers receive real-time updates on the status of ongoing incidents, including actions being taken to resolve the issue.
• Incident Reports: A detailed incident report is provided at the conclusion of each event, outlining the incident, actions taken, and recommended next steps.
• Collaboration with Customer IT Teams: XTIUM MDR team works closely with the customer’s internal IT teams to ensure all necessary actions are coordinated effectively.

6.0    Security Posture Enhancement

6.1    Vulnerability Management (Premium MDR package only)

XTIUM MDR incorporates vulnerability management into its service offering. This ensures that potential weaknesses in the customer’s environment are identified and addressed before they can be exploited.

• Regular Vulnerability Scans: The XTIUM MDR team performs regular scans of customer environments to identify vulnerabilities in systems, applications, and networks.
• We offer optional additional services to support Patch Management Recommendations. Patching critical vulnerabilities can be provided under the XTIUM MDR Premium Service.
• Risk Prioritization: Vulnerabilities are prioritized based on the potential impact and likelihood of exploitation, ensuring that the most critical risks are addressed first.

6.2    Threat Intelligence Integration

XTIUM MDR leverages real-time threat intelligence from multiple sources to enhance the detection and response capabilities of the service.

• Global Threat Feeds: Threat intelligence is collected from a wide range of global sources, ensuring that XTIUM MDR is aware of the latest attack techniques and emerging threats.
• Customer-Specific Threats: Intelligence is tailored to the customer’s specific environment, focusing on threats that are most relevant to their industry and infrastructure.
• Continuous Updates: Threat intelligence feeds are continuously updated to ensure that the service remains effective against new and evolving threats.

7.0    Service-Level Objective (SLO)

7.1    Service Availability

We commit to delivering high availability of our XTIUM MDR service, measured by the performance of our XTIUM MDR platform, as follows:

7.1.1 Platform Availability

We maintain a 99.9% uptime availability objective for our XTIUM MDR platform per calendar month, excluding scheduled maintenance periods and other excused downtime. Availability is defined by the ability of our Security Operations Center (SOC) team to access and utilize the core functionalities of the XTIUM MDR platform to deliver monitoring, detection, and response services to customers. Examples of excused downtime include: (i) the failure of customer or third-party equipment, software, or other technology (other than those within XTIUM’s direct control) upon which the XTIUM MDR services are dependent; (ii) a force majeure event; (iii) an attack on XTIUM’s infrastructure, including without limitation, a denial of service attack or unauthorized access (i.e., hacking); (iv) unavailability not reported by customer in accordance with the procedures set forth herein; or (vi) unavailability that is caused by customer’s breach of these terms.

7.1.2 Scheduled Maintenance

Scheduled maintenance activities aimed at updating, improving, or maintaining the XTIUM MDR platform's functionality will occur periodically. Customers will be notified at least 72 hours in advance of scheduled maintenance expected to last longer than 15 minutes, typically planned for off-peak hours.

7.1.3 Emergency Maintenance

Occasionally, emergency maintenance may be necessary without prior notice to immediately address critical issues and maintain the XTIUM MDR platform's security and reliability. Affected customers will be informed as soon as possible following the commencement of emergency maintenance activities.

7.2   Customer Responsibilities

To ensure optimal performance and service delivery, customers agree to the following:

• Maintain reliable internet connectivity and network infrastructure suitable for XTIUM MDR platform requirements.
• Properly configure and manage network devices, endpoints, and applications as outlined in provided guidelines to facilitate effective monitoring and response.
• Notify us promptly regarding changes to customer environment, configurations, or assets potentially affecting XTIUM MDR service performance.
• Respond promptly and provide cooperation upon our reasonable requests for information or assistance during incidents, events, and general XTIUM MDR evaluations of the customer’s environment.

7.3 Service Availability Remedy

Should the monthly availability of our XTIUM MDR platform fall below the targeted level outlined in Section 7.1.1 (other than for excused downtime), customers are entitled to the following service credits:

Customers must submit a detailed service credit request identifying the downtime within thirty (30) calendar days of the incident. Approved service credits will be applied to the customer's subsequent billing cycles.

By subscribing to our XTIUM MDR service, customers acknowledge and agree to comply with these service availability terms and conditions.

