This Service Description and Service Level Agreement is provided for the Customer (“You” or “The
Customer”) and the Dell entity identified in the Customer’s Service Order for the purchase of this
Service (described below). This Service is provided in connection with the Customer’s separate signed master services agreement or security services schedule that explicitly authorizes the sale of managed security services. In the absence of either a master services agreement or security services schedule, this service is provided in connection with Dell’s Commercial Terms of Sale, available at http://Dell.com/CTS and incorporated by reference in its entirety herein.
The following definitions shall have the meanings as set forth below:
• Advisories – H igh-criticality threat write ups
• AttackerDB – A database of known malicious attackers determined by analyzing Dell
SecureWorks’ security device data
• Attack – Any malicious attempt to subvert, gain control, or otherwise cause damage to a
Customer network or network equipment
• Counter Threat Unit (“CTU”) research team – Dell SecureWorks’ staff who are dedicated to support the CTU Intelligence Service line.
• Malware – Software developed with a malicious intent, including, but not limited to, trojans, viruses, and rootkits
• Normal Business Hours – 8:30 a.m. 5:30 p.m. Eastern Standard Time
• Dell SecureWorks Customer Portal (“Portal”) – A secure, web-based method used to comonitor the enterprise, generate security reports, update escalation procedures, and make help desk requests
• Threat – Any technique or software used to exploit Vulnerabilities
• CTU IS Data – A ll data provided to Customers as part of the Dell SecureWorks CTU
Intelligence Service line. This includes Vulnerabilities, Advisories, and Threats.
• Truman – A Dell SecureWorks hosted resource for automated run-time analysis of malicious files. Truman can be used to obtain rapid initial assessments of several formats of files: o
Microsoft Windows Portable Executable (PE) Files (.exe) o
Microsoft Windows Dynamic Link Library (DLL) Files (.dll) o
Adobe Portable Document Format (PDF) Files (.pdf)
Truman works by executing sample files in a controlled environment, observing behavior, and characterizing observed behavior against the same countermeasures Dell SecureWorks develops and uses to protect Customer networks.
• Vulnerability – A software flaw that may be exploited to allow a malicious user or code to subvert the software or host operating system
Dell SecureWorks Confidential Page 1 of 13

Dell SecureWorks’ Vulnerability Alerts provide Customers who have subscribed to Dell SecureWorks’
CTU Intelligence Service line with detailed descriptions and analysis of current Vulnerabilities.
Vulnerabilities are processed from a number of public and private data feeds, enriched by Dell
SecureWorks’ CTU researchers, and reported in the Customer Portal. Customers can customize the feed to their individual network via asset and application mapping.
• Comprehensive Vulnerability Data Alerts with expert analysis
• Threat-level evaluation of each Vulnerability
• Customized to the Customer’s network environment
Vulnerability Example
Dell SecureWorks’ CTU research team will publish detailed decompositions of current Malware or
Threats twice monthly. Often a Threat is a representative sample of Malware code that is selected and decomposed in a detailed Malware report.
• Detailed technical analysis illustrates popular hacker attack vectors and techniques
• Threats are cross-referenced to pertinent Vulnerabilities
Dell SecureWorks Confidential Page 2 of 13

Threat Example
Advisory reports contain strategic security information regarding the current Threat landscape.
Typically, these reports are published once a month and include analysis of attack data across Dell
SecureWorks’ monitored security devices.
• Advisories are strategic security reports pertinent to the current security landscape.
• Example Topics: o
Threats we see targeting many of our Customers o
High profile threats (Clampi, Conficker, etc) o
High-criticality threats (Internet Explorer 0-day etc)
Dell SecureWorks Confidential Page 3 of 13

