Advanced Security Services - Active Directory Security Event Management (AD SEM)
CHANGE CONTROL AUDITING
Plaza Dynamics will proactively monitor Windows Active Directory, installed software, and installed patches to provide change control auditing. These events will be monitored to provide audit trails for user account change controls. Monitoring these types of events will enable Client to better detect suspicious behavior and intrusion attempts and enforce accountability of administrators.
We will monitor and report on the following Active Directory accounts:
- Users Accounts Created, Deleted, Disabled or Modified
- Users Added to Groups
- Windows Server Logon Attempts via Remote Desktop
- Devices Added or Removed from the Domain
- Accounts Locked and Unlocked
SECURITY EVENT ALERTING
Plaza Dynamics will monitor security events for suspicious behavior based on expert security analytics to provide Client with security event alerts. The following security alerting measures will be implemented:- Actionable incidents are created from correlated events
- Automated alerts sent directly to Plaza Dynamics’s ticketing system
- Follow client’s escalation procedures for security incident response
- Plaza Dynamics performs a daily review and analysis of security events
Advanced Security Services - Security Information and Event Management (SIEM)
CHANGE CONTROL AUDITING
Plaza Dynamics will proactively monitor Windows Active Directory, installed software, and installed patches to provide change control auditing. These events will be monitored to provide audit trails for user account change controls. Monitoring these types of events will enable Client to better detect suspicious behavior and intrusion attempts and enforce accountability of administrators.We will monitor and report on the following Active Directory accounts:
- Users Accounts Created, Deleted, Disabled or Modified
- Windows Users Added to Groups
- Windows Audit Policy Changes
- Windows Domain Controller Config Changes
- Server Installed Software
- Server Installed Patches
- Windows Server Logon Attempts via Remote Desktop
- Devices Added or Removed from the Domain
- Accounts Locked and Unlocked
SECURITY EVENT ALERTING
Plaza Dynamics will monitor security events for suspicious behavior based on expert security analytics to provide Client with security event alerts. The following security alerting measures will be implemented:- Actionable incidents are created from correlated events;
- Automated alerts sent directly to Plaza Dynamics’s ticketing system;
- Follow Client’s escalation procedures for security incident response;
- Plaza Dynamics Security Team works with Client to remediate the threat or attack;
- Plaza Dynamics performs a daily review and analysis of security events.
Advanced Security Services - AD SEM AND SIEM
SECURITY EVENT REPORTING
Plaza Dynamics will provide Client’s management team with actionable event tickets and event reports so that Client may better monitor and track Active Directory security events.
- REAL-TIME ACTIONABLE SERVICE TICKETS
Real-time actionable service tickets are generated for Security Event Alerting. Each ticket documents the event and provides descriptive details. All service tickets are securely accessible via the Plaza Dynamics ticketing portal.
- WEEKLY DETAILED REPORTS FOR CHANGE CONTROL AUDITING AND SECURITY EVENT AUDITING
Plaza Dynamics will provide weekly reports consisting of all logged security events from the previous week. The following data will be provided:
Device: The device that recorded the event
User Name: The user(s) involved in the action (if applicable)
Event Time: The time the event occurred
- TOTAL SECURITY EVENTS BY REPORTING IP ADDRESS
A report of the total security events by IP address is issued monthly and provides Client with a report on all security events.
- SECURITY EVENT LOG RETENTION
Raw data logs will be retained for twelve (12) months. Reporting data will be maintained for three (3) years or in accordance with State-mandated retention requirements.
Advanced Security Services Warranty
(a)Plaza Dynamics warrants that all Advanced Security Services shall be performed in substantially in accordance with the applicable Statement of Work. Plaza Dynamics’s entire liability for a warranty claim, and Client’s sole and exclusive remedy under this warranty, will be limited to a refund of the service fees paid by Client for the Advanced Security Services Warranty in the month in which the event giving rise to the warranty claim first occurred. Plaza Dynamics shall have no obligation with respect to a warranty claim (i) if notified of such claim more than five (5) days after the first occurrence of the event giving rise to the claim or (ii) if the claim is the result of third-party hardware or software failures, or the actions of Client or a third party.
(b)THIS IS THE ONLY WARRANTY MADE BY Plaza Dynamics REGARDING THE SIEM SERVICES. Plaza Dynamics HEREBY DISCLAIMS ALL OTHER WARRANTIES, CONDITIONS OR UNDERTAKINGS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. Plaza Dynamics MAKES NO WARRANTY, REPRESENTATION, OR GUARANTEE THAT THE ADVANCED SECURITY SERVICES WILL BE UNINTERRUPTED, ERROR-FREE OR FAIL-SAFE. Plaza Dynamics SPECIFICALLY DISCLAIMS ANY WARRANTY, REPRESENTATION OR GUARANTEE THAT THE SIEM SERVICES WILL MEET CLIENT’S REQUIREMENTS OR PROTECT AGAINST ANY SECURITY THREATS.