Sophos (PoC) : Frequently Asked Questions (FAQs)

MDR for Sophos Proof of Concept (PoC)

What is the goal of the PoC?

• The goal of the PoC is to evaluate products/tools that are used in this offering.

What is the timeline of the PoC?

• A PoC is typically broken down into three phases over a 2 week period. The approximate timeline for your MDR Onboarding is as follows:
  • Day 1: Kickoff Call – Provision Connectors and SonicSentry Access to the Management Console.
  • Week 1: Baseline Call - Verify integration and go over alerted items.
  • Week 2: Optional Follow-up Call – Additional Questions.
  • Day 15: Offering is converted to production if not canceled prior to this day.

Please Note:

• If a compromise is identified during the PoC, the Proof of Concept will end.
  • The partner will have to decide whether to immediately convert the offering into production or cancel the services.
  • This PoC is not meant for or an alternative to an incident Response event.

What if I don’t complete every step of PoC process?

We understand that unforeseen circumstances might arise during your PoC that might prevent you from focusing on/evaluating every feature. In many circumstances, PoC’s stall at the 'baseline' process due to lack of time/availability of the evaluator. Unfortunately, we can only extend the PoC past the 14 days if there are technical issues on a case by case basis. We ask that all potential partners make the best effort to progress the PoC as far as possible to have a full evaluation of the products. The benefit to our offering model is that a partner may proceed to evaluate the offering on a consumption based & month to month offering in a live offering until they have had enough time to decide if this is the right solution for their business.

What are the Deliverables from SonicSentry?

• Architecture setup and configuration
  • Initial provisioning of MDR Integration and access to SIEM Dashboard
  • Validation of necessary licensure and SonicSentry access to the Partners Portal
• Training and Support
  • Provide training, support, and documentation as outlined per offering details.
  • Syslog/SIEM settings provisioning within the SIEM/SOAR platform
• Security Operations Center (SOC) services
  • Detection and alerting of identified abnormal, suspicious or malicious activity
  • Response and mitigation as outlined by our [[EPP Alert Processing Summary|241204134551910]]

What are the responsibilities of the partner?

• Management of the deployment process
  • Deployment of the Agent to all workstations and servers with necessary licensing
  • Creating a ‘Clean Baseline’ for the devices
  • Creation, assignment and maintaining of device policies
  • Ensuring upkeep of API integrations and connector health for syslog ingestion
• Monitoring of environment health
  • Removal of duplicate or retired machines
• Further investigate, respond and remediate alerts sent from the SonicSentry SOC

How do I move forward after the PoC?

• There is nothing for you to do, the PoC will automatically convert to production on the Conversion date notated in your PoC documentation.
• Your MDR team will send a Wrap-Up email indicating that the PoC is has converted to Production, and that Billing will be going live.

What if I decide not to move forward?

While we hope everyone sees the value of the offering and tools we are using, there are times where it does not meet the requirements of some organizations. If a partner opts to not move forward after the PoC, the following actions will be taken before the PoC end date:

• Partner must notify of intent to not continue with services before PoC conversion date.
  • This can be done with an email to your sales rep, or a ticket to your MDR team.
• SonicSentry Actions
  • Decommission API connection to Partner Portal.
• Partner Responsibility
  • Deactivate API Connectors
  • Deactivate SonicSentry user accounts