The URL can be used to link to this page

Home My WebLink AboutC14-318 Dell SecureWorks Proposal Code: Q188014.2 I Secure\Works Proposal Date: 7/30/2014 Account Manager: Paul Webb Association: None SecureWorks,Inc. One Concourse Parkway Payment Terms: Net 30 Atlanta,GA 30328 Fax:(678)306-1837 Billing Frequency: Annual Order Type: New Service Order Bill To: Eagle County Colorado Ship To: Eagle County Colorado 500 Broadway 500 Broadway Eagle,CO 81631 United States Eagle,CO 81631 United States Contacts: Customer Jake Klearman IT Operations Manager (970)328-3595 jake.klearman @eaglecounty.us SecureWorks Paul Webb Outside Sales Specialist (206)235-5444 pwebb @secureworks.com Steven Rich Regional Sales Director 40432763369 srich @secureworks.com SKU Log Retention Qty Years Price MLOG-300 Managed Log Retention:LogVault:up to 300 Sources 1 1 $12,840.96 SKU Infrastructure Qty Years Price SM-Tier1-15 Monitored Server and Network Infrastructure:up to 15 Devices 1 1 $13,087.20 SKU License/Maintenance/Support Qty Years Price DSTLL-MAINT-LV2- Dell SecureWorks Maintenance:LogVault 2.x:TIBCO LogLogic EVA Software 1 1 $3,600.00 EVA-01 Maintenance SKU Hardware Qty Years Price DSTLL-HW-LV2- Dell SecureWorks Appliance:LogVault 2.x:TIBCO LogLogic EVA w Retention 1 N/A $12,955.50 EVA-01 Software E23-INSP-500-L Dell SecureWorks Appliance:Counter Threat Appliance 1 N/A $0.00 SKU Miscellaneous Qty Years Price MSS-SetUp MSS Enterprise Activation and Installation 1 N/A $2,500.00 SHIP-0010 Shipping and Handling:Public Accounts 2 N/A $0.00 Total(excluding any applicable taxes): $44,983.66 Notes: The charges reflected hereunder do not include taxes. Customer will be responsible for any sales,use,value-added or import taxes,customs duties or similar taxes,if applicable,assessed in accordance with applicable law with respect to the provision of the Services or goods received from SecureWorks,Inc.which shall be invoiced separately. This Service Order and the resulting Purchase Order are subject to the Western State Contracting Alliance Master Price Agreement(WSCA)for Computer Equipment,Peripherals,and Related Services,Number B27160,and the State of Colorado Participating Addendum,(State Contract Number 20511YYY30M/WSCA and Dell Contract Code WNO2ACA). Customer acknowledges that it is an eligible purchaser under this Agreement. Dell's provision of the Managed Security Services(MSS Services)is subject to the following: 1. MSS Services will be provided in accordance with the Service Level Agreement(s)attached as Attachment A. 2. Customer is granted a limited,nontransferable and nonexclusive license to access and use,during the term of the MSS Services engagement, the hardware,proprietary software(in object code format only),and related documentation("MSS Products")for Customer's internal security purposes only.Dell retains ownership of all right,title and interest in and to the MSS Products. Customer cannot transfer any of the MSS Products to any third party or otherwise use any MSS Product for the benefit of any third party;copy the MSS Products;decipher,decompile,disassemble, reconstruct,translate,or reverse engineer any source code or underlying ideas,algorithms,file formats,programming,or interoperability interfaces of any of the MSS Products;use any MSS Products to operate in or as a time-sharing,outsourcing,service bureau,hosting,application service provider or managed service provider environment;or,alter or duplicate any aspect of any MSS Products. 3. Customer owns all right,title and interest in and to Customer data(including data in any summaries,analyses or reports generated in connection with the MSS Services). Customer grants to Dell a limited,non-exclusive license to use all such Customer data provided by Customer or accessed or used by Dell solely to perform the MSS Services. Customer represents and warrants that it has the right to grant such license. Customer owns all right,title and interest in and to the deliverables and other tangible work product prepared by Dell specifically for Customer. 4. Dell owns all right,title and interest in and to all intellectual property,including patents,copyrights,trademarks,trade secrets and other proprietary information,and all inventions,methods,processes,and computer programs(including any source code,object code,enhancements and modifications),in any work developed by Dell in connection with the performance of the Services,except reports prepared exclusively for Customer.During the Term,Customer assigns to Dell all right,title and interest in any copyrights that Customer may have in such work. Dell grants to Customer a limited,non-exclusive license to use such works solely for the purpose of receiving the Services. 