2. Overview Caretower are proposing the Managed Service Security solution for Endpoints and other products. Our managed services portfolio includes a
number of IT Security solutions such as Firewalls, SIEM, Penetration Testing, Mail and Web filtering and Endpoint Security. We began our
managed services offerings with our flagship product of McAfee ePO solutions outlined in this document. The product provides efficient and
effective management of the McAfee Endpoint Security strategic solutions. With major service architecture, infrastructure and even more
importantly mature managed services engineers, our managed services portfolio has expanded to include the Symantec Endpoint products
with enhanced functionalities such as reporting. The Sophos Endpoint products will also be added in few months as well as other vendor
security solutions.
Caretower Managed Security Service (the Managed Service) provides remote managed security services for customers. Caretower has
extensive experience of partnership with all major security vendors and provides vendor approved support for a range of security technologies
and products.This document describes Managed Security Service, which is a remote managed service for managing McAfee’s ePO console
with all the McAfee portfolio Endpoint products. Our Managed Service Terms and Conditions apply to all of Caretower’s managed services.
Caretower Managed
Security Service
The Managed Service operates on the principle
of proactive security management, deploying a
Network Management System (NMS) that
processes notifications and auto-generates
tickets for proactive remote management. This
facilitates proactive incident management and
also incorporates a change management
component. The Caretower infrastructure is
housed in a hosted environment, in redundant
configuration. Connectivity with the customer is
achieved by a remote encrypted connection to
the managed device(s) and via an NMS agent
installed on customer’s site to communicate with
the NMS server.
Customers can raise tickets by email or phone,
or by logging onto the Caretower Managed
Service web portal (the Web Portal).
Security Operations Centre (SOC)
The Caretower SOC (Secure Operation Centre) is manned 24x7x365 by experienced
network security engineers, all are certified in McAfee ePO products whilst others
specialises further in firewall and SIEM technologies. The SOC is secured with swipe
card access control and only authorised personnel have access. Physical and logical
access is controlled via a list of authorised personnel.
SOC engineers remotely manage and monitor customer devices proactively. Our
managed services follow a laid down procedures, within the ITIL model.*
3. Caretower's Service Elements
24x7 Management
The Managed Security Services are
delivered through the Caretower’s Security
Operations Centre (SOC), which operates
24 hours a day, 7 days a week, 365/366
days a year.
Co-manage
The customer may retain admin
privileges to the managed device –
if not on a fully managed contract.
System Availability
Checks
Caretower SOC is available to monitor
manage security devices 24x7x365.
Configuration Backup
Where possible a configuration
backup of the device shall be made.
Reporting
Monthly reports will be provided for the
managed device(s).
Portal
A Web Portal is provided to the customer to interface with
the Managed Service. The Customer CSM/CSO may
access the Web Portal through the Caretower Managed
Service web site. Access to the Web Portal is encrypted.
Additional Web Portal accounts can be requested but
these incur a one-off charge and should be ordered
through the Caretower account manager.
4. Caretower's Security
Some services require an onsite appliance to act as an
aggregator or management interface.
Where required they are available as either Caretower supplied
hardware or client provisioned and resourced virtual server.
Specifications vary on required service.
The Caretower Managed Security Service Appliance (CTMSSA) is
a Virtual Machine that has been developed by Caretower to collect
and interpret log file information at customer sites. It is sited close to
the devices that are to be managed on the customer’s site. The
CTMSSA reduces the amount of data that needs to be transferred
to the SOC and the amount of bandwidth required to operate the
Managed Service.
Security Appliance (Virtual Machine) Security Appliance (Hardware)
The hardware appliance is a physical device located on customer
sites. The CTMSSA is a device that has been developed by
Caretower to collect and interpret log information at customer sites.
It is sited close to the devices that are to be monitored according to
the relevant service contract. The appliance reduces the amount of
data that needs to be transferred to the Caretower SOC and the
amount of bandwidth required to operate the Managed Service.
Changes are managed to completion within the NMS, and are requested via the Web Portal. Change requests raised by
Customer will be approved by Caretower CAB if feasible, and conversely those raised by Caretower require approval from
Customer before implementation. In accordance with ITIL, non-impact changes do not need to go through change control.
Change Control
Incident Management
For the purposes of this specification reference to an 'incident' generally means an incident in
ITIL, which is an unplanned interruption to an IT service or a degradation of the quality of an IT
service. Reported incidents will be responded to within 30 minutes.
