Black Belt Network Security

Overview

The goal of our NOC is to maintain the performance and availability of your servers and endpoints with 24/7 monitoring and support.

Coverage & Capabilities

• 24/7 remote monitoring of device health, uptime, bandwidth, latency, and performance via RMM
• Configuration management — documented configs, backups, and controlled changes
• Firmware updates & patching on a scheduled, tested basis
• Performance optimization & troubleshooting
• Proactive maintenance — hardware health monitoring
• Incident response & break-fix with remote-first approach

Access Levels

• Level 0 — No login; ticket + your approval required before any work
• Level 1 — Login & diagnose; your approval required to resolve
• Level 2 — Login, diagnose, fix non-restart issues; approval required for restarts
• Level 3 — Full access; login, diagnose, fix, restart; all work documented

In-Scope Services Include

• Server / Internet down management with LOM support
• Patch management — Microsoft, Apple, third-party
• OS drive disk space management
• Windows Server, Active Directory, Exchange/M365 management
• Virtualization support (VMware, Hyper-V, Citrix XenApp)
• DHCP, RDS, IIS, SharePoint, SQL Server, VSS management

Out-of-Scope

• Third-party backup configuration or data restoration
• SAN/NAS storage configuration or troubleshooting
• Direct support of third-party applications (QuickBooks, MySQL, etc.)
• Ad-hoc requests exceeding 60 minutes/month without prior approval
• Custom reports or custom monitors

Service Level Objectives

Activity	Target
Acknowledge emails	99% within 4 hours
Acknowledge tickets	95% within 4 hours
Begin work on server-down tickets (with LOM)	99.5% within 15 minutes
Begin work on critical/emergency incidents	98% within 1 hour
Status updates on critical incidents	95% every 3–4 hours
Resolution rate (full access levels)	80% within 24 hours

Service Description

Our SOC provides 24×7 monitoring, detection, investigation, escalation, and incident support, leveraging SentinelOne's AI-powered platform integrated with our SIEM, threat intelligence, and analyst workflows.

Incident Investigation & Response

• Monitor alerts and security events within our supported toolset
• Remote analysis and investigation to classify events
• Triage confirmed incidents (scope, urgency, impact) and escalate per agreed paths
• Analyze assets/traffic and document attacker profiles
• Assess potential data exfiltration using security tools

MDR — Host Isolation / Containment

• Isolate endpoints with installed agents to prevent malicious spread
• Isolated machines retain SOC connectivity but lose network/Internet access
• Contain unmanaged devices to block communication with managed endpoints
• Client must provide a list of production servers excluded from isolation

Automated Remediation

• Run scans, kill processes, quarantine files, remediate/roll back threats
• Restrict apps and isolate/contain devices via MDR agents
• Opt-out available — all actions then require analyst initiation

Your Responsibilities

• Maintain adequate Internet connectivity for monitoring tools
• Supply accurate, up-to-date Points of Contact info
• Notify us ≥24 hours in advance of maintenance/network changes
• Keep SentinelOne agents on supported versions with all managed endpoints connected and reporting
• Do not exclude machines from SentinelOne policy without coordinating with our SOC

Out-of-Scope

• Modifying network configurations or troubleshooting network performance
• Fixing database corruption or end-client training
• Hardware-related issues (disk, memory, power supply)
• ISP outages or on-site support at client locations

Service Level Objectives

Category	Target
MDR / SentinelOne Initial Threat Analysis	Within 1 hour of alert
SentinelOne Autonomous Response (if enabled)	Milliseconds — immediate upon detection
SIEM Initial Threat Analysis	Per product SKU SLO
Client Ticket — Low/Medium	Response within 4 hours
Client Ticket — High	Response within 2 hours
Client Ticket — Urgent	Response within 1 hour
Voicemail Response	Classified Urgent; 1-hour goal

MDR

Managed Detection and Response — advanced threat hunting and response delivered as a managed service.

EDR

Endpoint Detection & Response — continuous monitoring, detection, and response for threats on endpoints.

XDR

Extended Detection & Response — unified security telemetry and response across endpoints, network, cloud, and identity.

SentinelOne

AI-powered cybersecurity platform providing EPP, EDR, and XDR with autonomous threat prevention, detection, and rollback-based remediation.

Storyline™

SentinelOne's patented technology that automatically contextualizes and correlates related security events into a complete attack narrative.

Deep Visibility™

SentinelOne's advanced threat hunting engine enabling SQL-based queries of historical endpoint telemetry.

STAR

Storyline Active Response — SentinelOne's custom automated detection and response rules engine.

Ranger™

SentinelOne's passive network discovery capability mapping managed and unmanaged devices using existing agents.

EPP

Endpoint Protection Platform — pre-execution threat prevention using AI/ML and behavioral analysis.

RMM

Remote Monitoring and Management — proactive system oversight tools used by the NOC.

NOC

Network Operations Center — centralized 24/7 network monitoring and management.

SOC

Security Operations Center — 24/7 security event monitoring and incident response.

SIEM

Security Information & Event Management — centralized log collection, correlation, and alerting platform.

IoC

Indicator of Compromise — forensic artifact (IP, hash, domain, etc.) indicating a potential breach.

LotL

Living off the Land — attacker technique using legitimate system tools to evade traditional security controls.

LOM

Lights-Out Management — remote hardware management interface (e.g., iDRAC, iLO).