Caretower's Managed ePO Service

Ove

rvie

wCaretower are proposing the Managed Service Security solution for Endpoints and other products. Our managed services portfolio includes anumber of IT Security solutions such as Firewalls, SIEM, Penetration Testing, Mail and Web filtering and Endpoint Security. We began ourmanaged services offerings with our flagship product of McAfee ePO solutions outlined in this document. The product provides efficient andeffective management of the McAfee Endpoint Security strategic solutions. With major service architecture, infrastructure and even moreimportantly mature managed services engineers, our managed services portfolio has expanded to include the Symantec Endpoint productswith enhanced functionalities such as reporting. The Sophos Endpoint products will also be added in few months as well as other vendorsecurity solutions.

Caretower Managed Security Service (the Managed Service) provides remote managed security services for customers. Caretower has extensive experience of partnership with all major security vendors and provides vendor approved support for a range of security technologiesand products.This document describes Managed Security Service, which is a remote managed service for managing McAfee’s ePO consolewith all the McAfee portfolio Endpoint products. Our Managed Service Terms and Conditions apply to all of Caretower’s managed services.

Caretower ManagedSecurity Service

The Managed Service operates on the principleof proactive security management, deploying aNetwork Management System (NMS) thatprocesses notifications and auto-generatestickets for proactive remote management. Thisfacilitates proactive incident management andalso incorporates a change managementcomponent. The Caretower infrastructure ishoused in a hosted environment, in redundantconfiguration. Connectivity with the customer isachieved by a remote encrypted connection tothe managed device(s) and via an NMS agentinstalled on customer’s site to communicate withthe NMS server.

Customers can raise tickets by email or phone,or by logging onto the Caretower ManagedService web portal (the Web Portal).

Security Operations Centre (SOC)

The Caretower SOC (Secure Operation Centre) is manned 24x7x365 by experiencednetwork security engineers, all are certified in McAfee ePO products whilst othersspecialises further in firewall and SIEM technologies. The SOC is secured with swipecard access control and only authorised personnel have access. Physical and logicalaccess is controlled via a list of authorised personnel.

SOC engineers remotely manage and monitor customer devices proactively. Ourmanaged services follow a laid down procedures, within the ITIL model.*

Caretower's Service Elements

24x7 Management

The Managed Security Services aredelivered through the Caretower’s SecurityOperations Centre (SOC), which operates24 hours a day, 7 days a week, 365/366

days a year.

Co-manage

The customer may retain adminprivileges to the managed device –if not on a fully managed contract. System Availability

Checks

Caretower SOC is available to monitormanage security devices 24x7x365.

Configuration Backup

Where possible a configurationbackup of the device shall be made.

Reporting

Monthly reports will be provided for themanaged device(s).

Portal

A Web Portal is provided to the customer to interface withthe Managed Service. The Customer CSM/CSO may

access the Web Portal through the Caretower ManagedService web site. Access to the Web Portal is encrypted.

Additional Web Portal accounts can be requested butthese incur a one-off charge and should be ordered

through the Caretower account manager.

Caretower's Security

Some services require an onsite appliance to act as anaggregator or management interface.

Where required they are available as either Caretower suppliedhardware or client provisioned and resourced virtual server.Specifications vary on required service.

The Caretower Managed Security Service Appliance (CTMSSA) isa Virtual Machine that has been developed by Caretower to collectand interpret log file information at customer sites. It is sited close tothe devices that are to be managed on the customer’s site. TheCTMSSA reduces the amount of data that needs to be transferredto the SOC and the amount of bandwidth required to operate theManaged Service.

Security Appliance (Virtual Machine) Security Appliance (Hardware)The hardware appliance is a physical device located on customersites. The CTMSSA is a device that has been developed byCaretower to collect and interpret log information at customer sites.It is sited close to the devices that are to be monitored according tothe relevant service contract. The appliance reduces the amount ofdata that needs to be transferred to the Caretower SOC and theamount of bandwidth required to operate the Managed Service.

Changes are managed to completion within the NMS, and are requested via the Web Portal. Change requests raised byCustomer will be approved by Caretower CAB if feasible, and conversely those raised by Caretower require approval fromCustomer before implementation. In accordance with ITIL, non-impact changes do not need to go through change control.

Change Control

Incident ManagementFor the purposes of this specification reference to an 'incident' generally means an incident inITIL, which is an unplanned interruption to an IT service or a degradation of the quality of an ITservice. Reported incidents will be responded to within 30 minutes.

