MDR for Windows Defender Proof of Concept (PoC)

The 14 day PoC is to evaluate the EDR product (Infocyte) and includes our SOC services.

What is the goal of the PoC?

The goal of the PoC is to evaluate products/tools that are used in this offering.

What is the timeline of the PoC?

A PoC is typically broken down into three phases over a 2 week period. The approximate timeline for your MDR Onboarding is as follows:

• Day 1: Kickoff Call - Provision Accounts and access, Management console walk through, Install Information, Deployment and configuration recommendations, Access to documentation.

• Week 1: Baseline Call - Go over alerted items and adding needed exclusions to create a Clean Baseline.
• Week 2: Follow-up Call – Additional Questions, Confirm Configuration for Protection. Wrap up PoC

Please Note:

• If a compromise is identified during the PoC, the Proof of Concept will end.
  • The evaluator will have to decide whether to immediately convert the offering into production or cancel the services.
  • This PoC is not meant for or an alternative to an incident Response event.

What if I don’t complete every step of PoC process?

We understand that unforeseen circumstances might arise during your PoC that might prevent you from focusing on/evaluating every feature. In many circumstances, PoC’s stall at the 'baseline' process due to lack of time/availability of the evaluator. Unfortunately, we can only extend the PoC past the 14 days if there are technical issues that are related specifically to the MDR Agent. We ask that all decision makers make the best effort to progress the PoC as far as possible to have a full evaluation of the products. The benefit to our offering model is that the offering can be evaluated on a consumption based & month to month offering in a live offering until they have had enough time to decide if this is the right solution for their business.

What are the Deliverables from SonicSentry?

• Architecture setup and configuration
  • Initial provisioning of the MDR Agent Dashboard
  • Creation and organization of device groupings
  • Creation and activation of initial recommend policies and templates
• Training and Support
  • Provide training, support, and documentation as outlined per offering details.
  • Syslog/SIEM settings provisioning within the SIEM/SOAR platform
• Security Operations Center (SOC) services
  • Detection and alerting of identified abnormal, suspicious or malicious activity
  • Response and mitigation as outlined by our [[EPP Alert Processing Summary|241204134551910]]

What are my responsibilities?

• Management of the deployment process
  • Deployment of the Agent to all workstations and servers
  • Creating a ‘Clean Baseline’ for the devices
  • Creating and Assignment of Device groups
  • Creation, assignment and maintaining of policy.
• Monitoring of environment health
  • Removal of duplicate or retired machines
• Further investigate, respond and remediate alerts sent from the SonicSentry SOC

How do I move forward after the PoC?

• Your MDR team will send a Wrap-Up email indicating that the PoC is being converted to Production, and that Billing will be going live.

What if I decide not to move forward?

While we hope everyone sees the value of the offering and tools we are using, there are times where it does not meet the requirements of some organizations. If you opt to not move forward to Production, the following actions will be taken before the PoC end date:

• SonicSentry Actions
  • Push Uninstall script to all remaining agents.
  • Decommission Portal Provisioning and Instance URL.
• Partner Responsibility
  • Uninstall all MDR agents.
    • This can be achieved via an uninstall script, or Uninstall Option from the Portal.
    • Remove deployment script from recurring installers.