This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Onboarding Managed Detection and Response (MDR) (v1.0 2023-09-11)

    This document has been superseded. For the latest version please click HERE.

    Overview

    Welcome to NTT Security Holdings (NTTSH) and the Managed Detection and Response (MDR) Service Powered by Samurai XDR.

    We have made onboarding simple and shall support you through each phase.

    MDR Security Operations Center (SOC)

    The SOC provide guidance and expertise during onboarding and service delivery, however it is important to understand the role and responsibilities of you and our team.

    The SOC will be your main contact during onboarding and will schedule introduction and orientation calls with you to ensure your journey to MDR is problem free. You as a Client will still need to perform your responsible actions outlined in the rest of this document and specifically for onboarding MDR telemetry sources, unless you have purchased enhanced onboarding consulting services.

    After your orientation meeting, MDR Service delivery begins. The SOC will schedule and conduct regular threat review meetings as outlined within the MDR Service Description to ensure you derive maximum value from the service.

    Suggested Resources

    During onboarding you will likely need to call upon various teams within your organization, we understand you may not have all of the appropriate roles but suggest the following:

    Rol****e/FunctionResponsibility
    Chief Information Security Officer (CISO)Awareness of the service and how it functions to drive handling of security incidents reported
    Security Operations EngineerManagement and administration of the Samurai XDR Application
    System AdministratorDeployment of Collector(s)
    Network EngineerConfiguration of supported integrations, configuration of access control rules as required by Collector and integration
    Security ManagerIntegration of Samurai MDR into your organization’s security practice and operating processes
    Project ManagerInitiating, planning, executing, controlling and closing work of your teams to achieve onboarding

    Onboarding Phases

    The image and table below outline the main phases of onboarding including responsibilities, resources and deliverables. 

    onboarding.PNG

    PhaseNTTSH responsibilitiesClient responsibilitiesNTTSH Resource/Deliverable
    Activation* Send an activation email with instructions for accessing the Samurai XDR application (Contract term and client billing commences upon login)* Activate Samurai XDR application* Sales contact
    * Access to Samurai XDR application
    Introduction Meeting (within 2 days Samurai XDR application activation)
    * Schedule and conduct introductory meeting which includes:
    * Welcome and introduction to the MDR service

    * Overview of the Samurai XDR platform
    * Overview of setup/configuration steps and resources

    * Gather pertinent information (notification contacts)

    * Answer any questions/queries
    * Attend scheduled introductory meeting
    * Review online documentation

    * Add additional Samurai XDR application users as required
    * Determine notification contact points and call list (this should be provided 7 days after intro call)
    * SOC
    * Samurai XDR application
    Setup* Respond and assist with any issues raised* Configure and deploy collectors
    * Configure integrations 
    * Configure telemetry sources
    * Raise any issues via ticket
    * Samurai XDR application
    MDR Service DeliveryOrientation Meeting (within 14 days of introduction meeting)
    * Schedule and conduct MDR orientation conference call to include:
    * What to expect – how SOC analysts interact with you
    * Overview of Security Incident Reports
    * Support/Help resources
    * Schedule Threat Review meetings
    * Complete necessary Setup 
    * Attend scheduled orientation call
    * SOC

    * 24/7 monitoring and investigation of threats detected via Samurai XDR by Security Analysts
    * Security Incident Report(s) as a result of our SOC Analyst investigation(s) with recommendations
    * Security Incident notification options selected by you 
    * Access to Samurai XDR application to conduct your own threat investigations and threat hunts (outside MDR service delivery) if desired
    * Regular Threat Review meetings
    * Access to Incident Response retainer (if purchased)
    Threat Review (Quarterly during MDR Service Delivery)
    * Schedule regular Threat Review meetings which include:

    * Security Incident Management
    * Notable incidents during period
    * Review and ensure progress on any open Security Incidents

    * MDR scope reviews
    * Metrics (volume)
    * Implemented log sources
    * Improvements

    * Detection and response improvement recommendations
    * Attend scheduled Threat Review meetings* SOC
    Incident Response (IR) retainer (option)
    * Response to IR - analysts engagement e.g hunting, malware analysis* Invoke IR as needed via ticket* IR response

    Your Responsibilities

    Below are your primary responsibilities during onboarding. Additional responsibilities may arise as needed to support aspects of the implementation that are unique to your specific environment(s):

    • Create user accounts for additional users of the Samurai XDR application, maintain all user accounts, ensuring that contact information for each user is complete and accurate.
    • Deploy the Samurai XDR Collector(s) and successfully configure required integrations.
    • Configure and manage all resources required to support the deployment of Collector(s) - virtual / physical.
    • Configure and maintain supported on-premises log sources and cloud integrations in line with Samurai XDR requirements.
    • Ensure that all telemetry sources have connectivity required in order to interact with the Samurai XDR platform. This includes, but is not limited to, the ability to receive telemetry source feeds and evidence data as well as the ability to monitor and control any agents or virtual appliances installed in your environment for the purpose of providing the service.
    • Respond to NTTSH communications in a timely manner and ensure attendance of the necessary resources for all meetings to ensure timely completion of onboarding and during service lifecycle.
    • Bring a threat, identified in a security incident report, to closure.

    Your overall responsibilities for the service can be found in the MDR Service Description.