Advisory Example
Within one (1) business day following a Microsoft security patch release, Customers will receive a summary security report from the CTU research team outlining the contents of the Microsoft patch.
Typically, these patches occur once a month on Tuesdays.
• Provided within one (1) business day of a critical Microsoft operating system patch.
• Summarizes all Vulnerabilities including a level of criticality for the overall patch.
Within one (1) business day following a Microsoft security patch release, Customers will receive a detailed security report from the CTU research team outlining the contents of the Microsoft patch.
Typically, these patches occur once a month on Tuesdays.
• Provided within one (1) business day of a critical Microsoft operating system patch.
• Details all Vulnerabilities including a level of criticality for the overall patch.
Dell SecureWorks Confidential Page 4 of 13

MS Update Analysis Example
On a monthly basis, the CTU Intelligence team will host a security briefing describing current security
Threats and Advisories. This call is open to all CTU Intelligence Services Customers.
• Threat webinar hosted by Dell SecureWorks CTU researchers
• Review of current security concerns and hacker activities
CTU Intelligence Services Customers may contact a CTU analyst during Normal Business Hours in regards to Intelligence Data, emerging Threats, or other security concerns.
CTU Intelligence Services Customers will have support during standard business hours from CTU for escalations related to threat intelligence information, custom malware analysis, and/or focused threat research.
Dell SecureWorks correlates Attacks across thousands of monitored security devices on a daily basis.
These Attacks are processed into an Attacker Database. A data feed of the Attacker Database is provided to CTU Intelligence Services Customers. This data is updated on a daily basis.
Dell SecureWorks Confidential Page 5 of 13

• The AttackerDB contains lists of malicious IP addresses and domains identified by the Dell
SecureWorks’ MSS business and CTU research analysts.
The Customer may request custom Malware analysis from the CTU research group. The Customer will provide a copy of the Malware to be analyzed along with any related context and/or questions to help focus analysis efforts toward timely and useful results. Dell SecureWorks will analyze the Malware to address Customer requirements and provide a response detailing the analysis results. The response will be delivered via a Customer Portal ticket or another mutually agreeable format.
Service Description/Deliverables:
Targeted Threat Surveillance proactively provides contextual, researched, actionable host and network threat indicators specific to a customer to inform customer protection and response processes. Targeted Threat Surveillance subscribers will use the Dell SecureWorks Customer Portal to provide a Threat Profile consisting of customer owned network identifiers. CTU researchers will vet the list to ensure customer ownership of identifier contents using such information as Domain and
Internet Number registrar databases as well as other open source resources.
Customer Input
Customer Threat Profile comprised of network identifiers owned by the customer, such as:
• Mission critical IP addresses and host names
• Domain names
• IP address ranges (e.g., CIDR blocks)
• Quantity of Threat Profile identifiers will be determined by contracted service level. (e.g. 10,
25, 50, 100)
Proactive Monitoring For Related Threat Indicators
Dell SecureWorks will proactively monitor multiple intelligence sources for network and host threat indicators related to Customer Threat Profiles, to include:
• Indicators from collected malware processed by our three-stage automation process designed to extract network and host indicators.
• Indicators from our APT research to include network and host indicators from known APT infrastructure and associated tradecraft
• Indicators from botnets monitored by the security experts in our Counter Threat Unit research team
• Indicators from underground threat actor chatter as monitored by Dell SecureWorks
• Indicators from public dump sites such as pastebin.com
During normal business hours, CTU researchers will perform threat research on any identified threat indicators and will deliver contextual Targeted Threat Surveillance to Customer via the Dell
SecureWorks Customer Portal that may include any or all of a) the identified threat indicator, b) related threat indicators identified via link analysis, c) contextual information about observed tools, tactics, and procedures, d) observed attack telemetry based on Dell SecureWorks visibility, and e)
CTU-determined confidence level in the contextual threat indicators.
Dell SecureWorks Confidential Page 6 of 13