7.4 Response Times

The XTIUM MDR service commits to specific response times for addressing incidents and alerts, based on their severity:

• Critical Alerts: Response within 30 minutes of detection.
• High-Priority Alerts: Response within 1 hour of detection.
• Medium-Priority Alerts: Response within 4 hours of detection.
• Low-Priority Alerts: Response within 8 hours of detection.

7.5 Impact and Urgency Definition 

The Priority of a Security Incident is based on the Impact and Urgency of an Incident.

Impact: A Security Incident is classified according to the breadth of its impact on Customer’s business (the size, scope, and complexity of the Incident). 

There are four impact levels:

• Widespread: Entire Service is affected.
• Large: Multiple sites, services or business units impacted
• Localized: A single location or individual users at multiple locations are affected.
• Individualized: A single user is affected.

Urgency: The Urgency of a Security Incident is classified according to its impact on the monitored Security Components and impact to Customer’s business.

There are four urgency levels:

• P1 – Critical: Significant Security Incident causing primary function to be stopped, or significant loss, corruption, or unauthorized encryption of sensitive data. There may be a significant, immediate financial impact to Customer’s business.
• P2 – High/Major: Primary function is severely degraded due to loss in functionality or data loss, corruption, or unauthorized encryption. There is a probable significant financial impact to Customer’s business.
• P3 – Medium/Minor: Non-critical function is stopped or severely degraded. There is a possible financial impact to Customer’s business.
• P4 – Low/Notice: Non-critical business function is degraded. There is no material impact. Customer perceives the issue as low.

7.6  Reporting and Reviews

XTIUM MDR ensures regular reporting and reviews to maintain service quality and customer satisfaction:

• Monthly Reports: Customers receive detailed monthly reports summarizing all incidents, their resolution, and ongoing security recommendations.
• Quarterly Service Reviews: A formal service review is conducted every quarter to assess the overall security posture, discuss trends, and make recommendations for future improvements.
• Ad Hoc Reporting: Upon customer request, additional reports can be generated to provide insights into specific incidents or security metrics.

8.0    Premium Services Expanded

8.1   Annual Security Workshop (XTIUM MDR Premium Only)

In addition to its core managed detection and response services, XTIUM MDR offers a range of security services to help customers enhance their overall cybersecurity posture.

• Annual Security Roadmap: Comprehensive security Roadmap is provided to identify strategic security initiatives in the customer’s IT environment.
• Annual Architecture Design and Review: The XTIUM MDR team provides guidance on designing and optimizing security architectures to ensure robust protection.
• Annual Compliance Recommendations: XTIUM Will provide assistance to customers seeking high-level recommendations to navigate complex regulatory requirements. XTIUM may also provide recommended partners for more in-depth compliance strategy and delivery.

9.0    XTIUM MDR Supported Integrations:

9.1    Endpoint & Network

XTIUM MDR integrations for Endpoint & Network provides alert triage, investigation, and remediation for alerts coming from endpoint detection and response (EDR) and network security products.

Packaging Tiers

The XTIUM MDR service for Endpoint & Network is available in all packaging tiers. See documentation on each tier for specific features and limitations of that tier.

• XTIUM MDR Select - Endpoint & Network
• XTIUM MDR Premium - Endpoint & Network

Integrations

When customers buy one of the XTIUM MDR services for Endpoint & Network products, they can connect the following alert-producing integrations to the XTIUM Workbench.

9.2    MDR Premium SaaS & Identity

XTIUM MDR – SaaS

XTIUM MDR service for SaaS provides alert triage, investigation, and remediation for alerts coming from many of the most popular SaaS products. This applies only to the pre-approved applications listed below.

Packaging Tiers

The XTIUM MDR SaaS coverage is available only in the XTIUM MDR Select and XTIUM MDR Premium tiers. These services also include coverage for the below integrations. See documentation on each tier for specific features and limitations of that tier.

• XTIUM MDR Select - SaaS & Identity
• XTIUM MDR Premium - SaaS & Identity

Integrations

SaaS Alert-producing Integrations

When you buy one of XTIUM’s SaaS services, you can connect to the following integrations.

