Enhanced Security Services

Enhanced Security Services – Active Directory Security Event Management (AD SEM)

CHANGE CONTROL AUDITING

All Covered will proactively monitor Windows Active Directory, installed software, and installed patches to provide change control auditing. These events will be monitored to provide audit trails for user account change controls. Monitoring these types of events will enable Client to better detect suspicious behavior and intrusion attempts and enforce accountability of administrators.

We will monitor and report on the following Active Directory accounts:

  • Users Accounts Created, Deleted, Disabled or Modified
  • Users Added to Groups
  • Windows Server Logon Attempts via Remote Desktop
  • Devices Added or Removed from the Domain
  • Accounts Locked and Unlocked

SECURITY EVENT ALERTING

All Covered will monitor security events for suspicious behavior based on expert security analytics to provide Client with security event alerts. The following security alerting measures will be implemented:

  • Actionable incidents are created from correlated events
  • Automated alerts sent directly to All Covered’s ticketing system
  • Follow client’s escalation procedures for security incident response
  • All Covered performs a daily review and analysis of security events

Enhanced Security Services – Security Information and Event Management (SIEM)

CHANGE CONTROL AUDITING

All Covered will proactively monitor Windows Active Directory, installed software, and installed patches to provide change control auditing. These events will be monitored to provide audit trails for user account change controls. Monitoring these types of events will enable Client to better detect suspicious behavior and intrusion attempts and enforce accountability of administrators.

We will monitor and report on the following Active Directory accounts:

  • Users Accounts Created, Deleted, Disabled or Modified
  • Windows Users Added to Groups
  • Windows Audit Policy Changes
  • Windows Domain Controller Config Changes
  • Server Installed Software
  • Server Installed Patches
  • Windows Server Logon Attempts via Remote Desktop
  • Devices Added or Removed from the Domain
  • Accounts Locked and Unlocked

SECURITY EVENT ALERTING

All Covered will monitor security events for suspicious behavior based on expert security analytics to provide Client with security event alerts. The following security alerting measures will be implemented:

  • Actionable incidents are created from correlated events;
  • Automated alerts sent directly to All Covered’s ticketing system;
  • Follow Client’s escalation procedures for security incident response;
  • All Covered Security Team works with Client to remediate the threat or attack;
  • All Covered performs a daily review and analysis of security events.

Enhanced Security Services – AD SEM AND SIEM

SECURITY EVENT REPORTING

All Covered will provide Client’s management team with actionable event tickets and event reports so that Client may better monitor and track Active Directory security events.

– REAL-TIME ACTIONABLE SERVICE TICKETS

Real-time actionable service tickets are generated for Security Event Alerting. Each ticket documents the event and provides descriptive details. All service tickets are securely accessible via the All Covered ticketing portal.

– WEEKLY DETAILED REPORTS FOR CHANGE CONTROL AUDITING AND SECURITY EVENT AUDITING

All Covered will provide weekly reports consisting of all logged security events from the previous week. The following data will be provided:

Device: The device that recorded the event

User Name: The user(s) involved in the action (if applicable)

Event Time: The time the event occurred

– TOTAL SECURITY EVENTS BY REPORTING IP ADDRESS

A report of the total security events by IP address is issued monthly and provides Client with a report on all security events.

– SECURITY EVENT LOG RETENTION

Raw data logs will be retained for twelve (12) months. Reporting data will be maintained for three (3) years or in accordance with State-mandated retention requirements.

Enhanced Security Services Warranty

(a) All Covered warrants that all Enhanced Security Services shall be performed in substantially in accordance with the applicable Statement of Work. All Covered’s entire liability for a warranty claim, and Client’s sole and exclusive remedy under this warranty, will be limited to a refund of the service fees paid by Client for the Enhanced Security Services Warranty in the month in which the event giving rise to the warranty claim first occurred. All Covered shall have no obligation with respect to a warranty claim (i) if notified of such claim more than five (5) days after the first occurrence of the event giving rise to the claim or (ii) if the claim is the result of third-party hardware or software failures, or the actions of Client or a third party.

(b) THIS IS THE ONLY WARRANTY MADE BY ALL COVERED REGARDING THE SIEM SERVICES. ALL COVERED HEREBY DISCLAIMS ALL OTHER WARRANTIES, CONDITIONS OR UNDERTAKINGS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. ALL COVERED MAKES NO WARRANTY, REPRESENTATION, OR GUARANTEE THAT THE ENHANCED SECURITY SERVICES WILL BE UNINTERRUPTED, ERROR-FREE OR FAIL-SAFE. ALL COVERED SPECIFICALLY DISCLAIMS ANY WARRANTY, REPRESENTATION OR GUARANTEE THAT THE SIEM SERVICES WILL MEET CLIENT’S REQUIREMENTS OR PROTECT AGAINST ANY SECURITY THREATS.