esNETWORK Services

Services Description. esNETWORK is a managed service that provides real-time monitoring of potential threats to Client systems, with the following standard services capabilities and modules (the “esNETWORK Services”):

  1. Intrusion Detection and Prevention. This capability facilitates the identification and mitigation of specific dangerous TCP traffic.
  2. Full Packet Capture and Playback. This capability allows for forensic analysis of suspicious activity after the fact.
  3. ExecutionerTM. This module that prevents “drive-by downloads” of malicious executables through domain white-listing technology.
  4. Asset Manager Protect (“AMP”). This module protects Client’s assets against threats known to eSentire using a global IP blacklist updated in near real-time by the SOC. The blacklist is updated each time a new threat or vector of infection is identified on any network monitored by the SOC.

Sensors. Upon the Parties executing an Order Form for the esNETWORK Services, eSentire will provide at least one (1) physical and/or virtual security appliance (a “Sensor”) for each location that is to receive the esNETWORK Services as detailed on the applicable Order Form. Sensors will be sized according to traffic volumes and storage requirements and identified on the applicable Order Form. Monitoring of Small Office Home Office (“SOHO”) Sensors will be restricted to internal network traffic only.

Sensor(s) will be deployed with one or more SPAN(s) to analyze network traffic flows of the following types:

  1. External Network (Internet) to Internal Network.
  2. Internal Network to External Network (Internet).
  3. Other data segments depending on the volume of data to be monitored and capacity of the implemented Sensor (VPN, DMZ, VoIP, Market Data, etc.).
  4. For SOHO Sensor Only: Home network user traffic should be segregated from business user traffic. Non business users should not have access to the eSentire SOHO solution.
  5. For SOHO Sensor Only: Sensor deployment on the local network needs to support Ethernet (IEEE 802.3x) standards and throughputs. WAN/Internet (site-site VPN) needs to support typical consumer broadband services available from major network operations (e.g. Cable, DSL, FTTx, WiMax, etc.).

The Sensor(s) will analyze the network traffic to watch for:

  1. Reconnaissance attempts through scanning of Client networks by unauthorized individuals.
  2. Specific attack attempts by unauthorized individuals using hacking tools.
  3. Traffic generated by infected systems (Client computers compromised by specific viruses or worms).
  4. Misconfigured internal systems (Client computers generating inappropriate traffic).
  5. Security Policy/Acceptable Use Violations (Employees using the network for inappropriate uses).

eSentire will configure and remotely manage the Sensor and its embedded software as part of the esNETWORK Services. Client may only access the configuration of such Sensor with eSentire’s prior written authorization. eSentire shall only access the configuration of other network devices connected to the Sensor with Client’s authorization, and shall do so through an encrypted and secure means.

Service Level Objectives. Each Sensor has ongoing 24x7x365 monitoring with an objective twenty (20) minutes or less initial response time for human threat assessment and Client alert. The following describes the alerting policy and escalation matrix followed by eSentire:

Severity Priority

Alert Category

Notification/Escalation

Low (P4)

Minor activity is recorded but not alerted.

  • None

Medium (P3)

Acceptable Use Policy violations. Includes SSH/RDP/FTP connections, P2P activity, Proxy Usage, or Teamviewer/Logmein/Skype usage.

  • Automated email notification within 120 minutes of reception of the policy violation event on the eSentire platform.

High (P2)

Threat activity that does not require immediate attention. If left unchecked, these events may lead to more severe security incidents.

  • Email notification within 40 minutes of determination of the security event by the SOC.

Critical (P1)

Threat activity that requires immediate attention. These items may indicate that a severe security incident is underway or is imminent.

This category also includes issues that indicate a disruption in eSentire service.

  • Email notification within 20 minutes of determination of the security event by the SOC.
  • Phone call escalation from the SOC if a customer acknowledgement is not received for the initial email notification.

Client Responsibilities. Client is responsible for:

  1. any and all data and systems which Client grants access to for receipt of the esNETWORK Services;
  2. obtaining all necessary licenses, permissions and consents to enable eSentire to access the Client’s network and servers in order to provide the esNETWORK Services;
  3. designating a Project Coordinator to work directly with and serve as the primary Client contact with eSentire for the duration of Client’s receipt of the esNETWORK Services;
  4. providing eSentire a complete copy of its security (including privacy) policies, as available. Client is solely responsible for creating, maintaining and enforcing its security policies to protect the security of Client Data and Systems;
  5. its choice of equipment, systems, software and online content;
  6. providing the necessary resources, information, documentation and access to personnel, equipment and systems, as reasonably required by eSentire, to allow eSentire to perform the esNETWORK Services;
  7. providing a current network topology diagram to ensure capturing the correct traffic and correct configuration of the esNETWORK Services;
  8. notifying eSentire in advance of any network changes that will affect Client’s network topology and /configuration so that all relevant traffic is being captured within the Sensor; and
  9. communicating all network infrastructure changes to eSentire. Effective monitoring requires that ability to SPAN an interface on any applicable segment.

In event Client fails to perform its obligations in the time and manner specified or contemplated above, or should any assumption outlined herein with respect to the esNETWORK Services fail to be valid or accurate, then eSentire will not be responsible for any related delay or damages. In the event that Client fails to notify eSentire of network changes as contemplated above, then eSentire shall be released from any and all obligations to monitor the Client’s network until Client has notified eSentire of such change.

Exclusions. The esNETWORK Services exclude the following:

  1. the design, creation, maintenance and enforcement of a security policy for Client;
  2. eSentire attempting to access Client’s servers without Client’s express written or verbal consent; and
  3. eSentire is not responsible to provide network hardware required to SPAN networks (such as switches, hubs, or network taps) and has no liability or responsibility in the event of inability to SPAN any interface.

Reports and Confidentiality. eSentire will prepare reports related to the information obtained through the esNETWORK Services. Except for the purpose of fulfilling eSentire’s obligation under this Agreement, eSentire shall not disclose the information derived to any party for any purpose without express written consent from the Client and all Client information is bound by the Confidentiality provisions set out in the Terms and Conditions.