9.3    Cloud Security & Control Plane

XTIUM MDR Cloud Security & Control Plane. Includes alert triage, investigation, and remediation for threats involving management, orchestration, and computing resources and tasks that are required to run an application or service in a cloud computing environment, using both alerts from tools in Cloud Security and telemetry from the cloud control plane.

Cloud Security & Control Plane Integrations

9.4    CrowdStrike Provisions

Falcon Prevent: Next-generation antivirus (NGAV)

Ideal antivirus (AV) replacement combines effective next-gen prevention technologies with full attack visibility and simplicity. 

• Industry-recognized legacy AV replacement.
• For organizations struggling with the ineffectiveness and complexity of legacy antivirus solutions, CrowdStrike® Falcon Prevent™ is here to help. Falcon Prevent delivers superior protection with a single lightweight-agent architecture that operates without the need for constant signature updates, on-premises management infrastructure or complex integrations. Falcon Prevent enables customers to deploy tens of thousands of agents at once. 
• Falcon Prevent is certified to replace legacy antivirus products — independent testing by AV-Comparatives and SE Labs has certified Falcon Prevent's antivirus capabilities. Falcon Prevent has also been validated for PCI, HIPAA, NIST, and FFIEC regulatory requirements. 

CrowdStrike is positioned as a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the Fourth Consecutive Time — in addition to being positioned in the Leaders quadrant, CrowdStrike is positioned furthest to the right for Completeness of Vision. 

Key capabilities 

State-of-the-art prevention - Falcon Prevent protects endpoints against all types of attacks, from commodity malware to sophisticated attacks — even when offline. 

• Machine learning and artificial intelligence prevent known and unknown malware, adware, and potentially unwanted programs (PUPs) 
• AI-powered indicators of attack (IOAs), script control and high-performance memory-scanning identify malicious behaviors and prevent fileless attacks and ransomware 
• Exploit blocking stops the execution and spread of threats via unpatched vulnerabilities 
• Detect and quarantine on write stops and isolates malicious files when they first appear on a host 
• Industry-leading threat intelligence is built into the CrowdStrike Falcon® platform to actively block malicious activity 
• Quarantine captures blocked files and allows access for investigation 
• Script-based execution monitoring inspects and blocks malicious Microsoft Office macros 
• Sensor tampering protection stops user or process attempts to manipulate or disable the CrowdStrike Falcon sensor 

Falcon Insight: Endpoint Detection and Response EDR

Traditional endpoint security tools have blind spots, making them unable to see and stop advanced threats. CrowdStrike Falcon Insight™ endpoint detection and response (EDR) solves this by delivering complete endpoint visibility across your organization.

Falcon Insight continuously monitors all endpoint activity and analyzes the data in real time to automatically identify threat activity, enabling it to both detect and prevent advanced threats as they happen. Security teams can rapidly investigate incidents, respond to alerts, and proactively hunt for new threats.

• Automatically detect attacker activities: Falcon Insight uses indicators of attack (IOAs) to automatically identify attacker behavior and sends prioritized alerts to the Falcon user interface (UI), eliminating time-consuming research and manual searches.
• Unravel entire attacks on just one screen: The CrowdScore™ Incident Workbench provides a comprehensive view of an attack from start to finish, with deep context for faster and easier investigations
• Accelerate investigation workflow with MITRE ATT&CK®: Mapping alerts to the MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK®) framework allows you to understand even the most complex detections at a glance, reducing the time required to triage alerts, and accelerating prioritization and remediation. In addition, the intuitive UI enables you to pivot quickly and search across your entire organization within seconds.
• Gain context and intelligence: Integrated threat intelligence delivers the complete context of an attack, including attribution.
• Respond decisively: Act against adversaries in real time to stop attacks before they become breaches. Powerful response actions allow you to contain and investigate compromised systems, and Falcon Real Time Response capabilities provide direct access to endpoints under investigation. This allows security responders to run actions on the system and eradicate threats with surgical precision.

9.5    Vulnerability Management – Tenable (XTIUM MDR Premium Only)

XTIUM MDR Continuous Vulnerability Monitoring provides alert triage, investigation, and remediation for alerts coming from Tenable Vulnerability Management. Note that XTIUM is utilizing only the Tenable Vulnerability Management scan capability.

Tenable Vulnerability Management gives you a risk-based view of your entire attack surface, so you know all of your impactful IT vulnerabilities, expose your top priorities, and close critical exposures at speed.

