Service Description: Total IT Enhanced Cybersecurity

Total IT Enhanced Cybersecurity, is an optional add-on service available to clients subscribed to eligible Total IT service offerings. This service is comprised of three integrated components: Managed SOC/SIEM with MDR for continuous security monitoring and incident response, Vulnerability Management for the ongoing identification and prioritization of security risks, and an Annual Security Maturity Level Assessment (SMLA) to evaluate cybersecurity control maturity against recognized frameworks. Total IT Enhanced Cybersecurity is designed to supplement the client’s existing managed IT services and is delivered in accordance with the scope, dependencies, and service descriptions defined herein and in the applicable service agreement.

Managed SOC/SIEM and MDR

Our Managed SOC/SIEM service with Managed Detection and Response is a security monitoring and response service designed to help detect, investigate, and respond to threats across endpoints, identities, email, network infrastructure, and can be extended to cloud workloads.

This service combines:

  • SIEM capabilities for centralized log collection, correlation, and search to provide visibility, context, and investigative depth.
  • MDR operations with 24×7 monitoring, triage, and response to reduce time to detect and contain threats.

Searchable (Primary) Retention

Searchable retention refers to the period during which log data remains immediately accessible (hot) for investigations, threat hunting, and rapid incident response. Fast, low latency access to recent log data

  • 1-year searchable retention
  • Continuous enrichment, correlation, and analyst ready context

Long‑Term Retention Option

For clients with audit, regulatory, and historical investigation requirements, long‑term retention options are available at an additional monthly charge.

How It Works

Continuous Monitoring & Detection

  • 24×7 Alert Monitoring and Triage
    • Security events are continuously analyzed and prioritized.
    • Alerts are categorized (informational, suspicious, malicious) and deduplicated when appropriate.
  • Correlation Across Domains
    • The primary advantage of SIEM is that it can correlate signals across endpoints, identity, email, cloud, and network to expose multistage attacks (e.g., phishing → credential theft → lateral movement).
  • Threat Intelligence & Contextual Enrichment
    • Events are enriched with context: user/device identity, geographic and network sources, known indicators of compromise, and vulnerability posture where available.

Investigation and Response (MDR)

  • Managed Response – Analysts investigate, validate incidents, and recommend or execute containment steps 24/7/365. Response such as:
    • isolate an endpoint, disable a user session, block a malicious domain or IP
    • open or update tickets, notify stakeholders, collect evidence
    • enrich alerts with additional lookups and “next best action” guidance
  • Major Incident Communication & Reporting provides incident summaries, recommended remediation, and post incident guidance.

Frequently Asked Questions (FAQs)

  1. How long is security data retained and searchable? Total IT Enhanced Cybersecurity includes one (1) year of searchable security event retention for investigation, threat hunting, and incident response. This retention period aligns with common industry practices and supports most operational, insurance, and compliance needs.
  2. Can we retain security data longer than one year? Yes. Extended retention options are available for clients with regulatory, legal, or audit requirements that exceed the standard one‑year retention period. Extended retention is available at an additional monthly cost and must be scoped based on data volume and requirements.
  3. What sources are typically included, and why are firewall/cloud logs sometimes extra? Endpoints and core security telemetry are often more predictable in volume. Firewall and cloud logs can be high-volume and vary significantly by environment (traffic levels, audit verbosity, enabled services). Because of this variability, they are priced based on the ingestion rate/volume to keep costs fair and transparent.

Return to top

Vulnerability Management Service

Our Vulnerability Management Service provides identification, prioritization, and remediation guidance for security vulnerabilities and exposures across your environment. The service delivers continuous visibility into risks and includes structured quarterly reporting reviews. It integrates seamlessly with our Managed Services portfolio and supports organizations needing to demonstrate an active vulnerability management program, cyber insurance, or compliance for example.

Key Features

  • Quarterly vulnerability and exposure reporting review
  • Risk scoring and prioritization of vulnerabilities
  • Integration with existing security tools and services (Patch Management, EDR, Email Threat Protection, MFA, Web/DNS Protection, Security Awareness Training)
  • Reporting and executive summaries
  • Remediation of vulnerabilities covered under other ITS Managed Services offerings purchased by the client

How It Works

  1. Exposures and Vulnerability Detection: Continuous detection of vulnerabilities, misconfigurations, and exposures across devices, identities, and data.
  2. Analysis: Evaluate vulnerabilities for potential impact and likelihood of exploitation.
  3. Prioritization: Rank vulnerabilities by severity and business risk.
  4. Remediation: ITS remediates those vulnerabilities covered under existing Managed Services offers the client has purchased (Total IT, Amplify Endpoint, Cybersecurity, etc.). Remediation is not included as part of this Vulnerability Management service by itself.  Please note: Remediation requiring hardware or software upgrades, new feature deployment, or efforts outside the scope of client selected ITS Managed Services, is not included under this service.
  5. Reporting: Provide executive level reports for visibility and compliance tracking.
  6. Quarterly meeting: Review report.

