Service Level Agreement Security Information and Event Management This Security Information and Event Management Service Level Agreement (“SLA”) is incorporated into the Quote executed by TekLinks and Customer for Security Information and Event Management Services and sets forth the specific terms and conditions under which TekLinks shall supply the Security Information and Event Management Services described herein to Customer. The general terms applicable to such Services are contained in the Master Terms and Conditions (“MTC”) and the Master Service Level Agreement (“MSLA”) incorporated into the Quote by reference. Capitalized terms used but not defined herein shall have the meanings set forth in the MTC and MSLA.
Terminology These are service specific definitions. Common definitions are already defined in our Master Service Level Agreement.
Device refers to the Customer server, router, switch, firewall, VPN, or other legacy device receiving Service.
Operating System refers to the base software running on Customer Device.
Service Description General Cloud-based, multi-tenant Security-as-a-Service solution that works in small- to mid- to enterprise-level infrastructures wherever sensitive data is stored. The security service is built on a platform that fully integrates software solutions, security operations, and security research into a single solution that keeps resources and data secure and compliant. The service monitors, analyzes, and protects networks with intrusion detection, vulnerability assessment, web application, and log management solutions. Can be coupled with 24x7 monitoring, expert guidance, as well as security research and content, to provide full protection for customer environments.
Levels and Offerings Security Information and Event Management is offered at a single level of service, however, Customers can opt for the different Service Options listed below.
Availability Dependencies The availability of Service is dependent on the existence of a suitable network transport from TekLinks to User(s). TekLinks also reserves the right to limit Service availability in the event that necessary Service Components are either unavailable or unattainable at a reasonable cost to TekLinks. The Security Event Analysis and Response option requires Infrastructure Care, Cloud Infrastructure Care, Managed Cloud, Private Cloud, Virtual Server, or Virtual Private Cloud.
Copyright© 2016 TekLinks, Inc. All rights reserved. Public. Version 1.0, June 2016 The master version of this document is maintained electronically. Printed copies are uncontrolled and should be considered unofficial versions. Please reference the electronic source for current version.
201 Summit Parkway - Birmingham, Alabama 35209 - Phone (205) 314-6600 - Fax (205) 940-9067 - http://www.teklinks.com Page 1 of 5
Security Information and Event Management SLA
Limitations Customer agrees that TekLinks is not responsible for any unauthorized access or modification of Customer's data while in electronic transmission to or from the TekLinks Data Centers. Customer also agrees that TekLinks is not responsible or liable for any content sent using, or received from, the Security Information and Event Management Service including that which may be illegal, obscene, defamatory, threatening, or that may infringe any trademark, copyright, or other third party intellectual property right.
Service Options The following options may be added to the Security Information and Event Management Services. Description of Service options in no way entitles Customer to the feature, unless specified by TekLinks and Customer in the signed Quote or signed evaluation of a Service Change request. A Separate Service Agreement or Statement of Work may apply to such options and may have additional costs associated with them. Options below may not be compatible with all variants of Security Information and Event Management Service.
Web Application Firewall Cloud-based solution that allows you to secure your web applications. Our managed web application firewall (WAF) is delivered in a Security-as-a-Service model that guards against emerging threats such as the OWASP Top 10, and provides immediate PCI DSS 6.6 compliance, providing you the web application security that you need.
Security Event Analysis and Response TekLinks will collect and respond to security events vetted by the security NOC.
Dependencies This Service Option requires Infrastructure Care, Cloud Infrastructure Care, Managed Cloud, Private Cloud, Virtual Server, or Virtual Private Cloud
Secure Log Manager Cloud-based solution that provides collection, aggregation, reporting, and alerting log sources and includes up to 1 year of storage. Log Manager is available with 90-day retention or 365-day retention.
Log Collection
Choice of physical (single- or multi-tenant) or virtual appliance Choice of agentless or Windows agent log collection Windows Event Logs o Windows System Event Log o Windows Security Event Log o Windows Application Event Log o Microsoft Exchange Server Application Logs SYSLOGs o Unix, Linux Server Logs o Most Network Device Logs (e.g., Routers, Switches, and Firewalls) o Database Logs
Copyright© 2016 TekLinks, Inc. All rights reserved. Public. Version 1.0, June 2016 The master version of this document is maintained electronically. Printed copies are uncontrolled and should be considered unofficial versions. Please reference the electronic source for current version.
201 Summit Parkway - Birmingham, Alabama 35209 - Phone (205) 314-6600 - Fax (205) 940-9067 - http://www.teklinks.com Page 2 of 5
Security Information and Event Management SLA
Flat/Text Files o Web Servers Logs (e.g., Apache, IIS) o Windows ISA Server Logs o DNS and DHCP Server Logs o Homegrown Application Logs o Exchange Message Tracking Logs
Log Parsing
New Parsers and Parsing Rules Updated Monthly Parsing Set Consolidated from Multiple Sources o Security Research Team o Customer Requests o Open Source, Third-Party Collaboration Real-Time Parsing Updates to Log Management System
Event Correlation & Notification
Custom and Out-of-the-Box Correlation Rules o Designed to Detect Suspicious Activity o Automatic Alerts Sent When Rule Is Triggered o PCI-Specific Rules to Comply with Requirement 10.6
Analysis & Reporting
Dozens of Dashboards and Reports Available Out-of-the-Box Common Vulnerability Scoring System (CVSS) to Assess Risks Audit-Ready Reports Single Web-Based Console for Entire Environment o User Management and Administration o Dashboards and Drill-Down Analysis o Report Scheduling, Creation and Review
Compliance Support
SSAE 16 Type II Verified Data Centers Provided by a PCI Level 2 Audited Vendor Provided by a PCI Approved Scanning Vendor (ASV) Indefinite Storage and Archival of Incident Analysis and Cases Support for Multiple Compliance Mandates o PCI DSS 2.0, HIPAA, SOX, GLBA, CoBIT, etc.