The CTU research team will provide real-time, emerging threat updates to CTU Intelligence Services
Customers. The Customer will typically receive five (5) updates per week via email. Updates include
CTU researchers’ comments on emerging Threats under investigation, opinions on cyber-attack news, and updates on security concerns currently being investigated by the CTU research team.
• Bulletin data is delivered via email and provides insight into current security topics under the
CTU research teams’ scrutiny. o
Topics are often unverified and may not result in a security Advisory or Vulnerability posting. o
Bulletins are designed to keep the Customer abreast of security issues in real time.
Emerging Threat Example
On a weekly basis, a PDF report outlining the last seven (7) days of Threats, Vulnerabilities, and
Advisories will be provided to CTU IS Customers via the Portal. This report also contains the daily CTU
Cyber Security Index across the entire week.
• Provided Monday of every week via email
• Summary reports contain a breakdown of Vulnerabilities identified over the last week and a review of emerging Threat bulletins.
• Alert summary data from more than 30,000 monitored security devices is included when pertinent.
Dell SecureWorks Confidential Page 7 of 13

Weekly Intelligence Summary Example
On a bi-monthly basis, a report highlighting the last two weeks of major issues and trends as determined by Dell SecureWorks’ CTU research analysts will be made available to CTU IS the
Customers via the Customer Portal.
• Such report will highlight stories from public news sources with a focus on issues impacting critical infrastructure sectors; and
• Shall be published within one (1) business day of 1st and 15th of each month.
Dell SecureWorks Confidential Page 8 of 13

All CTU IS Customers will have access to the Portal. The Portal provides reports, search criteria, and a help desk ticketing system.
• The Portal provides on demand access to all Advisories, Threats, and Vulnerabilities via searchable reports.
• Applications can be mapped to assets and assigned a criticality to drive risk reporting and customize CTU IS data.
• The Portal provides a help desk ticketing system that can be used to escalate issues to Dell
SecureWorks’ security operations centers
An XML data feed of Threats, Vulnerabilities, and Advisories is available in the Portal. The XML feed allows CTU IS Customers to export Intelligence data systematically into the Customer’s own ticketing systems.
• All Advisory, Threat, and Vulnerability data is available in XML format from the Portal.
• Typically, a Customer utilizing the XML feed will configure their ticketing system to pull CTU IS data every few hours.
Dell SecureWorks Confidential Page 9 of 13

The following service level agreements (SLAs) shall apply to the CTU Intelligence Services provided hereunder, subject to the terms, conditions and limitations contained herein:
Vulnerabilities have a maximum time to publication based on each Vulnerability’s severity. Time to publication is defined as the time period from when a Vulnerability is disclosed to when it is published in the Dell SecureWorks Customer Portal.
Service Level Commitment
Vulnerabilities will be published within three (3) business days.
• Typically vulnerabilities will be published within 1 business day.
Service Level Commitment
A minimum of two (2) Threat analyses will be provided per month.
Service Level Commitment
Advisories will be published within one (1) business day for threats meeting the following criteria:
• Critical Severity
• Applies to the majority of Dell SecureWorks Customers
• Low to medium degree of countermeasure coverage by third party devices
• Need for the Customer to take action
Service Level Commitment
A Microsoft Update Summary report will be provided within one (1) business day of a critical Microsoft operating system patch.
Service Level Commitment
A Microsoft Update Analysis report will be provided within one (1) business day of a critical Microsoft operating system patch.
Service Level Commitment
At least one (1) security intelligence webinar will be delivered per month.
The applicable SKU for this service line is: TI-ADDON-CTU
Dell SecureWorks Confidential Page 10 of 13

