1. Introduction
The Samurai Cybersecurity Advisor (CSA) service add-on provides a dedicated technical senior-level resource to help Samurai Managed Detection & Response (MDR) clients get the most value from the service, and reduce business risk.
Services provided by the CSA include:
- Monthly threat reviews
- Tracking of a detection and response recommendation improvement list
- Dialogues around detection & emerging threats
- Acting as a link between clients and the Samurai MDR service
2. Samurai Cybersecurity Advisor service
2.1 Monthly Threat Reviews
The Samurai MDR service will detect, respond and report relevant threats that pose a risk to a client, but it is the client’s responsibility to bring the risk to closure. To help the client with this, a program of monthly threat reviews is included with the CSA service.
The monthly threat reviews are the main interaction point between clients and the CSA.
Through regular CSA-led threat reviews, clients will:
- be trained and educated to understand threats and risks reported by the Samurai MDR service,
- be provided recommendations to improve detection and response, and
- receive follow-up to ensure that reported threats and risks are handled and mitigated.
The threat review program is initiated at the time of onboarding. During the onboarding orientation call the monthly meetings will be scheduled for the remainder of the contract period.
2.2 Detection and Response Recommendation Improvement List
The CSA will maintain and update a detection and response improvement list through the entire lifecycle of the Samurai MDR service. The improvement list focuses on suggestions that will improve detection of threats e.g. new systems recommended to be onboarded by the client into the Samurai MDR service, or could also include actions that either the client, the SOC or NTT Security Holdings need to take in relation to improving threat detection and response. The ultimate benefit of this process to the client is an improved security posture.
2.3 Detection & Emerging Threats
The CSA will stay informed of threat detection improvements made by NTT and follow the changing threat landscape. During the monthly threat review meetings, the CSA will lead a dialogue with the client to ensure the correct telemetry exists within the clients given Samurai MDR configuration to take full benefit of any new detections created for emerging threats, and provide actionable recommendations where needed.
2.4 Act as a link between clients and the Samurai MDR service
The CSA is a technical senior-level resource with extensive experience working within Managed Detection & Response. Complimenting the CSA’s extensive experience with the Samurai MDR service, the CSA also has access to NTT threat intelligence, the specialist MDR SOC workbench, and the client’s MDR tenant.
This access provides the CSA the ability to perform searches and threat hunts as required within the scope of the service offered, while also having well-established contact routes with the different NTT Teams involved in the Samurai MDR delivery.
2.5 Scope information
The Samurai Cybersecurity Advisor Service add-on, as defined above, is a fixed fee engagement. The engagement will not exceed 192 hours yearly, and additional service packages can be purchased to extend delivery. Used hours per single month may not exceed 40 hours unless approved in dialogue with NTT.
The CSA service is delivered during business hours of central European time (CET).