This topic describes the service content provided by Managed Detection and Response (MDR) of Managed Security Service (MSSP).
Service type | Service content | Delivery content description | Deliverable | Service level agreement (SLA) |
Security consultation | Provide consultation related to basic security products, including Security Center, Web Application Firewall (WAF), Anti-DDoS, and Cloud Firewall. Examples: consultation on configuration issues, analysis of policy anomalies, and exception handling. The bot management module of WAF is excluded. | Troubleshooting for cloud security products. | ● Notifications pushed in DingTalk groups. ● Summary in routine reports. | The following services are provided during normal business hours: Consultation responses within 30 minutes during business hours are supported based on your business requirements, and closed-loop handling of consultation-type tickets within 72 hours is supported. |
Guidance in optimizing cloud product policies. | ||||
Consultation on cloud security products. | ||||
Security risk assessment | Assess the overall security, analyze major risks and exposures, and help you identify risks in the cloud. | Assessment of security operations capabilities Assess security maturity by conducting interviews and surveys and provide advice on security system construction. | ● Security Assessment Report ● Continuously perform security risk monitoring, provide fixing and hardening suggestions, and help you evaluate the potential risks and harden security. | During the service period, an assessment is conducted each quarter. (Your Security Center edition must be Enterprise or higher. The detailed assessment content and items vary based on your Security Center edition.) |
Assessment of network architecture risks Check whether your policies for network access control are appropriate and provide advice on optimizing inappropriate policies. | ||||
Assessment of cloud product security Conduct baseline inspections and risk management for cloud hosts and provide fixing advice and best practices for risk management. System vulnerability inspections are covered. | ||||
Risk assessment of exposures and attack surfaces Conduct periodic detection and management of asset exposures and vulnerabilities on cloud hosts and cloud workloads, manually analyze reports, and provide fixing advice and best practices for risk management. Internet exposure risks, scanning of vulnerable ports, and web vulnerabilities are covered. | ||||
Risk assessment of account security Conduct detection and risk assessment of AccessKey pair leaks. | ||||
Risk assessment of application system security | ||||
Risk assessment of configurations of cloud security products | ||||
Security monitoring |
| Monitor the security status of cloud security products, such as WAF, Anti-DDoS, Security Center, and Cloud Firewall. The bot management module of WAF is excluded. | Notifications pushed in DingTalk groups. | Notifications pushed in DingTalk groups. The following services are provided during normal business hours: response to alerts within 30 minutes, closed-loop handling of alerts within the current day, and inspections of Security Center, Cloud Firewall, and Anti-DDoS at 15-minute intervals. |
Security hardening | Develop a checklist based on your actual alerts and relevant industry standards. If a security incident occurs, help you perform security hardening in an efficient manner. | Security product configuration: Help you add services to security products and configure policies for security products. | Security Vulnerability Hardening Checklist | Supported. |
Incident response | If a security incident occurs, provide the following items: methods for suppression, elimination, and recovery, prevention measures, security advice, and assistance in attack source identification and root cause location. | Emergency response to security incidents. | Emergency Response Report (This report is provided after the emergency response is complete.) An Emergency Response Report is provided in the following scenarios:
|
|
Vulnerability announcement | Check the impacts of zero-day vulnerabilities based on vulnerability detection rules and provide impact analysis based on the network conditions and status of your hosts. | Monitor, analyze, and warn about the latest vulnerability intelligence. When new high-risk vulnerabilities that affect your assets are detected on the Internet, analyze the vulnerabilities, send alerts and fixing plans, and notify you of fixing the vulnerabilities. |
| Vulnerability detection and notifications are conducted based on actual conditions. Vulnerability monitoring reports are irregularly delivered. |
Product training | Conduct training related to security services and products and best practices. | The following services are available on demand:
| Training materials. | Supported. |
Summary and report | Provide periodic reports on your cloud security posture in different formats, including monthly, quarterly, and semi-annual reports. Optimize rules for specific products. Communicate in quarterly and semi-annual meetings based on actual scenarios. | Work report deliverables. | The following types of reports are provided:
| Reports are provided at regular intervals. |