Breadcrumbs

Managed Detection & Response - Threatdown Implementation SOW

Introduction

The customer is looking to deploy Threatdown Endpoint Detection & Response as their anti-malware and antivirus solution for the organization’s endpoints (workstations and laptops). Threatdown EDR is a non-disruptive, lightweight endpoint agent that helps detect & protect against “zero-day” threats.

Scope of Work

The following activities will be performed as part of this deployment:

Phase 1 - Discovery and Initial Requirements:

  • Project Kickoff

    • Your Electric Customer Success Manager will send a kickoff email which includes initial requirement gathering before we can proceed with the deployment as well as a deployment questionnaire for you to complete.

    • Once requirements have been provided and the questionnaire has been completed, the deployment will be assigned to a member from the Electric Product Support team who will contact you via email within 1-2 business days.

Phase 2 - Configuration:

  • Electric creates Customer Site in Threatdown Admin Console and procures licenses based on contracted quantity

  • Electric adds designated POC as Site Admin to the Threatdown console

  • Electric applies the following Default Policy settings (in line with Threatdown EDR best practices):

    • Endpoint agent

    • Tamper protection

    • Protection settings

    • Scan settings

    • Endpoint Detection and Response

    • Software management

  • Electric creates Site Admin in the Threatdown console for the customer POC, and assigns that Site admin to the Primary Contact for the MDR Team to contact.

    • Electric assigns a second and/or alternate contact for the MDR team to contact if provided in the Deployment Questionnaire

  • Electric Creates MDM Installation Policies (Pro Customers only)

    • Configuration of MDM policies for device installation

Phase 3 - Deployment and Troubleshooting:

  • Deployment:

    • Pro Customers: Threatdown will be deployed to the organization via Electric MDM. Once users enroll their devices in MDM, they will receive the Threatdown agent and policies automatically.

      • Note: This is a silent deployment that does not require any end user action and will not cause end user disruption.

    • Quickstart Customers: Electric will provide installation links to the Customer POC for both Mac and Windows machines to share with their organization for full deployment.

  • Troubleshooting:

    • POC may reach out to the Product Specialist working on the deployment to report any potential problems upon initial rollout.

    • After project completion, Customer can get support by emailing support@electric.ai

Phase 4 - Closing:

  • Electric will reach out to the customer and provide documentation necessary for onboarding new users (if applicable).

  • Electric will explain the support model for the MDR Service, and when the MDR team may contact the customer in certain threat scenarios

  • Customers will sign off on project completion via email and Electric will close the project internally.

Customer Responsibilities

The following are a list of customer responsibilities:

  • Pro Customers Only: Customer is responsible for configuration of MDM for their organization in the IT hub prior to deployment.

  • Customer is responsible for removal of any previous antivirus software on all machines prior to deployment.

  • Customer primary POCs are responsible for coordination with the rest of the customer organization.

  • Customer is responsible for communication with the Threatdown MDR team either via email, phone call or through the Nebula support console.

Completion Criteria

The following criteria will determine project completion:

  • Creation of Threatdown site and assignment of licenses

  • Confirmation of Electric Default Policy

    • Endpoint agent

    • Tamper protection

    • Protection settings

    • Scan settings

    • Endpoint Detection and Response

    • Software management

  • Creation of MDM Installation Policies (if applicable)

  • Creation of Site Admin for the MDR Contacts

  • Closeout email provided by Electric Product Support with relevant help documentation and resources

  • Customer Satisfaction Rating provided, shared via email at project closure by the Product Support team.

Assumptions and Prerequisites

  • All additional work that is not defined and covered by this statement of work will constitute a change order/amendment.

  • All work will be completed during business hours. If after hour or weekend work is requested, it will impact pricing and require a scope change.

  • Customer devices have no pre-existing issues & are checking in regularly.

  • Customer must contact Electric Product Support for any pre-existing devices or MDM-related issues.

  • Customer must contact Electric Product Support for any additional issues after project sign off.

  • Customer will handle billing and termination of the previous antivirus platform.

  • Project troubleshooting consists of issues that are patterns specific to Threatdown EDR.

  • Admin access to customer computers must be confirmed to run the installer.

  • Customer computers must be on supported OS for Threatdown EDR agent. System requirements documentation can be found here.

  • Threatdown will be both installed on existing managed computers and newly enrolled computers via MDM (if applicable).

  • Items that are out of scope for this project:

    • Servers

    • Multiple pilot groups

    • Custom policies

    • Removal of previous antivirus software from environment

    • Compliance Requirements (Any compliance required documentation or work related to get compliant is not included)

    • Custom scripting of removal of current or old antivirus software

    • Troubleshooting of current or old antivirus software