Hi I’m Joe. Today we’re going to talk about MSSI Day One. So day 1 is the standard on-boarding program that all new MSS clients go though. We start right out of the gate with product and portal training. We want to incorporate and make sure that the client fully understands all the product services solutions they have top to bottom and it gives the client the opportunity to ask questions because it is a personalized one on one session.
Portal user profile audits: we’re making sure that everybody who needs access to the different systems and technologies and solutions has access, their permissions are set the right way and they’re confirmed able to use, log in, and actually work with the solutions that they have.
Escalation procedures: We’re making sure that when there’s a notable security incident or some sort of notification where SecureWorks needs to contact the client we know who to contact, when, and all the different considerations around escalation procedures.
Our log/event normalization audit: when a client begins to send data a consultant is going to look at that data and make sure that we’re taking the raw logs and normalizing that into events properly and ideally to make sure we can support everything that happens after those events occur.
Event review is also focusing on making sure that we are adding context and grouping data correctly. We work under the tuning workshop to make sure that the data as it resides in the perspective of SecureWorks is properly being articulated back to the client. Simple example of the tuning workshop is going to be tuning false positives and working with the client to understand their known scanners and probes. Some intricacies of their network environment, such as where they are using proxies and have load balancers, really understanding the details to compliment all the data that’s coming in from their various devices.
Correlation: so we’re really going to work with the client to take all the separate events that occur from different devices and make sure they’re being grouped together to tell a story as to what’s happening in their environment. This is of course great for the analyst that’s looking at the data to better understand the client’s environment and it also allows us to provide the data to the client that gives them all of the information that they need.
And of course for the clients that have managed devices we’re going to work with them on defining their different signature sets and policies in the case of IDS/IPS devices and where they have managed firewalls working with them to make sure the change management procedures and how to submit firewall change requests is properly understood on both sides.
So that summarizes MSSI Day One, which of course all clients are getting. That’s our standard onboarding. There are other offerings in the MSSI portfolio that builds on the foundation that is set on Day One that would further compliment a client’s MSS services and their partnership with SecureWorks.