Threat Response

  • FASTcloudbackup™
  • FASTdesk™
  • DDoSX®
  • Content Delivery Network
  • eCloud Public™
  • eCloud Flex™
  • Continuous Optimisation Package
  • Threat Monitoring
  • Threat Response
  • Service Terms for Threat Response

    The following Service Terms apply only to the extent that the specific Services outlined below are included on your Order Form. In the event of a conflict between the Service Terms and the Conditions, the terms and conditions in these Service Terms shall prevail, but only to the extent of such conflict. Any capitalised terms used in this document shall have the meanings set out in the Conditions (save where expressly provided otherwise below) and any additional definitions outlined in relation to the relevant service.

    Service Definition

    The Company will provide threat mitigation services on Alerts identified through the Agent(s) on the Customer's infrastructure.

    The definitions for Threat Monitoring apply in these Service Terms.

    Charges

    The pricing set out in the Order Form or on the Invoice is fixed during the term of the Agreement on a per Agent basis and will therefore vary based upon the number of Agents requiring Company support. Changes processed through an order form or within MyUKFast will be charged at the time of order and in advance of any mitigation.

    Capabilities

    A mitigation service based on Alerts generated through the Agent.

    SUPPORT HOURS PERIOD PERIOD COVER
    Core Hours 09.00 am to 06.00 pm Monday to Friday excluding bank holidays in England
    Emergency Hours 06.01 pm to 08.59 am Monday to Friday including bank holidays in England and all of Saturday and Sunday in England.

    The Services will be provided within the following periods:-

    SERVICE AREA SUPPORT HOURS PERIOD PROVIDED WITHIN
    Helpdesk Core Hours
    Services for Critical severity support (Level 14-16) Core Hours + Emergency Hours
    Services for High severity support (Level 11-13) Core Hours
    Services for Low/Normal severity support (Level 1-10) Core Hours

    SLA

    Mitigation times are based on each individual Alert. The Company will make the Customer aware of threats in real time unless specified otherwise by the Customer.

    Mitigation actions shall commence once the Company and the Customer have agreed the mitigation actions via the applicable change control mechanism as set out at Clause 3.2 of the Conditions (and managed through the MyUKFast portal).

    Where an Alert is rated as Critical the Company will begin mitigation within 30 minutes of mutual agreement in writing via the change control mechanism and the Company shall use its reasonable endeavours to complete mitigation in a timely fashion. Systems requiring Patching as identified through a Vulnerability Scan will also be patched by the Company as part of this service and actioned through raising a ticket in MyUKFast and in accordance with the Company's standard SLA.

    The overarching SLA applicable to the Services under the Agreement (as defined at clause 1.21 of the Conditions) does not apply to any mitigation actions which are taken by the Company with the Customer's prior agreement and the Company shall have no liability for the impact of such mitigation actions (where taken with the Customer's prior agreement) under the overarching SLA applicable to the Services as set out in the Agreement.

    Measurements

    The Company will provide the Customer with reports outlining the due process of mitigating the threat,once the investigation has been completed.

    The alerts that the Customer will receive via email shall be detailed at the start of the contract; defined in the Pre-Launch Questionnaire provided by the Company.

    Levels 1-5: Low level events. Expected on systems as day to day use.

    Sent to MyUKFast for visibility. These alerts will be automated and be sent direct to the Customer without interaction from a Company engineer.

    Levels 6-10: Normal Events. Categorised as user activity that is expected, but should be monitored. These are events such as successful logins from IPs that are expected and during normal hours. The Company will review these and if there is an alert that may be of importance, will notify the Customer.

    10 - 13: High Severity Alerts. Will need immediate investigation, such as successful logins from unknown IP addresses, change of user account permissions. For these alerts the Company Security Team will endeavour to speak with the Customer as soon as reasonably practicable to gain written permission to begin mitigation.

    14 - 16: Critical alerts. Investigate immediately, indicators of a system compromise, such events as successful logins after failed attempts, modifications to core system files, modifications to payment gateway files. For these alerts The Company Security Team will endeavour to speak with the Customer as soon as reasonably practicable to gain permission to begin mitigation.

    Notifications

    The Company will notify the Customer of any required mitigation before mitigation work begins either via email or telephone. In the event of Critical Alerts requiring mitigation outside of Core Hours (as defined above), the Company may (but shall not be obliged to) begin mitigation efforts before a response is received from the Customer if this is a reasonable response to the threat raised by the Alert in which case the Company shall not be liable for proceeding without a response being received from the Customer.