5. The charges reflected hereunder do not include taxes as the Customer is Tax Exempt.Should SecureWorks require Tax Exemption Certificates from the Customer,the Customer shall provide them within thirty(30)days of the request.Immediately after the Effective Date of this Service Order,Dell shall send Customer an invoice for twelve(12)months of the Services,plus any other fees due. 6. In the event of any expiration of termination of the WSCA Agreement and/or the State of Colorado Participating Addendum prior to the end of the full term of this Service Order,this Service Order will continue through the full term of the Service Order,and the terms of the WSCA Agreement and the State of Colorado Participating Addendum will continue to apply through the expiration or termination of this Service Order. SecureWorks,Inc.shall send Customer an invoice for the MSS Service fees and any other one-time fees on or after the Service Commencement Date(as defined in the MSA). Pricing valid until 8/29/2014. Page 1 of 2 C}c This Service Order is subject to and governed by the Master Services Agreement("MSA"),which is incorporated herein by reference in its entirety,currently in place by and between Customer(or Customer's Affiliate,with all terms and conditions applicable to Customer)that expressly authorizes Customer to purchase the Services described hereunder.In the event that such an MSA Is not in place,this Service Order shall be subject to and governed by the terms located at www.dell.com/securityterms.Any terms and conditions set forth in a purchase order issued by Customer for this Service Order that are in addition to or that conflict with the MSA and/or this Service Order,shall not apply and are to be considered null and void. This Service Order is effective as of the latest date in the signature block below(the"Effective Date'). SecureWorks,Inc. Customer: Eagle County Co r.:. Is Customer tax exempt? Yes* C.f,j Li 1✓, [,+` _P?'eZ �� Will a purchase order(P.O.)be required for payment? No Authorized Signature: Scott E.Bialek / Director,Global Contracts Print Name: P.O.ioc eludm l a t o o bpi of g @e ecceurtiewoe sancd/mo r P.O.with this 7/30/2014 Title: e tC_U +•1 Date: 'Cl i[`1(1 -Pricing valid until 8/29/2014. Page 2 of 2 Dotal. SecureWorks Attachment A: Service Level Agreements ..# 3µ^ g�. ! f * } :-..1.- . - '1. .'fi-ilt..4ti :!i:j.. ', I .,,, a z DOLL SecureWorks Managed and Monitored LogVault Log Retention Service Description and Service Level Agreements This Service Description and Service Level Agreement is provided for the customer ("you" or "Customer") and the Dell entity identified in Customer's Service Order for the purchase of this Service (defined below). This Service is provided in connection with Customer's separate signed master services agreement or security services schedule that explicitly authorizes the sale of managed security services. In the absence of either a master services agreement or security services schedule, this service is provided in connection with Dell's Commercial Terms of Sale, available at http://Dell.com/CTS and incorporated by reference in its entirety herein. Service Overview Dell SelcureWorks® LogVaultTM Managed Log Retention Service (the "Service") helps organizations satisfy security and compliance requirements for log collection, storage, and reporting without the management overhead and capital expense required for log management products. Leveraging our high performance LogVaultTM technology, Dell SecureWorks' Log Retention is a cost-effective option that integrates seamlessly with other Managed Security Services to provide comprehensive security and compliance solutions. Service Description Upon purchase by Customer of all necessary Dell SecureWorks Log Retention Appliance and services provided by Dell SecureWorks, Dell SecureWorks shall, subject to Customer's performance of the obligat`ons and interdependencies set forth in Customer Requirements section, provide the following services: • Configure and implement the specified Dell SecureWorks Log Retention Appliances to access and capture Customer-specified system logs (the "Logs") from the IT devices, systems, and other network assets ("Customer Devices") specified in writing by Customer; • Implement and give Customer access,via the Dell SecureWorks Customer portal,to the Logs; • Implement Dell SecureWorks released software upgrades and updates (collectively, "Software")and security patches to Dell SecureWorks Log Retention Appliances; • ! Monitor the information security, system health, and performance of Dell SecureWorks Log Retention Appliances 24x7x365; • Troubleshoot and repair any issues with the Dell SecureWorks Log Retention Appliance; • Provide 24x7x365 access to SOC Analysts via phone, email, or tickets via the Dell SecureWorks CTP Customer portal. Customer Requirements Client Ogrees to perform the obligations and acknowledges and agrees that Dell SecureWorks ability to perform its obligations and its liability under the SLAs below are interdependent on Client's compliance with the following: • Provide access from the Log Retention Appliances to Client-specified devices as necessary to collect the Logs requested; • Configure all Client Devices to be connected to and feed Logs to the Dell SecureWorks Log Retention Appliances, including, but not limited to, implementing necessary tools to convert proprietary log formats into syslog or other standard output; • Ensure the Client-specified devices are performing properly and transmitting the Logs to the Dell SecureWorks Log Retention Appliances. 