esENDPOINT for Carbon Black, Inc. Services
“esENDPOINT Agent” or “Agent” means the endpoint software agent utilized in providing the esENDPOINT Services and as further described below.
“Endpoint Vendor” means the publisher of endpoint software utilized as part of the cloud services but is licensed independently by the Client.
“MSSP Partner” means the relationship that eSentire will assume with an Endpoint Vendor on behalf of the Client.
esENDPOINT is a managed service that provides protection against advanced cyberattacks targeting organizations’ endpoints and servers (the “esENDPOINT Services”), through the installation of the esENDPOINT Agents on Client’s premise endpoints including both workstations and servers. The esENDPOINT Agents communicate events, perform analyst queries and update status to an esENDPOINT Server. eSentire processes events from the esENDPOINT Server within the eSentire hosted infrastructure to create investigative events and information for the SOC.
The esENDPOINT Services include the following capabilities, dependent upon the service type specificed:
- Powered by Leading Endpoint Technology. esENDPOINT Services uses leading endpoint technology provided by Carbon Black Response™ to provide insight into endpoint activity. The detection and investigation services are built on top of the endpoint platform, using APIs and services, and are combined with eSentire’s signal enrichment and processing. Investigations and alerts from threats are processed, enriched, executed and delivered to eSentire’s 24x7x365 SOC.
- Continuous and Centralized Recording. Continuously monitor, record, centralize and retain activity from every endpoint. Endpoints update status to esENDPOINT Servers typically once every thirty (30) seconds and the typical storage of events is up to thirty (30) days, allowing eSentire to:
- Root Cause. determine where and how the attack originated;
- Impact of Attack. determine what requires remediation;
- Patterns of Compromise. identify common bad behaviours; and
- Full Scope. identify which endpoints were attacked.
- Endpoint Threat Intelligence. Up-to-date threat intelligence from third party and eSentire’s own Threat Intelligence Team are frequently updated and delivered automatically to the esENDPOINT Server.
- Respond and Communicate. Alerts from the SOC upon detection of a threat are sent to the Client.
- Secure Endpoint Data. Events and endpoint data are stored on the esENDPOINT Server, with events matching security rules being sent to the SOC for investigation. Access to esENDPOINT Servers and data is privileged to eSentire analysts and systems support. Standard configuration allows access to esENDPOINT Servers from eSentire IP addresses only.
Provisioning of esENDPOINT Server. Dependent upon the service type specificed:
- Cloud Hosted. eSentire will provide and support at least one (1) cloud hosted esENDPOINT server and additional severs where required for geographic availability (each, an “esENDPOINT Server”). Each set of locations within North America, will require one (1) esENDPOINT Server, and each set of locations within Europe, Middle East and Asia will require one (1) esENDPOINT Server.
- On Premise. eSentire will provide and support at least one (1) esENDPOINT Server and additional severs where required for geographic availability:
- Client will provide a virtual machine (“VM”) infrastructure to host the esENDPOINT Server.
- Client will install the esENDPOINT Server VM image in the Client’s VM infrastructure.
- eSentire will configure and remotely manage the esENDPOINT Server and its Software as part of the esENDPOINT Service. Client may access the configuration of such devices only when authorized by eSentire. eSentire shall access the configuration of other network devices only when authorized by Client and will do so through encrypted and secure means.
- Cloud Hosted, Management Only. The Client will communicate to the Endpoint Vendor that eSentire will be managing the Endpoint Server and Agents, and be acting as the MSSP Partner for the purposes of delivering the esENDPOINT Services.
esENDPOINT Agents. eSentire will provide installation software, supporting documentation, guides and support for installation of the esENDPOINT Agents. The installation software will be made available to the designated contact in a secure manner. esENDPOINT Agents update without client intervention and will be maintained by eSentire at the latest version of detection software.
Agents will be installed by the Client and updates to the Agent software will not require Client action. Client will be responsible for ensuring esENDPOINT Agents are not prevented from communicating with the applicable esENDPOINT Server(s). The esENDPOINT Agents check in continuously with their associated esENDPOINT Server. When there is an update available, the endpoints will automatically update.
Client Responsibilities. Client is responsible for:
- Cloud Hosted, Management Only, renewing and extending of licenses for esENDPOINT Servers and esENDPOINT Agents from the Endpoint Vendor;
- granting access to any and all data and systems for receipt of the esENDPOINT Services;
- installing the esENDPOINT Agent software on workstations/endpoints, including any changes or updates to the endpoint which would have removed the esENDPOINT Agent software;
- ensuring no firewall rules or other blocking exists, as well as any other measure taken by Client, prevents the communication from endpoints to the esENDPOINT Server(s);
- obtaining all necessary licenses, permissions and consents to enable eSentire to access the Client’s network and servers in order to provide the esENDPOINT Services;
- providing the necessary resources, information, documentation and access to personnel, equipment and systems, as reasonably required by eSentire, to allow eSentire to perform the esENDPOINT Services; and
- ensuring added or changed endpoints have the esENDPOINT Agent installed.
Should Client fail to perform its obligations in the time and manner specified or contemplated above, or should any assumption set out herein with respect to the esENDPOINT Services fail to be valid or accurate, then eSentire will not be responsible for any related delay or damages.
Exclusions. The esENDPOINT Services exclude the design, creation, maintenance and enforcement of a security policy for Client.
Reports and Confidentiality. eSentire will prepare reports related to the security alerts initiated or assisted by the esENDPOINT Services. Except for the purpose of fulfilling eSentire’s obligation under the Agreement, eSentire shall not disclose the information derived to any party for any purpose without express written consent from the Client and all Client information is bound by the Confidentiality provisions set out in the Terms and Conditions.