Service Level Commitment
• A CTU researcher will respond within one (1) business day to escalation by the Customer.
• Up to fifteen (15) escalations per month or six (6) hours of research and phone/email time is allowed.
Applicable SKUs for this service line are: TI-CTU or TI-CTU-NON-MSS
Service Level Commitment
• Up to 40 hours per month of CTU Support to include CTU Support, Malware Analysis, and focused threat research.
• CTU researchers will respond within one (1) business day of Customer escalations via the
Customer Portal.
• CTU researchers will provide the Customer with access to TRUMAN for self-service automated malware analysis.
• CTU researchers will perform malware analysis at the Customer’s request. The Customer will provide samples for analysis via a Customer Portal ticket in password-protected .ZIP file along with related context / questions. A CTU researcher will provide initial assessment within one
(1) business day via the ticket created by the Customer. The Customer may request additional analysis and/or a formal report based on initial assessment. The CTU team will negotiate further delivery with the Customer based on complexity of issue.
• CTU researchers will optionally participate in a weekly teleconference with the Customer, at the Customer’s direction, to discuss intelligence issues, malware analysis results, and/or focused threat research based on the Customer’s security context.
• CTU researchers will perform focused threat research on request and provide the Customer with relevant intelligence findings, as discovered, which shall be made available to the
Customer via the Customer Portal, teleconferences, or reports, as determined by the parties.
The Customer may request threat research into specific issues of importance. Dell
SecureWorks reserves the right to decline specific threat research requests.
The applicable SKU for this service line is: TI-ADDON-ADB
Service Level Commitment
AttackerDB data is accessible through the Dell SecureWorks Customer Portal in both CSV and XML format.
The applicable SKU for this service line is: TI-ADDON-MALCODE
Service Level Commitment
• CTU researchers will perform malware analysis at the Customer’s request. The Customer will provide samples for analysis via a Customer Portal ticket in a password-protected .ZIP file along with related context / questions.
• A CTU researcher will provide initial assessment within one (1) business day via the ticket created by the Customer. The Customer may request additional analysis and/or a formal report based on initial assessment. The CTU team will negotiate further delivery with the
Customer based on complexity of issue.
Dell SecureWorks Confidential Page 11 of 13

• Malware analysis requests are limited to sixty (60) hours of total research per contract year.
Applicable SKUS for this service line are in the format:
SKU: TI-TARGET-#
Service Level Commitment:
• CTU will process Customer Threat Profile input (number of items determined by service level) for inclusion into Customer Threat Profile within one business day of submission by
Customer. Threat Profile items will be vetted by CTU researchers to ensure ownership by
Customer. Where ownership of provided identifiers is in question or analysis may result in information outside of customer specific quality threat indicators (i.e. competitive or unlawful information), the CTU reserves the right to question and/or refuse requested updates to the
Threat Profile.
• CTU will provide contextual, researched, actionable host and network threat indicators to
Customer via the Customer Portal as new threat indicators are identified and analyzed.
Service Level Commitment
• Bulletins are provided during normal business hours.
• A minimum of five bulletins will be provided each week.
Service Level Commitment
One summary to be provided weekly.
Service Level Commitment
Two (2) Cyber Security Roundup reports published per month.
In the event that a Service Level Agreement outlined in this Section IV is not met, the Customer shall be entitled to receive an SLA credit (subject to procedures outlined in the Additional Service Rules,
Regulations, and Conditions section below) equal to 1/30 th of the monthly Service Fee for the applicable Service for each business day that the Service Level Agreement is not met.
Dell SecureWorks Confidential Page 12 of 13

a.
Initiation of Dell SecureWorks’ services in a Customer network does not achieve the impossible goal of risk elimination;, and therefore, Dell SecureWorks makes no guarantee that intrusions, compromises, or any other unauthorized activity will not occur on the Customer’s network. b.
Dell SecureWorks may schedule maintenance outages with 24-hours’ notice to designated
Customer contacts. c.
The Customer will receive credit for any failure to meet the SLAs outlined above within thirty
(30) days of notification of such failure. In order for the Customer to receive an SLA credit, the notification of the SLA failure must be submitted to Dell SecureWorks within thirty (30) days of the failure. Dell SecureWorks will research the request and respond to the Customer within thirty (30) days from the date of the request. The total amount credited to the Customer in connection with the above SLAs in any calendar month will not exceed the service fees paid by the Customer for such month. Except as otherwise expressly provided, the foregoing shall be the Customer’s exclusive remedy for failure to meet or exceed the foregoing SLAs. d.
Dell SecureWorks may use various methods and tools to probe network resources and publicly available sources for security-related information and to detect actual or potential security flaws and vulnerabilities. Dell SecureWorks expressly disclaims all warranties for its
Intelligence services of any kind, express or implied, to the fullest extent permitted by law, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Dell SecureWorks Confidential Page 13 of 13