S1 POC : Frequently Asked Questions (FAQs)

Description

We offer (but don’t mandate) a thirty-day Proof of Concept (PoC) to all prospect partners. The PoC is to evaluate the products.

How do I start a Proof of Concept (PoC)?

  • For SentinelOne our Accounting/Sales team gets a signed quote in place prior to the Proof of Concept beginning.
  • Once the quote is in place, Accounting/Sales creates a ticket and provides a Calendly link to the prospect to schedule an initial kickoff call.
    • The 30-day evaluation period starts on the day of the kickoff call.

What is the goal of the PoC?

The goal of the PoC is to evaluate products/tools that are used in this offering.

What is the timeline of the PoC?

A PoC is typically broken down into three phases over a 2 to 4-week period. Depending on the situation, multiple phases can be accomplished within one meeting, or a single phase can map to one meeting.

  • Phase 1 / Day 1 - Kick off Meeting.
    • Introductions
    • Confirm Access to Account and Documentation
    • Tenant navigation walk-thru
    • Review deployment process
    • Implement initial Detection/Learning phase policy
  • Phase 1 / Week 1- Learning Phase
    • Endpoint Installs
  • Phase 2 / Week 2 - Threat Baseline
    • Review Alerts that have been identified as a potential threat.
    • Convict/Quarantine files and make appropriate exclusions.
    • Uninstall prior Anti-virus if still installed
    • Modify/Enable Protection Phase policy
  • Phase 3 / Week 3 or 4 - Follow-Up
    • Review current implementation
    • Confirm protected status
    • Additional Questions/Training as needed

Are SOC services included in the PoC?

Yes. We have now enabled SOC services during the PoC process.

Please Note:

  • If a compromise is identified during the PoC, the Proof of Concept will end.
    • The partner will have to decide whether to immediately convert the offering into production or cancel the services.
    • This PoC is not meant for or an alternative to an Incident Response event.

What if I don’t complete every step of PoC process?

We understand that unforeseen circumstances might arise during your PoC that might prevent you from focusing on/evaluating every feature. In many circumstances, PoC’s only progress to the 'baseline' process due to lack of time/availability of the evaluator. Unfortunately, we can only extend the PoC past the 30 days if there are technical issues that are related specifically to the product. We ask that all potential partners make the best effort to progress the PoC as far as possible to have a full evaluation of the products. The benefit to our offering model, is that a partner may proceed to evaluate the offering on a consumption based & month to month offering in a live offering until they have had enough time to decide if this is the right solution for their business.

What are the Deliverables from SonicWall Managed Security Services?

  • Architecture setup and configuration
    • Provisioning and staging of initial recommend policies and templates
    • Syslog/SIEM settings provisioning within the SIEM/SOAR platform
  • Training and Support
    • Provide training, support, and documentation as outlined per offering details
  • Security Operations Center (SOC) services
    • Detection and alerting of identified abnormal, suspicious or malicious activity
    • Initial response as outlined by our SOC EPP Alert Processing Summary
    • Implementation Reports sent twice a month in assistance with monitoring of environment health

What are the responsibilities of the partner?

  • Management of the deployment process
    • Deployment of the Agents
    • Creating a Clean Baseline for the devices
    • Implementing Protection Phase
  • Maintaining polices and exclusions
  • Removal of duplicate or retired machines
  • Providing Tier 1 support to your customers
  • Contacting MSS for any Tier 2 or Tier 3 issues that you are unable to resolve
  • Remediate issues identified from the provided report card
  • Further investigate alerts sent from the MSS SOC

How do I move forward after the PoC?

  • Support team sends a Wrap-Up email at the end of the PoC indicating that the PoC has ended and if any action is needed on your part to convert to Production and live Billing.
    • Support team confirms the following has been setup and configured properly.
      • Preferred Contact info
        • General Contact
        • Audit Report
        • SOC Alerts
        • Emergency Contact Information
      • SOC services

What if I decide not to move forward?

While we hope everyone sees the value of the offering and tools we are using, there are times where it does not meet the requirements of some organizations. If a partner opts to not move forward after the PoC, the following actions will be taken before the PoC end date:

  • SonicWall Managed Security Services Actions
    • Apply a policy that allows the removal of the agents
    • Removal of login access to the PoC account
    • Decommission Account/Management portal
      • This will not prevent a manual uninstall.
  • Partner Responsibility
    • Uninstall all agents.
      • This can be pushed via the console or manually uninstalled for any stragglers

Related Articles

  • SentinelOne (S1) MDR: Frequently Asked Questions (FAQs)
    Read More
  • Avanan: IRaaS SOP
    Read More
  • Infocyte: Exclusions
    Read More

Categories

Managed Security Services
Endpoint Managed Detection and Response
MDR for SentinelOne
not finding your answers?
Ask the Community
was this article helpful?
YesNo