1_- DOLL SecureWorks Service Level Agreements (SLAs) Service Level Agreements Matrix SLA Definition SLA Credit Ticket Requests Standard requests submitted via the Dell SecureWorks 1/30th of monthly Customer portal or via telephone will be subject to fee for Service "acknowledgement" (either through the help desk ticketing system, email, or by telepone) of receiving the request within one (1) hour from the time stamp on the created by Dell SecureWorks. An acknowledgement to requests classified as "Urgent" on the Help Desk ticket and verified by the SOC as"Urgent"will be sent (either through the help desk ticketing system, email, or by telephone) within fifteen (15) minutes from the time stamp on the ticket created by Dell SecureWorks. Security Customer shall receive a response (according to the escalation fee 0o S monthly f Monitoring procedures defined in the Customer portal or in the manner fee for Service pre-selected in writing by Customer, either through the ticketing system, email, or by telephone) to security incidents within fifteen (15) minutes of the determination by Dell SecureWorks that given malicious activity constitutes a security incident. This is measured by the difference between the time stamp on the incident ticket created by Dell SecureWorks SOC personnel or technology and the time stamp of the correspondence documenting the initial escalation. A "security incident" is defined as an incident ticket that comprises an event (log) or group of events (logs) that is deemed high severity by the SOC in accordance with Dell SecureWorks'Event Handling Process (see Exhibit A). The most up-to-date version can always be found in the Real-Time Events section of the Customer portal). Automatically created incident tickets (via correlation technology) and event(s) or log(s) deemed low severity will not be escalated, but will be available for reporting through the Customer portal. Active Health Active health checks identifying the following conditions are 11301 of monthly Monitoring subject to the coinciding SLAs below: fee for Service • Device Unreachable —30 minute response (via phone, ticket,or email) from identification of the device being unreachable. This is measured by the difference between t he tim e stamp o n th e de vi ce unreachable e ticket created by Dell SecureWorks SOC personnel or technology and the time stamp of the correspondence documenting the initial escalation. Additional Service Rules, Regulations, and Conditions a. Deployment of Dell SecureWorks' Managed Log Retention services in a Client network does. not achieve the impossible goal of risk elimination, and therefore Dell SecureWorks makes no _C ?_ 6 Ii DOLL SecureWorks guarantee that intrusions, compromises, or any other unauthorized activity will not occur on a Client network. b. I Dell SecureWorks' Log Retention Appliance, LogVaultTM, is highly redundant and the Security Operations Centers make every effort to ensure this appliance operates at peak performance. However, circumstances may arise that result in data loss, and therefore Dell SecureWorks makes no guarantee that data loss will never arise. c. Dell SecureWorks may schedule maintenance outages with 24-hours' notice to designated Client contacts. d. !In the event that Customer data contained on the LogVault exceeds the appliances storage capacity, Customer shall be required to purchase one or more additional LogVault appliances to accommodate the increase in Customer data. The SLAs shall not apply in the event of service interruption due to lack of storage space on LogVault. e. 1 The SLAs set forth herein are subject to the following terms,conditions, and limitations: i. The SLAs shall not apply during scheduled maintenance outages and therefore are not eligible for any Agreement credit. ii. The SLAs shall not apply in the event of any Client-caused service outage that prohibits or otherwise limits Dell SecureWorks from providing the service, delivering the service level Agreement or managed service descriptions, including, but not limited to, misconduct, negligence, inaccurate or incomplete information, modifications made to the services, or modifications made to any managed hardware or software devices by the Client. This includes issues caused by Client's employees, agents, or third parties. iii. Furthermore, the SLAs shall not apply to the extent Client does not fulfill and comply with its obligations and interdependencies set forth above. The obligations of Dell SecureWorks to comply with the SLAs with respect to any incident response