esENDPOINT for Carbon Black, Inc. Services
esENDPOINT Agent or Agent means the endpoint software agent utilized in providing the esENDPOINT Services and as further described below.
Endpoint Vendor means the publisher of endpoint software utilized as part of the cloud services but is licensed independently by the Client.
MSSP Partner means the relationship that eSentire will assume with an Endpoint Vendor on behalf of the Client.
Emergency Incident Response - The rapid mobilization and deployment activities aimed at quickly securing Client systems and networks, providing incident response services beyond what MDR provides. Covers the full lifecycle of an incident - containing the full extent of the attack (across all attack surfaces).
Embedded Incident Response - MDR will identify and contain the attacker (within the visibility and scope of the MDR service) and provide remediation guidance to the customer.
Forensic investigation – Salvaging as much information as possible from the Client’s systems and networks deemed in scope and regression analyzing that information to conclusively determine the full extent of compromised assets.
Litigation support – Any litigation support, including but not limited to expert and fact witness testimony.
Disaster recovery and business continuity planning – Assessment, execution and/or building of disaster recovery and continuity planning processes and techniques. Used to help an organization recover from a disaster and continue or resume routine business operations.
Business impact – Any quantification of the reputational, operational, compliance or financial impact to the customer’s business.
esENDPOINT is a managed service that provides protection against advanced cyberattacks targeting organizations’ endpoints and servers (the “esENDPOINT Services”), through the installation of the esENDPOINT Agents on Client’s premise endpoints including both workstations and servers. The esENDPOINT Agents communicate events, perform analyst queries and update status to an esENDPOINT Server. eSentire processes events from the esENDPOINT Server within the eSentire hosted infrastructure to create investigative events and information for the SOC.
The esENDPOINT Services include the following capabilities, dependent upon the service type specified:
- Powered by Leading Endpoint Technology. esENDPOINT Services uses leading endpoint technology provided by Carbon Black Response™ to provide insight into endpoint activity. The detection and investigation services are built on top of the endpoint platform, using APIs and services, and are combined with eSentire’s signal enrichment and processing. Investigations and alerts from threats are processed, enriched, executed and delivered to eSentire’s 24x7x365 SOC.
- Continuous and Centralized Recording. Continuously monitor, record, centralize and retain activity from every endpoint. Endpoints update status to esENDPOINT Servers typically once every thirty (30) seconds and the typical storage of events is up to thirty (30) days, allowing eSentire to:
- Root Cause. determine where and how the attack originated;
- Impact of Attack. determine what requires remediation;
- Patterns of Compromise. identify common bad behaviours; and
- Full Scope. identify which endpoints were attacked.
- Respond and Communicate. Alerts from the SOC upon detection of a threat are sent to the Client.
- Secure Endpoint Data. Events and endpoint data are stored on the esENDPOINT Server, with events matching security rules being sent to the SOC for investigation. Access to esENDPOINT Servers and data is privileged to eSentire analysts and systems support. Standard configuration allows access to esENDPOINT Servers from eSentire IP addresses only.
Provisioning of esENDPOINT Server. Dependent upon the service type specified:
- Cloud Hosted. eSentire will provide and support at least one (1) cloud hosted esENDPOINT server and additional severs where required for geographic availability (each, an “esENDPOINT Server”). Each set of locations within North America, will require one (1) esENDPOINT Server, and each set of locations within Europe, Middle East and Asia will require one (1) esENDPOINT Server.
- On Premise. eSentire will provide and support at least one (1) esENDPOINT Server and additional severs where required for geographic availability:
- Client will provide a virtual machine (“VM”) infrastructure to host the esENDPOINT Server.
- Client will install the esENDPOINT Server VM image in the Client’s VM infrastructure.
- eSentire will configure and remotely manage the esENDPOINT Server and its Software as part of the esENDPOINT Service. Client may access the configuration of such devices only when authorized by eSentire. eSentire shall access the configuration of other network devices only when authorized by Client and will do so through encrypted and secure means.
esENDPOINT Agents. eSentire will provide installation software, supporting documentation, guides and support for installation of the esENDPOINT Agents. The installation software will be made available to the designated contact in a secure manner. esENDPOINT Agents update without client intervention and will be maintained by eSentire at the latest version of detection software.
Agents will be installed by the Client and updates to the Agent software will not require Client action. Client will be responsible for ensuring esENDPOINT Agents are not prevented from communicating with the applicable esENDPOINT Server(s). The esENDPOINT Agents check in continuously with their associated esENDPOINT Server. When there is an update available, the endpoints will automatically update.
Client Responsibilities. Client is responsible for:
- Cloud Hosted, Management Only, renewing and extending of licenses for esENDPOINT Servers and esENDPOINT Agents from the Endpoint Vendor;
- granting access to any and all data and systems for receipt of the esENDPOINT Services;
- installing the esENDPOINT Agent software on workstations/endpoints, including any changes or updates to the endpoint which would have removed the esENDPOINT Agent software;
- ensuring no firewall rules or other blocking exists, as well as any other measure taken by Client, prevents the communication from endpoints to the esENDPOINT Server(s);
- obtaining all necessary licenses, permissions and consents to enable eSentire to access the Client’s network and servers in order to provide the esENDPOINT Services;
- providing the necessary resources, information, documentation and access to personnel, equipment and systems, as reasonably required by eSentire, to allow eSentire to perform the esENDPOINT Services; and
- ensuring added or changed endpoints have the esENDPOINT Agent installed.
Should Client fail to perform its obligations in the time and manner specified or contemplated above, or should any assumption set out herein with respect to the esENDPOINT Services fail to be valid or accurate, then eSentire will not be responsible for any related delay or damages.
Exclusions. The esENDPOINT Services exclude the design, creation, maintenance and enforcement of a security policy for Client. The MDR service does not provide emergency incident response (as defined above) including but not limited to deep forensic investigation, recovery support, litigation support, disaster recovery and business continuity planning, and/or the quantification of the business impact, with respect to all customer assets, whether currently under embedded incident response or not.
Reports and Confidentiality. eSentire will prepare reports related to the security alerts initiated or assisted by the esENDPOINT Services. Except for the purpose of fulfilling eSentire’s obligation under the Agreement, eSentire shall not disclose the information derived to any party for any purpose without express written consent from the Client and all Client information is bound by the Confidentiality provisions set out in the Terms and Conditions.