Secure Threat Manager Cloud-based intrusion-detection, vulnerability scanning, and alerting solution. The Service is able to protect Customer network against both internal and external threats, no matter how fragmented the architecture.
Threat Signatures and Rules
45,000+ IDS Signature Database; Weekly Signature Updates Rule Set Consolidated from Multiple Sources o Security Research Team o Emerging Threats
Copyright© 2016 TekLinks, Inc. All rights reserved. Public. Version 1.0, June 2016 The master version of this document is maintained electronically. Printed copies are uncontrolled and should be considered unofficial versions. Please reference the electronic source for current version.
201 Summit Parkway - Birmingham, Alabama 35209 - Phone (205) 314-6600 - Fax (205) 940-9067 - http://www.teklinks.com Page 3 of 5
Security Information and Event Management SLA
o Open Source, Third-Party Collaboration Real-Time Signature Updates to Expert System
Vulnerability Assessment
Unlimited Internal and External Scans PCI DSS 2.0 Compliant External Scanning Broad Scanning Capabilities o Network Infrastructure o Server Infrastructure o Business Critical Applications
Intrusion Detection
Advanced Network Traffic and Payload Visibility o Web Technologies (IPv6, Ajax, SQL Injection, etc.) o Detect SSL-Based Intrusion Traffic Signature and Activity-Based Correlation Patented Threat Scenario Modeling
Analysis & Reporting
Dozens of Dashboards and Reports Available Out-of-the-Box Custom Reporting Capabilities Common Vulnerability Scoring System (CVSS) to Assess Risks Audit-Ready Reports Single Web-Based Console for Entire Environment o User Management and Administration o Dashboards and Drill-Down Analysis o Report Scheduling, Creation and Review o Scan Scheduling and Results Review
Compliance Support
Provided by a PCI Approved Scanning Vendor (ASV) Provided by a PCI Level 2 Audited Vendor Support for Multiple Compliance Mandates o PCI DSS 2.0, HIPAA, SOX, GLBA, CoBIT, etc. o 6-Month Storage of all Raw IDS Event Data o SSAE 16 Type II Verified Data Centers o Indefinite Storage and Archival of Incident Analysis and Cases
Secure Log Review Provides 24x7 integrated managed daily log review of Log Manager by a security analyst. The Service includes identification, verification, and recommendation for remediation action on incident trends found from a Secure Log Manager solution. The Service also includes integrated review and case management capabilities that allow Customer to track and report on incident trends across Customer’s entire enterprise, extending into the services hosted outside of the Customer perimeter. Built-in workflow and case management tools provide an auditable trail of any suspicious findings and give a historical perspective of Customer’s entire security and compliance operations.
GIAC-Certified Security Analysts and Researchers 24x7 State-of-the-Art Security Operations Center
Copyright© 2016 TekLinks, Inc. All rights reserved. Public. Version 1.0, June 2016 The master version of this document is maintained electronically. Printed copies are uncontrolled and should be considered unofficial versions. Please reference the electronic source for current version.
201 Summit Parkway - Birmingham, Alabama 35209 - Phone (205) 314-6600 - Fax (205) 940-9067 - http://www.teklinks.com Page 4 of 5
Security Information and Event Management SLA
Trained Experts in Technologies Monitoring, Analysis and Expert Guidance Capabilities Customized Alerting and Escalation Procedures
Secure Active Watch Provides 24x7 integrated managed security services, to include monitoring and proactive support of Threat Manager by a security analyst.
GIAC-Certified Security Analysts and Researchers 24x7 State-of-the-Art Security Operations Center Trained Experts in Technologies Monitoring, Analysis and Expert Guidance Capabilities Customized Alerting and Escalation Procedures
Secure Response Field Customers can opt to have TekLinks Field Services respond to security incidents. Block of hours rates apply for this option.
Service Delivery Requirements General It is Customer’s responsibility to ensure that all Users are able to connect to the Service and are configured properly. This includes, but is not limited to, Ethernet switches, Ethernet cabling, workstations, servers, operating systems, and software. Customer is responsible for configuring Log Sources, Collection Policies, Log Correlation Policies, Saved Views / Reports, Blocking Policies, Scans, Manually Generated Incidents, Alerts and Cases in the Services User Interface. Customer will install and configure equipment for the purpose of enabling the Services including but not limited to appliances, network taps, Firewalls, routers, switches, and Operating Systems. Customer is also responsible for configuring settings found in the Services User Interface.
Installation Upon receipt of the signed Quote, TekLinks will coordinate installation services with the Customer and our security services vendor. If additional configuration work is required due to limitations of the Customer network, TekLinks reserves the right to bill Customer at currently hourly rates for additional configuration time. TekLinks is not responsible for, and will not be obligated to provide, any support or assistance in configuration, installation, administration, troubleshooting, maintenance, repair, or integration of customer equipment, software, or network application into the Customer’s internal network.
Copyright© 2016 TekLinks, Inc. All rights reserved. Public. Version 1.0, June 2016 The master version of this document is maintained electronically. Printed copies are uncontrolled and should be considered unofficial versions. Please reference the electronic source for current version.
201 Summit Parkway - Birmingham, Alabama 35209 - Phone (205) 314-6600 - Fax (205) 940-9067 - http://www.teklinks.com Page 5 of 5