or help desk request are ALSO interdependent on Dell SecureWorks'ability to connect directly to the Client devices on the client network through an authenticated server in the Dell SecureWorks Secure Operations Center. iv. Client understands and agrees that: (i) Dell SecureWorks' sole responsibility is for the collection and presentation of Logs to Client via the Dell SecureWorks Client Portal for the Client Devices subject to this service and the response by Dell SecureWorks to help desk requests initiated by Client, security events occurring on the Dell SecureWorks Log Retention Appliance itself, and system alerts generated by the Dell SecureWorks Log Retention Appliance; (ii) except for response by Dell SecureWorks to help desk requests initiated by Client and the security and system alerts generated by Dell SecureWorks Log Retention Appliance, this process does not involve any human intervention or review by any Dell SecureWorks personnel, including but not limited to, Dell SecureWorks' Secure Operation Center security analysts, (iii) Dell SecureWorks will not be undertaking any monitoring or managing any of the Client Devices providing the Logs to the Dell SecureWorks Log Retention Appliance for intrusions, compromises, or other unauthorized activity, nor will Dell SecureWorks be creating tickets, escalating events or otherwise actively contacting Client with regard to any Logs presented to Client via the Dell SecureWorks Client Portal for the Client Devices subject to this service and (iv) Client is solely responsible for reviewing and acting upon the Logs presented in the Dell SecureWorks Client Portal for the devices subject to this service. Dell SecureWorks shall not have any liability or responsibility in connection with or arising out of Client's failure or delay in reviewing Logs presented • in the Dell SecureWorks Client Portal or Client's actions or failure to act or delay in reacting to such Logs as and when presented. i> . 3 6 DLL SecureWorks v. In the event that Customer Data contained on the Log Retention Appliance exceeds appliances' storage capacity, Customer shall be required to purchase one or more additional Log Retention appliances to accommodate the increase in Customer data. f. Client will receive credit for any failure to meet the SLAs outlined above within thirty (30) days of notification of such failure. In order for Client to receive an SLA credit, the notification of the SLA failure must be submitted to Dell SecureWorks within thirty (30) days of the failure. Dell SecureWorks will research the request and respond to Client within thirty (30) days from the date of the request. The total amount credited to a Client in connection with the above SLAs in any calendar month will not exceed the service fees paid by Client for such month. Except as otherwise expressly provided, the foregoing shall be Client's exclusive remedy for failure to meet or exceed the foregoing SLAs. X4_'6 DILL Secure Works Exhibit A - Dell Secure Works' Event Handling Process Event Handling Process Correlated Events Aggregate and Correlate System/400103n --- Lectteity Event Event Categorize ( Benign Authorized Truncated Benign Policy Activity Alert False Positive Violation Misconfiguratton Isolated Event HOSthe )4( Resource Abuse/ AUP Violation Reconnaissance Suspicious Activity Host infection, Denial of Exploit Information WORM Trojan or Service Attempt Leakage Matware DOLL SecureWorks Exhibit B - Dell SecureWorks Maintenance Program Terms and Conditions • Dell SecureWorks agrees, subject to the terms and conditions of your separate master service agreement or security services schedule (and as further set forth below), to replace Dell SecureWorks iDevices that are not properly functioning adequately due to ordinary wear and tear, malfunctions, inadequate available memory, or obsolescence. Replacement devices may be new or refurbished. • iDevices subject to this Program may include the Dell SecureWorks'Counter Threat Appliance (CTA),iSensor, LogVault appliance, Inspector, SDA, SYSLOG Aggregator,log collection devices, and/or SNORT IDS device. • If Customer is purchasing an iDevice,the following terms apply: 1. Mere purchase by Customer of an iDevice does not subject the same to this Program unless: (a) such iDevice is expressly specified in a written Dell SecureWorks Service Order or Service Agreement signed by an authorized officer of Dell SecureWorks and (b) Customer's payment of all maintenance fees is made when due. 2. Customer may elect to participate in the Program only at the time of purchase of the Dell SecureWorks iDevice. If, at any time after the purchase of the Dell SecureWorks iDevice, Customer wishes to participate in this Program, it must agree to pay all fees that would have been billed since the actual date of purchase of the iDevice. • The charges for the Program only cover replacement of Dell SecureWorks iDevices. Any performance, damage, repair and/or