Managed Detection & Response - Threatdown Implementation SOW

Introduction

The customer is looking to deploy Threatdown Endpoint Detection & Response as their anti-malware and antivirus solution for the organization’s endpoints (workstations and laptops). Threatdown EDR is a non-disruptive, lightweight endpoint agent that helps detect & protect against “zero-day” threats.

Scope of Work

The following activities will be performed as part of this deployment:

Phase 1 - Discovery and Initial Requirements:

• Project Kickoff

  • Your Electric Customer Success Manager will send a kickoff email which includes initial requirement gathering before we can proceed with the deployment as well as a deployment questionnaire for you to complete.

  • Once requirements have been provided and the questionnaire has been completed, the deployment will be assigned to a member from the Electric Product Support team who will contact you via email within 1-2 business days.

Phase 2 - Configuration:

• Electric creates Customer Site in Threatdown Admin Console and procures licenses based on contracted quantity

• Electric adds designated POC as Site Admin to the Threatdown console

• Electric applies the following Default Policy settings (in line with Threatdown EDR best practices):

  • Endpoint agent

  • Tamper protection

  • Protection settings

  • Scan settings

  • Endpoint Detection and Response

  • Software management

• Electric creates Site Admin in the Threatdown console for the customer POC, and assigns that Site admin to the Primary Contact for the MDR Team to contact.

  • Electric assigns a second and/or alternate contact for the MDR team to contact if provided in the Deployment Questionnaire

• Electric Creates MDM Installation Policies (Pro Customers only)

  • Configuration of MDM policies for device installation

Phase 3 - Deployment and Troubleshooting:

• Deployment:

  • Pro Customers: Threatdown will be deployed to the organization via Electric MDM. Once users enroll their devices in MDM, they will receive the Threatdown agent and policies automatically.

    • Note: This is a silent deployment that does not require any end user action and will not cause end user disruption.

  • Quickstart Customers: Electric will provide installation links to the Customer POC for both Mac and Windows machines to share with their organization for full deployment.

• Troubleshooting:

  • POC may reach out to the Product Specialist working on the deployment to report any potential problems upon initial rollout.

  • After project completion, Customer can get support by emailing support@electric.ai

Phase 4 - Closing:

• Electric will reach out to the customer and provide documentation necessary for onboarding new users (if applicable).

• Electric will explain the support model for the MDR Service, and when the MDR team may contact the customer in certain threat scenarios

• Customers will sign off on project completion via email and Electric will close the project internally.

Customer Responsibilities

The following are a list of customer responsibilities:

• Pro Customers Only: Customer is responsible for configuration of MDM for their organization in the IT hub prior to deployment.

• Customer is responsible for removal of any previous antivirus software on all machines prior to deployment.

• Customer primary POCs are responsible for coordination with the rest of the customer organization.

• Customer is responsible for communication with the Threatdown MDR team either via email, phone call or through the Nebula support console.

Completion Criteria

The following criteria will determine project completion:

• Creation of Threatdown site and assignment of licenses

• Confirmation of Electric Default Policy

  • Endpoint agent

  • Tamper protection

  • Protection settings

  • Scan settings

  • Endpoint Detection and Response

  • Software management

• Creation of MDM Installation Policies (if applicable)

• Creation of Site Admin for the MDR Contacts

• Closeout email provided by Electric Product Support with relevant help documentation and resources

• Customer Satisfaction Rating provided, shared via email at project closure by the Product Support team.

Assumptions and Prerequisites

• All additional work that is not defined and covered by this statement of work will constitute a change order/amendment.

• All work will be completed during business hours. If after hour or weekend work is requested, it will impact pricing and require a scope change.

• Customer devices have no pre-existing issues & are checking in regularly.

• Customer must contact Electric Product Support for any pre-existing devices or MDM-related issues.

• Customer must contact Electric Product Support for any additional issues after project sign off.

• Customer will handle billing and termination of the previous antivirus platform.

• Project troubleshooting consists of issues that are patterns specific to Threatdown EDR.

• Admin access to customer computers must be confirmed to run the installer.

• Customer computers must be on supported OS for Threatdown EDR agent. System requirements documentation can be found here.

• Threatdown will be both installed on existing managed computers and newly enrolled computers via MDM (if applicable).

• Items that are out of scope for this project:

  • Servers

  • Multiple pilot groups

  • Custom policies

  • Removal of previous antivirus software from environment

  • Compliance Requirements (Any compliance required documentation or work related to get compliant is not included)

  • Custom scripting of removal of current or old antivirus software

  • Troubleshooting of current or old antivirus software