Offer Description Cisco Cloud Security Service

Transcription

1 Page 1 of 1 Offer Description Cisco Cloud Security Service This document sets out the features and functionalities of the Cisco Cloud Security service ( CES or the Service ) that Cisco will provide to the customer ( Customer or you ), for which Cisco has been paid, and continues to be paid, the appropriate fee. The Cisco Universal Cloud Services Agreement ( SaaS Agreement ) shall govern your use of the features and functionalities provided in this Offer Description. If you are purchasing services directly from Cisco, this Offer Description and the SaaS Agreement are both incorporated into your agreement with Cisco. Capitalized terms used herein and not defined herein, shall have the meanings given to them in the SaaS Agreement. A copy of the SaaS Agreement is currently located at: If you re buying through a reseller, you accept the terms of the SaaS Agreement by using the Service, unless the SaaS Agreement is otherwise incorporated into your arrangement with the reseller. All non-conflicting and additional terms and conditions in your purchase agreement with reseller remain applicable to this purchase, as between you and your reseller. Your use of the Service (independent of the purchase terms) is governed by the SaaS Agreement and the SaaS Agreement takes precedence in regards how you use the Service. Overview The Service is a cloud-based security service that helps the Customer block spam and security threats from the Internet and, depending on the features licensed, prevent the accidental or intentional leakage of the Customer s data. Functionality CES offers inbound protection and outbound control of the Customer s traffic. The following feature functionalities are available as part of the Service depending on the licensed features purchased: Anti-spam Intelligent Multi-scan Anti-spam Anti-virus Outbreak Filters Advanced Malware Protection Safe Unsubscribe Image Analysis Encryption Data Loss Prevention The Service is delivered on a co-managed model. Cisco is responsible for the operation, maintenance of hardware, network infrastructure, virtual infrastructure, and application software. The Customer is responsible for the configuration of the Service and modifications such as

2 Page 2 of 1 additional domains, safelists, blocklists, and policy configurations. administrative access to the application software. Customers are granted Inbound Anti-spam Protection When the Customer configures the inbound Internet flow to be filtered several layers of protection are implemented to classify messages as spam. The valid actions to take on spam are blocking, accepting, tagging, and quarantining. Intelligent Multi-scan Anti-spam This adds an additional classification engine, the Cloudmark Authority engine. The additional engine results are combined with the results of the standard anti-spam classification engine to increase classification accuracy. Inbound Anti-virus Protection The flow passing through CES will be scanned using a signature-based scanner. The default anti-virus scanner is Sophos, and an optional add-on license for McAfee is available. Outbreak Filters Outbreak filters are used to detect zero-hour viruses, -web blended threats, URL classifications and URL reputations. Advanced Malware Protection Advanced Malware Protection ( AMP ) is an optional feature that is applied to inbound attachments as a way to conduct file reputation analysis and file sandboxing. Reputation scores for files are looked up in the AMP cloud to determine if they have previously been detected as a malicious file. Files with an unknown reputation may be optionally directed to the AMP cloud to be sandboxed, where they are analyzed for malicious behavior and a verdict returned on its reputation. AMP is designed to help detect malware that is designed to evade traditional signature-based anti-virus applications. Safe Unsubscribe Safe Unsubscribe is an optional feature that allows recipients of unwanted non-spam messages to safely unsubscribe from the distribution list used by the sender to send . This is done by using a third party to process the unsubscribe request, thus protecting the user from fraudulent use of the unsubscribe link of an . Image Analysis Image Analysis is an optional feature that classifies images in messages to determine if they are pornographic. It is useful for detecting violations of acceptable use policies. Encryption The Encryption features of CES leverage the Cisco Registered Envelope Service (CRES) for the secure delivery of messages to the intended recipient, maintaining confidentiality of the s in transit across the Internet and in the recipient s box. Data Loss Prevention The Data Loss Prevention feature of CES is applied to outbound s and scans the content of s to enforce Customer policies relating to regulatory requirements, acceptable use policies, and intellectual property. It offers multiple turn-key policy sets for common policy regimes such as PCI DSS, HIPAA, SOX, and GLB. Deployment Deployments of CES may include the Customer directing its inbound Internet flow to the Service for scanning by configuring its DNS MX records to point to the Service. Cleaned and scanned inbound s are then forwarded to the Customer s on-premises mail servers or to the Customer s mailbox hosting service, if the Customer is so configured.