other warranty issues, or claims with respect to non-Dell SecureWorks-branded iDevices must be addressed with the applicable OEM manufacturer. • Dell SecureWorks' obligation to comply with the foregoing is conditioned upon, and subject to, the assistance and availability of Customer's onsite personnel for assistance in the: (x) diagnosis and troubleshooting of problems with existing iDevices and (y) replacement and installation of any new iDevice all in compliance with your master service agreement or services schedule. • Furthermore, Dell SecureWorks will not replace Dell SecureWorks iDevices returned by Customer that are no longer performing on account of unauthorized use, physical damage, or misuse or abuse of the products, as determined by Dell SecureWorks in its sole discretion, including,but not limited to, any of the following circumstances: 1. Damage due to lightning or other climate problems (including, but not limited to, exposure to excessive light,heat,flooding,and the like) 2. Opening of iDevices by any person other Dell SecureWorks authorized personnel 3. Unauthorized loading or modification of software on or other reprogramming of the iDevice 4. Unauthorized linking of the iDevice with other Customer equipment or systems 5. Cracks in iDevices, dents to chassis or apparatus, or other damage caused by dropping of iDevice or other mishandling,misuse, or abuse 6. Presence of liquids (or residue there from) or the excessive presence of other extraneous materials inside the iDevice (including, but not limited to, dust,hair, dirt, or grime) 7. Inability to mount the iDevice 8. Improper powering down of the iDevice • Dell SecureWorks shall bill Customer, and Customer shall be liable, for iDevices: (i) damaged due to misuse or abuse, or (ii) no longer performing adequately due to unauthorized use, physical damage,misuse, or abuse of the iDevices. 6_f6 DUI SecureWorks i Monitoring Service Description and Service Level Agreements This Se vice Description and Service Level Agreement ("Service Description") describes the Service (as define below) being provided to you ("Customer" or"you") by the Dell entity identified in the service order ( Service Order") executed by Customer and such Dell entity for the purchase of this Service. The Dell entity identified in the Service Order hereafter shall be collectively referred to as "Dell Secure'Works". This Service is provided in connection with Customer's signed Service Order and separatje signed master services agreement or security services schedule that explicitly authorizes the sale ofi managed security and consulting services. In the absence of either a master services agreeMent or security services schedule, the Services performed under this Service Description are governed by and subject to the terms and conditions of the Dell SecureWorks Master Services Agreement, available at http://Dell.com/Securityterms which is incorporated by reference in its entiret"herein(the "MSA"). Service Overview The Dell SecureWorks® Security Monitoring service ( the "Service") provides Customer with real-time, security event analysis and response across Customer's security and critical infrastructure 24 hours a day, 7 days a week, 365 days a year. This Service combines Dell SecureWorks' advanced Counter Threat Platform ("CTP") with a 100% SANS GIAC certified team of security analysts to deliver strong security and compliance value to our customers. Detailed Description Dell SecureWorks' team of security experts will perform security analysis and passive health monitc4ring as set forth below. Featulres Feature Description Dell S cureWorks Provides ticketing workflow management for incident management and Custer Portal other Security Operations Center ("SOC") interaction. Also provides real- ("Portal") time visibility and reporting of your security events and associated incidents. Health and Performance Health monitoring using event trending technology to ensure that the Monitoring SOC is receiving events from Customer's monitored systems 24 hours a day,7 days a week, and 365 days a week. Security Event Monitoring of logs by SANS GIAC certified security experts to identify Monitoring and respond to security threats 24 hours a day, 7 days a week, and 365 days a year. i SOC*ccess Non-metered SOC access via the Portal ticketing system, email, and phone. . e__ s:, . :? -_ 1';8 DLL SecureWorks Service Activation Service activation consists of three main phases: Information Gathering, Counter Threat Appliance ("CTA") Deployment,and Service Provisioning and Installation. Information Gathering Once contracted for the Service, Dell SecureWorks provides Customer with a Service Initiation Form ("SIF") to be completed. When Customer has returned the completed SIF to Dell SecureWorks, Dell SecureWorks will schedule a conference call with Customer to review the SIF and other relevant information regarding the Service. CTA Deployment Using data gathered