5. Managed ePO Service
Prior to the Managed Service going live, due diligence is carried out of the customer’s network and devices and components must meet minimum
requirements specified. A consultancy can be purchased to bring non-compliant components within scope. Set-up costs include a site visit to either a
new ePO installation, or update McAfee components to current versions on existing installations. This will also include installing NMS agents where
relevant. There are two models for implementation of the managed ePO service;
Onsite ePO Console
(existing or new installation)
This can either be an existing ePO
installation or else an ePO console can
be installed and configured for the
customer.
A site to site VPN is required. This will be
configured from the Caretower Firewall to
the customer's Firewall, connecting to the
ePO server.
Cloud ePO Console
Customer’s endpoints can also be managed from a hosted ePO server
hosted on Caretower’s infrastructure. Remote management is again either
via Site-to-site VPN from Caretower to the customer site, with the ePO
server hosted by Caretower, or via client-to-site VPN.
Alternatively a client-to-site VPN, from a CTMSSA is installed on the
customer’s site, terminating on the Caretower firewall and sending
endpoint notifications to the ePO console. An NMS agent
handler will be installed on the CTMSSA on the customer site, for
communication with endpoints.
An NMS agent is installed on the ePO server (or on Agent Handler for
the cloud based model), which sends notifications back to the NMS
server. The NMS also consists of a service desk and tickets are auto-
generated for alarms received from the ePO server. This system
ensures that a proactive service is delivered, with incidents being
investigated immediately after they occur.
The NMS dashboards and tickets are monitored by
experienced security engineers in Caretower.
Caretower Security Operations Centre
(SOC)
The Caretower SOC is manned by McAfee qualified SOC engineers. They
proactively check each customer ePO consoled daily by remote login,
following laid down procedure. Checks include;
● ePO Dashboards
● ePO Task Log for the previous day
● ePO Detected Systems
Additionally, endpoint incidents create notifications from the ePO console,
which in turn auto-create tickets in the NMS service desk and send emails
to the MSS mailbox. These incidents are investigated proactively, and
escalated accordingly if required. Unresolved incidents are escalated as per
the MSS escalation procedure until resolved**. Connectivity from the SOC
is via a secure VPN connection to the MSS infrastructure for remote
management of customer ePO consoles.
98% percent of ePO managed endpoints
connected to network up-to-date
compliance (N-1).
SLA
6. Managed ePO Service Elements
* Subject to customer fulfilling contractual requirements
**Caretower will not be responsible for failures or degradation beyond Caretower’s reasonable control, such as customer infrastructure, cabling, telecoms
service/equipment, power provision, utility suppliers, ISP etc.
7. Benefits of Caretower’s ePO Managed Security Service
To provide live 24/7 Managed Service globally
Dedicated GIAC Certified Digital Forensic Security Engineers (SANS (SysAdmin, Audit, Networking, and Security) Institute)
Full-onsite and hosted architecture options, depending on your requirements
We are CSA (Cloud Security Alliance) member and ISO 27001 Accredited
Why Caretower?
Speed of
Implementation
Flexible Dashboards
and Robust Reporting
24/7 Caretower Security
Operation Centre
Our Managed Security (for
McAfee ePO, Symantec Endpoint
and other) seamlessly integrates
with your network and can be up
running within days, not months.
We deliver instant result through
visibility of events and analyse
on a live dashboard with in-depth
reporting.
Our Managed Security brings you
comprehensive technical,
operational and trend reports that
communicate security status and
satisfy compliance requirements.
Dashboards are available out-of-
the-box and Caretower delivers
customisable dashboards to each
and every customer based on their
requirements.
Our Managed Security Service allows
you to be a user, not an
administrator. This means that you
have access to view the data and run
required reports whilst maintaining a
certain level of privileges. The ePO
service is constantly monitored by our
24/7 Security Operations Centre
where the team will carry out
monitoring, management and incident
response to security events and
alerts.
Get in touch: 020 8372 1000 / info@caretower.com / www.caretower.com
As an independent IT security specialist, with over 17 years experience, Caretower provide comprehensive solutions to individual problems, thus allowing
our recommendations to be unbiased. Over the years, Caretower has quickly established many long standing relationships with all of our vendors,
achieving the highest status within these organisations based on the level of expertise within our internal sales, support and professional services teams.
This relationship ensures we provide our customers with key changes within the industry which assists in their on-going security management strategy.