Managed ePO ServicePrior to the Managed Service going live, due diligence is carried out of the customer’s network and devices and components must meet minimumrequirements specified. A consultancy can be purchased to bring non-compliant components within scope. Set-up costs include a site visit to either anew ePO installation, or update McAfee components to current versions on existing installations. This will also include installing NMS agents whererelevant. There are two models for implementation of the managed ePO service;

Onsite ePO Console(existing or new installation)

This can either be an existing ePOinstallation or else an ePO console can

be installed and configured for thecustomer.

A site to site VPN is required. This will beconfigured from the Caretower Firewall tothe customer's Firewall, connecting to the

ePO server.

Cloud ePO Console

Customer’s endpoints can also be managed from a hosted ePO serverhosted on Caretower’s infrastructure. Remote management is again either

via Site-to-site VPN from Caretower to the customer site, with the ePOserver hosted by Caretower, or via client-to-site VPN.

Alternatively a client-to-site VPN, from a CTMSSA is installed on the customer’s site, terminating on the Caretower firewall and sending

endpoint notifications to the ePO console. An NMS agenthandler will be installed on the CTMSSA on the customer site, for

communication with endpoints.

An NMS agent is installed on the ePO server (or on Agent Handler for the cloud based model), which sends notifications back to the NMS

server. The NMS also consists of a service desk and tickets are auto-generated for alarms received from the ePO server. This system ensures that a proactive service is delivered, with incidents being

investigated immediately after they occur.

The NMS dashboards and tickets are monitored by experienced security engineers in Caretower.

Caretower Security Operations Centre(SOC)

The Caretower SOC is manned by McAfee qualified SOC engineers. Theyproactively check each customer ePO consoled daily by remote login,following laid down procedure. Checks include;● ePO Dashboards● ePO Task Log for the previous day● ePO Detected SystemsAdditionally, endpoint incidents create notifications from the ePO console,which in turn auto-create tickets in the NMS service desk and send emailsto the MSS mailbox. These incidents are investigated proactively, andescalated accordingly if required. Unresolved incidents are escalated as perthe MSS escalation procedure until resolved**. Connectivity from the SOCis via a secure VPN connection to the MSS infrastructure for remotemanagement of customer ePO consoles.

98% percent of ePO managed endpointsconnected to network up-to-date

compliance (N-1).

SLA

Managed ePO Service Elements

* Subject to customer fulfilling contractual requirements**Caretower will not be responsible for failures or degradation beyond Caretower’s reasonable control, such as customer infrastructure, cabling, telecomsservice/equipment, power provision, utility suppliers, ISP etc.

Benefits of Caretower’s ePO Managed Security Service

To provide live 24/7 Managed Service globallyDedicated GIAC Certified Digital Forensic Security Engineers (SANS (SysAdmin, Audit, Networking, and Security) Institute)Full-onsite and hosted architecture options, depending on your requirementsWe are CSA (Cloud Security Alliance) member and ISO 27001 Accredited

Why Caretower?

Speed ofImplementation

Flexible Dashboardsand Robust Reporting

24/7 Caretower SecurityOperation Centre

Our Managed Security (forMcAfee ePO, Symantec Endpointand other) seamlessly integrateswith your network and can be uprunning within days, not months.We deliver instant result throughvisibility of events and analyse

on a live dashboard with in-depthreporting.

Our Managed Security brings youcomprehensive technical,

operational and trend reports thatcommunicate security status andsatisfy compliance requirements.Dashboards are available out-of-the-box and Caretower delivers

customisable dashboards to eachand every customer based on their

requirements.

Our Managed Security Service allowsyou to be a user, not an

administrator. This means that youhave access to view the data and runrequired reports whilst maintaining acertain level of privileges. The ePO

service is constantly monitored by our24/7 Security Operations Centre

where the team will carry outmonitoring, management and incident

response to security events andalerts.

Get in touch: 020 8372 1000 / info@caretower.com / www.caretower.com

As an independent IT security specialist, with over 17 years experience, Caretower provide comprehensive solutions to individual problems, thus allowingour recommendations to be unbiased. Over the years, Caretower has quickly established many long standing relationships with all of our vendors,achieving the highest status within these organisations based on the level of expertise within our internal sales, support and professional services teams.This relationship ensures we provide our customers with key changes within the industry which assists in their on-going security management strategy.