during the Information Gathering phase, Dell SecureWorks determines the appropriate CTA deployment location(s) within Customer's environment. If changes to Customer's existing network architecture are required for Service implementation, Dell SecureWorks communicates these changes to Customer. For Service requiring the use of the CTA, Customer is responsible for ensuring that the implementation site complies with Dell SecureWorks' physical/environmental requirements. Service interruptions or failure to achieve the SLAs (as defined herein) will not be subject to penalty in the event of Customer's non-compliance with the above CTA deployment guidelines. Dell SecureWorks reserves the right, in its reasonable discretion, to utilize one or more CTAs deployed in a Dell SecureWorks data center to communicate with Customer devices Dell SecureWorks is monitoring, in lieu of CTA(s) deployed in Customer's network. In such case, none of the provisions around the CTA apply. Service Provisioning and Installation The Service Provisioning and Installation phase begins upon the completion of the Information Gathering and CTA Deployment phases described above. Service Provisioning and Installation is performed in the following manner: • New Customer devices to be deployed are shipped directly to Dell SecureWorks for configuration and subsequent shipment to Customer location. • Existing equipment in use is provisioned remotely with on-site support from Customer. • Dell SecureWorks provides telephone support to the Customer contact at the implementation site during installation of all Customer premises equipment/devices. • Once Customer premise equipment/devices are in place, Dell SecureWorks accesses the equipment/device(s) remotely and performs the remaining configuration and Service activation tasks which may require device downtime. Dell SecureWorks schedules Service provisioning and installation in accordance with change management procedures communicated by Customer during the Information Gathering phase. Standard installations are performed during the hours of 9 am and 5 pm EST, Monday through Friday, and may be performed at other times for an additional fee. 2 DOLL SecureWorks Service Components Dell SecureWorks' CTP provides the foundation for delivery of the Service. This Dell SecureWorks- developed technology facilitates device management, health monitoring, security analysis, and Customer reporting. Device Management The Device Management team utilizes a variety of systems to schedule and perform updates, validate changes, and interact with the Customer. This technology facilitates our ITIL-based change management processes, such as request authorization, scheduling, pre- and post-change validation, and peer review when required. Customers can submit change requests and attain visibility into the change workflow through the Portal. Health Monitoring The CTP provides active and passive health checks on contracted monitored devices. Active checks are performed only on devices being monitored and include ICMP "pings", CPU utilization and other system level performance information. Passive checks are performed using event flow trending technology to detect degradation or loss of log collection from such monitored devices. Any checks that identify system issues are escalated to the Health Team in the SOC for analysis and escalation, if needed, to help ensure that infrastructure is operating at peak performance. Device health information and ticketing workflow is displayed in the Portal for Customer consumption. Security Analysis The CTP can aggregate and correlate security events from virtually' any device including Firewalls, IDS/IPS sensors, and servers.This industry-leading Dell SecureWorks-developed technology processes log and alert information to identify and present security events of interest to our SANS GIAC certified Analysis team. These security experts then conduct further analysis and escalate security incidents to Customer. Customers can view security events and perform incident workflow through the Portal. Customer Portal The Portal provides real-time security and service delivery visibility across all the Services delivered to Customer. Using the Portal, Customer can run security and compliance reports, view high level graphical information including trending and comparative charts, and interact with the SOC through tickets 24 hours a day,7 days a week, and 365 days a year.The Portal is designed to provide Customer with an enterprise view of its security posture,as well as the value provided by the Services. Customer Requirements Customer agrees to perform the obligations and acknowledges and agrees that Dell SecureWorks' ability to perform its obligations hereunder including the SLAs below are interdependent on Customer's compliance with the following: Monitored Device Health Customer is responsible for appropriately maintaining the devices being monitored and