Proactive threat contextualization With Vulnerability Intelligence built into Tenable Vulnerability Management, you can search, contextualize, and respond to vulnerabilities based on the industry’s richest sources of data and intelligence provided by Tenable Research. By normalizing 50 trillion data points, Vulnerability Intelligence provides comprehensive deep dives on any given vulnerability. Identify key vulnerabilities that are leveraged in the wild or search for a specific vulnerability with natural language or advanced search.

Comprehensive assessment options Tenable Vulnerability Management gives you unified visibility of your entire attack surface. It leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, cloud connectors and CMDB integrations to maximize scan coverage across your infrastructure and reduce vulnerability blind spots. This mix of data sensor types helps you track and assess both known and unknown assets and their vulnerabilities, including hard-to-scan assets like transient devices analyzed by agents and sensitive systems like industrial control systems.

Simplified vulnerability management Through a modern interface with intuitive dashboard visualizations, Tenable Vulnerability Management makes common tasks, such as configuring scans, running an assessment, and analyzing results, easier than ever. Predefined scan templates and configuration audit checks that follow best practices frameworks, such as CIS and DISA STIG, help you protect your organization with a fraction of the effort otherwise needed. Customize your reporting and analysis with pre-configured, out-of-the-box dashboards or quickly build your own from a blank canvas to meet organizational needs.

9.6    Co-Managed SIEM- Azure Sentinel (XTIUM MDR Premium Only)

The XTIUM MDR service provides investigation for alerts coming from many of the most popular SaaS products. Typically, the sources from which we ingest logs will include the following.

• Network Devices including Firewalls
• Endpoint Security Software
• SaaS and Identify Applications
• Cloud Workspaces

What is Microsoft Sentinel?

Microsoft Sentinel is a cloud native SIEM system that a security operations team can use to:

• Get security insights across the enterprise by collecting data from virtually any source.
• Detect and investigate threats quickly by using built-in machine learning and Microsoft threat intelligence.
• Automate threat responses by using playbooks and by integrating Azure Logic Apps.

Unlike with traditional SIEM solutions, you do not need to install any servers either on-premises or in the cloud to run Microsoft Sentinel. Microsoft Sentinel is a service that you deploy in Azure. You can get up and running with Sentinel in just a few minutes in the Azure portal. Once the Sentinel Solution is up and running XTIUM MDR Workbench can pull in Azure SIEM data right into our Data feeds for our 24/7 SOC team to monitor, detect and respond to incidents.

Microsoft Sentinel is tightly integrated with other cloud services. Not only can you quickly ingest logs, but you can also use other cloud services natively (for example, authorization and automation). 

Packaging Tiers

XTIUM Co-managed SIEM is available only in the XTIUM MDR Premium service tier. See documentation on each tier for specific features and limitations of that tier.

• XTIUM MDR Premium
• XTIUM Co-managed SIEM

Integrations

When customers buy an XTIUM MDR package featuring Cloud Security & Control Plane, they can connect the following integrations.

10.0    Terms:

The XTIUM MDR services set forth herein are solely subject to the terms and conditions set forth at https://xtium.com/xtium-mdr-terms-and-conditions.This Service Description may be updated by XTIUM from time to time, with notice provided to Customer.

11.0    Pricing Considerations:

The specific pricing for the services purchased can be found in the quote supplied.

T&M Security Services are available should engineering support outside the scope of this Service Description be required.

• Breach Remediation: Breach remediation services are offered at $350.00 per hour and are scoped when required.
• Senior Security Engineer: $250.00 per hour
• Junior Security Engineer: $200.00 per hour

The pricing may by subject to increases once the Term of the Quote renews (as set forth below) and may increase thereafter for each Renewal Term based on, among other things, annual increased vendor costs, supplier/labor costs, and other considerations.

Term

The initial term (“Initial Term”) for XTIUM MDR shall be as set forth in the Quote that the customer executes. Thereafter, the Quote will automatically renew for additional like term lengths (each a “Renewal Term,” and together with the Initial Term, the “Term”), unless either party gives the other party written notice of its intent to not renew the Quote at least 120 days’ prior to the end of the Initial Term or the then-current Renewal Term.