Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

Shared Responsibility Model

Quantum works with our customers (and their partners and providers) to ensure their environments are secure and compliant using a shared responsibility model. This model allows our customers to focus on the aspects of the stack that they are uniquely qualified or positioned to maintain, and rely on Quantum to provide the reference architecture and guidance stemming from our expertise.

As a security best practice Quantum will not have direct access to your environment beyond the permission set required to deploy and maintain the portions of the solution for which Quantum is responsible. Quantum will provide support and guidance, working with you and relevant vendors to ensure you’re enabled to manage the portions of the solution for which you’re responsible.

Quantum’s Responsibilities

Quantum is responsible for providing the Infrastructure-as-Code (IaC) reference architecture and solution templates that can be used to deploy and update the solution stack, ensuring that they comply with current best practice standards. This includes:

  • The infrastructure code for the deployment of:
    • Any required infrastructure and cloud services
    • Quantum’s rule library and custom-developed rules
    • Automation and analytics playbooks
    • Dashboards and reporting workbooks
  • The content library and support for:
    • Detection and correlation rules
    • Threat hunting playbooks
    • Curated threat intelligence feeds
  • And the documentation for:
    • Deploying log collectors (where needed)
    • Schema definitions for log events

Once the solution is fully deployed and alerts begin to be emitted that require investigation, it is Quantum’s responsibility to triage and investigate those alerts. Quantum will follow our Incident Response Plan (IRP) and do so within our Service Level Agreement (SLA). Quantum will provide detection, investigation, mitigation and remediation guidance, and strategies for improving your security posture. Implementation of guidance and suggestions is the responsibility of the customer (see below).

Customer’s Responsibilities

As our customer, it is your responsibility to ensure the devices that Quantum is monitoring are properly sending logs and events to our the XDR+SOC platform. This includes:

  • Configuring devices to match their output to Quantum-defined schemas
  • Deploying log collectors (where required)
  • Ensuring proper, secure network connectivity between your cloud environment and on-premise networks
  • Ensure that Quantum maintains access to the environment in which the XDR+SOC stack is deployed (credentials, network connectivity, etc.)
  • Facilitate any required change management processes for the application of updates to the stack.

With regards to incident response, Quantum may require additional context and insight that is known only to the customer (or isn’t reasonable for Quantum to discover on its own). In such cases, Quantum will respond to the support ticket that was created to track the incident, requesting additional information. It is important that the customer respond promptly to such inquiries to ensure the timely remediation of security incidents.

Furthermore, once Quantum has triaged and investigated an incident, we will provide mitigation and remediation guidance, as well as suggestions of strategies to help improve your security posture. Because Quantum’s concrete experience with your specific infrastructure and devices is limited, and as a security principle Quantum will not have direct access to your environment, the responsibility of implementing such guidance and suggestions is yours.

Shared Responsibilities

Customers may choose to have Quantum manage the deployment and maintenance of the XDR+SOC stack, or may choose to deploy and manage it themselves (most commonly this is to integrate with an existing CI/CD and infrastructure-as-code pipeline). Segmentation of responsibilities varies based on this choice – where the following items are the responsibility of the party who owns deployment and management of the stack:

  • Ensure that infrastructure and content updates are deployed when available
  • Ensure the subscribed XDR+SOC capabilities are operational

In cases where the customer has chosen to own the deployment and management of the stack, Quantum (through its standard support channels) is available to provide guidance and assist if needed.

  • No labels