any intermediate systems that convey monitoring data. In the event of a device failure or misconfiguration, Customer will be responsible for the actions necessary to bring the device back 1 Alerts and logs must be sent via syslog or snmp standard protocols or the following APIs:IBM SiteProtector Database,McAfee ePO Database,Sourcefire eStreamer, Cisco SDEE and OPSEC LEA,Splunk API 3 8 DOLL SecureWorks online. Additionally, Customer should communicate any network or system changes that could impact service delivery to the SOC via a ticket in the Portal. SLAs will not apply to devices that are experiencing health issues. Connectivity Customer will provide access to Customer-premises and relevant system(s) and management console(s) necessary for Dell SecureWorks to monitor the contracted infrastructure. Additionally, Customer should communicate any network or system changes that could impact service delivery to the SOC via a ticket in the Portal. SLAs (as defined below) will not apply to devices that are experiencing Customer-caused connectivity issues. 4o-8 DLL SecureWorks Service Agreements Level (SLAs) Service Level Agreements Matrix SLA Definition SLA Credit Stand. d Help Standard help desk requests (applies to all non-change and non- 1130th of monthly Desk*pests incident tickets) submitted via the Dell SecureWorks Customer fee for Service Portal or via telephone will be subject to "acknowledgement" (either through the help desk ticketing system, email or telephonically) within one (1) hour from the time stamp on the Help Desk ticket created by Dell SecureWorks. An acknowledgement to Help Desk requests classified as "Emergency" on the Help Desk ticket and verified by the SOC as "Urgent" will be sent (either through the help desk ticketing system, email, or by telephone) within fifteen (15) minutes from the time stamp on the Help Desk ticket created by Dell SecureWorks. Securiy Customer shall receive a response (according to the escalation 1130th of monthly Monitoring procedures defined in the Portal or in the manner pre-selected in fee for Service for writing by Customer, either through the help desk ticketing the affected device system,email,or by telephone)to security incidents within fifteen (15) minutes of the determination by Dell SecureWorks that given malicious activity constitutes a security incident (as defined below). This is measured by the difference between the time stamp on the incident ticket created by Dell SecureWorks SOC personnel or technology and the time stamp of the correspondence documenting the initial escalation. A "security incident" is defined as an incident ticket that comprises an event (log) or group of events (logs) that is deemed high severity by the SOC in accordance with Dell SecureWorks' Event Handling Process attached hereto as Exhibit A as may be updated from time to time available to Customer in the Real-Time Events section of the Portal. Automatically created incident tickets (via correlation technology) and event(s) or log(s) deemed low severity will not be escalated, but will be available for reporting through the Portal. Additional Service Rules, Regulations, and Conditions a. ! Dell SecureWorks Security Monitoring service provides expert security analysis and response to customers subscribing to this Service. Deployment of this Service in a customer network does not achieve the impossible goal of risk elimination, and therefore Dell SecureWorks makes no guarantee that intrusions, compromises, or any other unauthorized activity will not occur on a customer network. b. Dell SecureWorks may schedule maintenance outages for Dell SecureWorks owned equipment/servers which are being utilized to perform the Services with 48-hours' notice to designated customer contacts. c. The SLAs set forth herein are subject to the following terms, conditions, and limitations: i. The SLAs shall not apply during scheduled maintenance outages and therefore are not eligible for any SLA credit. 5 o`5 DOLL SecureWorks ii. The SLAs shall not apply in the event of any Customer-caused Service outage that prohibits or otherwise limits Dell SecureWorks from providing the Service, delivering the SLAs or Service Description, including, but not limited to, Customer's misconduct, negligence,inaccurate or incomplete information,modifications made to the Services, or any unauthorized modifications made to any managed hardware or software devices by the Customer, its employees, agents, or third parties acting on behalf of Customer. iii. Furthermore, the SLAs shall not apply to the extent Customer does not fulfill and comply with its obligations and interdependencies set forth within this Service Description.The obligations of Dell SecureWorks to comply with the SLAs with respect to any incident response or help desk request are also interdependent on Dell SecureWorks' ability to connect directly to the Customer devices on Customer's network through an authenticated