Benefits

  • Reduced risk through proactive vulnerability management
  • Reduced attack surface
  • Improved compliance posture
  • Enhanced integration with existing security services
  • Continuous improvement of your security environment

Frequently Asked Questions

  1. What is Vulnerability Management and why do I need it? It is the ongoing process of identifying, prioritizing, and addressing vulnerabilities and exposures to reduce risk, improve resilience, and support compliance requirements.
  2. How often are assessments performed? Continuous monitoring provides ongoing visibility. ITS provides a quarterly reporting review summarizing key findings, trends, and remediation progress.
  3. How does this differ from a one-time assessment?  Unlike a one-time assessment, this service includes remediation and integration with other managed security services.
    Are all vulnerability remediation efforts included in the offer? ITS remediates vulnerabilities in systems and software that are supported by the customer’s other ITS Managed Services, including:

    • Patch Management (Infrastructure, Endpoint)
    • Endpoint Detection and Response (EDR).
    • Remediation is not included for out-of-scope items.

Return to top

Annual Security Maturity Level Assessment (SMLA)

ITS’s Security Maturity Level Assessment (SMLA) is an annual, interview-based evaluation of a client’s cybersecurity posture against the CIS Critical Security Controls (Top 18). The SMLA provides leadership with a clear, business-aligned understanding of how security controls are implemented, managed, and governed across the organization.

SMLA is essential for organizations looking to justify and prioritize their information security investments. An annual SMLA can help organizations satisfy requirements from Cyber Insurance and other third-party risk assessments for having a formalized risk assessment program.

The assessment uses structured conversations with stakeholders across management, IT, and operations to capture both current practices and intent. Where helpful and convenient, ITS may review existing policies or governance documents to support findings; document review is optional and not required to complete the assessment.

The primary output is a concise report with a CIS Maturity Level Rating scale of 0 through 5 (where each level represents a progressively consistent, governed, and optimized implementation of a control), for each control, plus prioritized recommendations to guide the organization’s cybersecurity roadmap for the next year.

How It Works

Structured Interviews

  • Facilitate guided interviews mapped to the CIS 18 controls.
  • Capture how controls are:
    • implemented (tools, configurations, coverage),
    • operated (day-to-day execution, consistency),
    • governed (ownership, approvals, accountability),
    • measured (metrics, testing, audits, reviews),
    • improved (remediation and continuous improvement).

Assess the Information

  • Assign a 0–5 maturity rating per control using a consistent rubric.
  • Document key observations and themes (strengths, gaps, operational constraints, and risk drivers).
  • Identify quick wins and longer-term program improvements.

Report & Roadmap

  • Provide a business-ready report including:
    • Executive summary and top priorities
    • Maturity scores (0–5) for each CIS control
    • Recommendations prioritized by risk reduction and effort
    • A practical 12-month roadmap (phased actions, proposed projects, suggested sequencing)
  • Includes year-over-year comparison when prior SMLA results are available.

Frequently Asked Questions (FAQs)

  1. Is this a technical test (pen test, vulnerability scan, configuration audit)?  No. SMLA is a maturity and governance assessment, not an exploitation test or technical scan. It focuses on how effectively controls are implemented, operated, governed, and improved. If desired, results can inform where technical validation would add the most value.
  2. Who should participate in SMLA?  The goal is to align intent and execution across the organization.
    • Leadership/Management (risk priorities, governance, resourcing)
    • IT/Security (operations, identity, endpoint, infrastructure, cloud)
    • Operations/Business Owners (critical workflows, third parties, continuity needs)
  3. Why does this go beyond “having security tools in place”? Security tools alone don’t automatically create a mature program. The SMLA evaluates whether controls are repeatable, owned, measured, and continuously improved, including governance, accountability, and operational consistency. This helps leadership prioritize investments that tools alone cannot address (e.g., ownership gaps, inconsistent processes, lack of metrics, incomplete incident readiness).
  4. What are the CIS 18 controls? The Center for Internet Security (CIS) has defined controls to strengthen a customer’s cybersecurity posture. The 18 are the critical security controls to mitigate the most common and damaging cyberattacks.
    1. Inventory and Control of Enterprise Assets
    2. Inventory and Control of Software Assets
    3. Data Protection
    4. Secure Configuration of Enterprise Assets and Software
    5. Account Management
    6. Access Control Management
    7. Continuous Vulnerability Management
    8. Audit Log Management
    9. Email and Web Browser Protections
    10. Malware Defenses
    11. Data Recovery
    12. Network Infrastructure Management
    13. Network Monitoring and Defense
    14. Security Awareness and Skills Training
    15. Service Provider Management
    16. Application Software Security
    17. Incident Response Management
    18. Penetration Testing

Return to top