3 Page 3 of 1 The Customer may also direct outbound mail flow through the Service. Browser Requirements To access the Service s web-based UI, the browser must support and be enabled to accept JavaScript and cookies, and it must be able to render HTML pages containing Cascading Style Sheets (CSS). The following browsers are supported when using the Service: Firefox 3.6 Windows XP and Vista: Internet Explorer 7 and 8 Windows 7: Internet Explorer 8 and 9, Google Chrome, Firefox 4 Mac OS X: Safari 4 and later, Firefox 4 Do not use (a) multiple browser windows or tabs simultaneously to make changes to the appliance, or (b) concurrent GUI and CLI sessions. Doing either of these will cause unexpected behavior and could render the Service inoperable. The browser s pop-up blocking settings must be disabled in order to use the Service s GUI because some buttons or links in the interface will cause additional windows to open. Customer Responsibilities Customer shall supply Cisco with all technical data and other information Cisco may reasonably request to allow Cisco to supply the Service to the Customer, including a completed deployment questionnaire. Cisco cannot make the Service available unless it receives all required information. Customer is responsible for implementing and using strong passwords for accessing the Service and the associated support portal. The following are common guidelines for choosing strong passwords. These are designed to make passwords less easily discovered by intelligent guessing: Include a combination of numbers, symbols, upper and lowercase letters in passwords, Password length should be around 12 to 14 characters, and Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information (e.g., dates, ID numbers, ancestors names or dates, etc.). Customer or its designated personnel must not change the password for Cisco support services or delete the support user ID. In making the Service available, Cisco may instruct the Customer to perform certain tasks or checks relating to Customer s network. Customer shall, at its expense, perform all such checks and tests. Customer will also provide Cisco, or its authorized representative, reasonable and free access to Customer s networking equipment. Customer shall not be required to furnish specialized equipment or know-how. Customer agrees to pay Cisco, at Cisco's then-current rates, plus any reasonable actual out-ofpocket expenses, for any rework or additional professional services requested by Customer (and accepted by Cisco) or any act or omission of Customer, including providing inaccurate information to Cisco, that is required to enable Customer to access the Service. Cisco shall seek Customer s approval in advance of incurring such costs if it knows costs will be incurred as a result of such act or omission of Customer. Customer is responsible for obtaining all approvals required by any third parties in order for Cisco to perform any such professional services. Cisco shall not be in default of its obligation to provide the Service either because such approvals have not been obtained or any third party otherwise prevents Cisco from providing the Service.

4 Page 4 of 1 Customer assumes full responsibility to back-up and/or otherwise protect all data other than configuration data against loss, damage, or destruction. Customer is responsible for any security events that result from any unauthorized configuration of the Service components by Customer s personnel. These include, but are not limited to, configuring CES service components in a manner not prescribed in the Documentation, creating an open relay, changing the network configuration set by Cisco, or shutting down the Cisco infrastructure. CES is a security service. Cisco periodically audits customer usage and if Cisco determines that the Customer is using CES as an outbound bulk delivery service, Cisco may require additional services be purchased by the Customer or require the Customer to re-architect the flow to exclude CES from the outbound bulk flow. Cisco reserves the right to require Customer to purchase additional licenses if the number of actual distinct users (as shown by Cisco s traffic logs) exceeds the number of licenses purchased. The failure of Customer to comply with any of the aforementioned Customer Responsibilities shall be considered a material breach and could lead to termination of Customer s access to the Service. Capacity Assurance As long as Customer has paid all applicable fees, Cisco will, in its sole and reasonable discretion, provide additional capacity to handle an increase in spam volumes and inbound for the number of users specified on the Order. Any such additional capacity for CES includes capacity to handle an increase in spam volumes and inbound . Cisco will use its commercially reasonable efforts to provide capacity for events that were unforeseen by the Customer. Any such additional capacity made available will not exceed 50% of the initial deployed capacity. The above assurance does not apply to: 1. Capacity requirements placed on the Service due to misconfigured, ill-formed or performance intensive activities that include but are not limited to body-scanning, or content dictionaries. 2. Capacity needs placed on the Service due to new requirements as a result of a changing regulatory scheme or business environment. 3. Capacity needs placed on the Service from non-users including, but not limited to, marketing communications, Customer s customers, or an generating program or entity. 4. An increase in volume from marketing campaigns and other application-generated s. Service Level Agreements (SLAs) For the purposes of this Section regarding SLAs, the following defined terms apply: Spam is unsolicited or unauthorized bulk electronic mail (SMTP only), and excludes unwanted marketing messages that include opt-out provisions. Caught Spam is Spam either quarantined or categorized as a threat message in the user interface. Missed Spam is Spam delivered to an end user s inbox. Virus is a binary or executable code whose purpose is to gather information from the infected host, change or destroy data on the infected host, use inordinate system resources in the form of memory, disk space, CPU cycles or network bandwidth on the infected host, use the infected host to replicate itself to other hosts, or provide control or access to any of the infected host s system resources. A Virus does not include: (1) text messages that use fraudulent claims to deceive the customer, and/or prompt the