server in the Dell SecureWorks Secure Operations Center. d. Dell SecureWorks will troubleshoot and, if necessary, replace any iDevices in accordance Exhibit B —Dell SecureWorks Maintenance Program Terms and Conditions. e. Customer will receive credit for any failure to meet the SLAs outlined above within thirty (30) days of notification by Customer to Dell SecureWorks of such SLA failure. In order for Customer to receive an SLA credit, the notification of the SLA failure must be submitted by Customer to Dell SecureWorks within thirty (30) days of such SLA failure. Dell SecureWorks will research the request and respond to Customer within thirty (30) days from the date of the request. The total amount credited to Customer in connection with any of the above missed SLAs in any calendar month will not exceed the monthly Service fees paid by Customer for such Service. Except as otherwise expressly provided hereunder or in the MSA, the foregoing Service credit(s) shall be Customer's exclusive remedy for failure to meet or exceed the foregoing SLAs. � v� ; ifs DOLL Secure Works Exhibit A - Dell Secure Works' Event Handling Process Event Handling Process Correlated Events Aggligate and orrelate Systemiapptica.tion Security Event Event Categorize Benign Authorized Truncated Benign Policy Activity Alert False Positive Violation Misconfigulation Isolated Event flostite Resource Abuse/ AUP Violation Reconnaissance Suspicious Activity Host Infection, Denial of Exploit Information WORM Trojan or Service Attempt Leakage Matware -703 DOLL SecureWorks Exhibit B - Dell SecureWorks Maintenance Program Terms and Conditions • Dell SecureWorks agrees, subject to the terms and conditions of your separate master service agreement or security services schedule (and as further set forth below), to replace Dell SecureWorks iDevices that are not properly functioning adequately due to ordinary wear and tear, malfunctions, inadequate available memory, or obsolescence. Replacement devices may be new or refurbished. • iDevices subject to this Program may include the Dell SecureWorks'Counter Threat Appliance (CTA), iSensor, LogVault appliance, Inspector, SDA, SYSLOG Aggregator, log collection devices, and/or SNORT IDS device. • If Customer is purchasing an iDevice,the following terms apply: 1. Mere purchase by Customer of an iDevice does not subject the same to this Program unless: (a) such iDevice is expressly specified in a written Dell SecureWorks Service Order or Service Agreement signed by an authorized officer of Dell SecureWorks and (b) Customer's payment of all maintenance fees is made when due. 2. Customer may elect to participate in the Program only at the time of purchase of the Dell SecureWorks iDevice. If, at any time after the purchase of the Dell SecureWorks iDevice, Customer wishes to participate in this Program, it must agree to pay all fees that would have been billed since the actual date of purchase of the iDevice. • The charges for the Program only cover replacement of Dell SecureWorks iDevices. Any performance, damage, repair and/or other warranty issues, or claims with respect to non-Dell SecureWorks-branded iDevices must be addressed with the applicable OEM manufacturer. • Dell SecureWorks' obligation to comply with the foregoing is conditioned upon, and subject to, the assistance and availability of Customer's onsite personnel for assistance in the: (x) diagnosis and troubleshooting of problems with existing iDevices and (y) replacement and installation of any new iDevice all in compliance with your master service agreement or services schedule. • Furthermore, Dell SecureWorks will not replace Dell SecureWorks iDevices returned by Customer that are no longer performing on account of unauthorized use, physical damage, or misuse or abuse of the products, as determined by Dell SecureWorks in its sole discretion, including,but not limited to, any of the following circumstances: 1. Damage due to lightning or other climate problems (including, but not limited to, exposure to excessive light,heat,flooding, and the like) 2. Opening of iDevices by any person other Dell SecureWorks authorized personnel 3. Unauthorized loading or modification of software on or other reprogramming of the iDevice 4. Unauthorized linking of the iDevice with other Customer equipment or systems 5. Cracks in iDevices, dents to chassis or apparatus, or other damage caused by dropping of iDevice or other mishandling,misuse,or abuse 6. Presence of liquids (or residue there from) or the excessive presence of other extraneous materials inside the iDevice (including,but not limited to, dust,hair, dirt,or grime) 7. Inability to mount the iDevice 8. Improper powering down of the iDevice • Dell SecureWorks shall bill Customer, and Customer shall be liable, for iDevices: (i) damaged due to misuse or abuse, or (ii) no longer performing adequately due to unauthorized use, physical damage,misuse, or abuse of the iDevices.