Onboarding Managed Detection and Response (MDR)
Overview
Welcome to NTT Security Holdings (NTTSH) and the Managed Detection and Response (MDR) Service Powered by our Samurai platform.
We have made onboarding simple and shall support you through each phase.
MDR Security Operations Center (SOC)
The SOC provide guidance and expertise during onboarding and service delivery, however it is important to understand the role and responsibilities of you and our team.
The SOC will be your main contact during onboarding and will schedule introduction and orientation calls with you to ensure your journey to MDR is problem free. You as a Client will still need to perform your responsible actions outlined in the rest of this document and specifically for onboarding MDR telemetry sources, unless you have purchased Samurai Onboarding.
After your orientation meeting, MDR Service delivery begins. The SOC will schedule and conduct regular threat review meetings as outlined within the MDR Service Description to ensure you derive maximum value from the service.
Suggested Resources
During onboarding you will likely need to call upon various teams within your organization, we understand you may not have all of the appropriate roles but suggest the following:
| Role/Function | Responsibility |
|---|---|
| Chief Information Security Officer (CISO) | Awareness of the service and how it functions to drive handling of security incidents reported |
| Security Operations Engineer | Management and administration of the Samurai MDR Application |
| System Administrator | Deployment of Collector(s) |
| Network Engineer | Configuration of supported integrations, configuration of access control rules as required by Collector and integration |
| Security Manager | Integration of Samurai MDR into your organization’s security practice and operating processes |
| Project Manager | Initiating, planning, executing, controlling and closing work of your teams to achieve onboarding |
Onboarding Phases
The image and table below outline the main phases of onboarding including responsibilities, resources and deliverables.
| Phase | NTTSH responsibilities | Client responsibilities | NTTSH Resource/Deliverable |
|---|---|---|---|
| Activation | * Send an activation email with instructions for accessing the Samurai MDR application (Contract term and client billing commences upon login) | * Activate Samurai MDR application | * Sales contact * Access to Samurai MDR application |
| Introduction Meeting (within 2 days Samurai MDR application activation) | |||
| * Schedule and conduct introductory meeting which includes: * Welcome and introduction to the MDR service * Overview of the Samurai platform * Overview of setup/configuration steps and resources * Gather pertinent information (notification contacts) * Answer any questions/queries | * Attend scheduled introductory meeting * Review online documentation * Add additional Samurai MDR application users as required * Determine notification contact points and call list (this should be provided 7 days after intro call) | * SOC * Samurai MDR application | |
| Setup | * Respond and assist with any issues raised | * Configure and deploy collectors * Configure integrations * Configure telemetry sources * Raise any issues via ticket | * Samurai MDR application |
| MDR Service Delivery | Orientation Meeting (within 14 days of introduction meeting) | ||
| * Schedule and conduct MDR orientation conference call to include: * What to expect – how SOC analysts interact with you * Overview of Security Incident Reports * Support/Help resources * Schedule Threat Review meetings | * Complete necessary Setup * Attend scheduled orientation call | * SOC * 24/7 monitoring and investigation of threats detected via Samurai by Security Analysts * Security Incident Report(s) as a result of our SOC Analyst investigation(s) with recommendations * Security Incident notification options selected by you * Access to Samurai MDR application for service metrics, security incidents/ tickets and ability to query your data * Regular Threat Review meetings * Access to Incident Response retainer (if purchased) | |
| Threat Review (Quarterly during MDR Service Delivery) | |||
| * Schedule regular Threat Review meetings which include: * Security Incident Management * Notable incidents during period * Review and ensure progress on any open Security Incidents * MDR scope reviews * Metrics (volume) * Implemented log sources * Improvements * Detection and response improvement recommendations | * Attend scheduled Threat Review meetings | * SOC | |
| Incident Response (IR) retainer (option) | |||
| * Response to IR - analysts engagement e.g hunting, malware analysis | * Invoke IR as needed via ticket | * IR response |
Your Responsibilities
Below are your primary responsibilities during onboarding. Additional responsibilities may arise as needed to support aspects of the implementation that are unique to your specific environment(s):
- Create user accounts for additional users of the Samurai MDR application, maintain all user accounts, ensuring that contact information for each user is complete and accurate.
- Deploy Samurai Collector(s) and successfully configure required integrations.
- Configure and manage all resources required to support the deployment of Collector(s) - virtual / physical.
- Configure and maintain supported on-premises log sources and cloud integrations in line with Samurai MDR requirements.
- Ensure that all telemetry sources have connectivity required in order to interact with the Samurai platform. This includes, but is not limited to, the ability to receive telemetry source feeds and evidence data as well as the ability to monitor and control any agents or virtual appliances installed in your environment for the purpose of providing the service.
- Respond to NTTSH communications in a timely manner and ensure attendance of the necessary resources for all meetings to ensure timely completion of onboarding and during service lifecycle.
- Bring a threat, identified in a security incident report, to closure.
Your overall responsibilities for the service can be found in the MDR Service Description.