5 Page 5 of 1 customer to action, (2) a binary or executable code installed or run by the end user that gathers information for sales or marketing purposes, (3) a virus that may be detected and cleaned by other virus scanning products, or (4) an ineffective or inactive virus fragment. Known Virus is defined solely by the provider of anti-virus software that is used for a specific message or file. Uptime Service Level Agreement The Service will accept connections on Port 25 and process at least % over a trailing one-year period. Uptime is determined by dividing the total number of minutes the Service was processing divided by the number of minutes in a one-year period or 525,600 minutes. A Service downtime must exceed 30 seconds per occurrence for it to be considered an infraction. An infraction is limited to a single incident, and separate downtime occurrences cannot be aggregated. Uptime is determined and validated by an industry-recognized third-party monitoring service that performs service-level checks from various locations on the Internet. If Customer experiences a downtime infraction, then subject to the General Exceptions (defined below), Customer will be entitled to the applicable service credit (as set forth in the table below) as its sole and exclusive remedy: Service Credit for Actual Uptime <99.999% Customer may only make a total of two (2) claims for service credits for a downtime occurrence within a rolling three hundred sixty-five (365) day period. If Customer experiences three (3) or more downtime occurrences within a rolling three hundred sixty-five (365) day period, Cisco and Customer will come to a written agreement, within thirty (30) days of Customer providing notice of such occurrence, on the next course of action. If Customer experiences more than five (5) downtime occurrences within a rolling three hundred sixty-five (365) day period and Cisco fails to provide a reasonable written plan of permanent corrective action to Customer within 30 days after notice to Cisco of the fifth (5 th ) downtime occurrence, then Customer shall have the right to cancel the Service at no cost or obligation and no financial responsibility for any future payments. Delivery Time Service Level Agreement The Service will process messages such that the monthly Average Time in the Work Queue of the Service (as shown in the User Interface) will be less than one (1) minute based on a calendar month, provided, that the quantity of messages above 10MB sent to the Service does not exceed 0.01% of all traffic. The Average Time in the Work Queue is the amount of time spent processing a message from the point at which the message is accepted via SMTP to the first SMTP delivery attempt from the Service. If Customer experiences a delivery time infraction, then subject to the General Exceptions (defined below), Customer will be entitled to the applicable service credit (as set forth in the table below) as its sole and exclusive remedy: Monthly Average

6 Page 6 of 1 Time in the Work Queue >1 minute Customer may only make a total of two (2) claims for service credits for a delivery delay occurrence within a rolling three hundred sixty-five (365) day period. If Customer experiences three (3) or more delivery delay occurrences within a rolling three hundred sixty-five (365) day period, Cisco and Customer will come to a written agreement, within thirty (30) days of Customer providing notice of such occurrence, on the next course of action. If Customer experiences more than five (5) delivery time infractions within a rolling three hundred sixty-five (365) day period and Cisco fails to provide a reasonable written plan of permanent corrective action to Customer within 30 days after notice to Cisco of the fifth (5 th ) occurrence, then Customer shall have the right to cancel the Services at no cost or obligation and no financial responsibility for any future payments. Anti-Spam Service Level Agreement The Service will detect and stop at least 99% of all inbound Spam that is routed through the Service. This Spam Catch Rate is determined by dividing Caught Spam by the sum of the Caught Spam and the number of Missed Spam, during a trailing thirty (30) day period. Exception Marketing s with opt-out provisions will not be counted as a Missed Spam. If Customer experiences a Spam Catch Rate infraction, and subject to the exception above and the General Exceptions (defined below), then the Customer will be entitled to the applicable service credit (as set forth in the table below) as its sole and exclusive remedy: Service Credit for Spam Catch Rate <99% Within any given three hundred sixty-five (365) day period, Customer may only make a total of two (2) claims for service credits that the Anti-Spam SLA is not being met. If Customer experiences three (3) or more Spam Catch Rate infractions within a rolling three hundred sixtyfive (365) day period, then Cisco and Customer will come to a written agreement, within thirty (30) days of Customer providing notice of such occurrence, on the next course of action. False Positive Rate Service Level Agreement The Service will not categorize legitimate inbound as Spam more than one (1) time per one million (1,000,000) messages processed. This False Positive Rate is determined by dividing the number of non-spam messages misclassified as Spam by the total attempted messages processed over a trailing thirty (30) day period, as set forth in the user interface. Exceptions messages from legitimate senders whose IP addresses may be compromised due to an unforeseen event will not be counted towards the False Positive Rate. Cisco will make a determination in good faith based on its system logs, monitoring reports and configuration records for such senders. In addition, marketing s with opt-out provisions will not be counted towards the False Positive Rate.

7 Page 7 of 1 If Customer experiences a False Positive Rate infraction and subject to the General Exceptions (as defined below) and the exceptions set forth above, then the Customer will be entitled to the applicable service credit (as set forth in the table below) as its sole and exclusive remedy: Service Credit for False Positive Rate > 1 message in 1,000,000 Within any given three hundred sixty-five (365) day period, Customer may only make a total of two (2) claims for service credits that the False Positive Rate SLA is not being met. If Customer experiences three (3) or more False Positive Rate infractions within a rolling three hundred sixtyfive (365) day period, then Cisco and Customer will come to a written agreement, within thirty (30) days of Customer providing notice of such occurrence, on the next course of action. Virus Catch Rate Service Level Agreement The Service will detect and stop one hundred percent (100%) of all Known Viruses that are routed through the Service within thirty (30) minutes of when the applicable anti-virus provider releases a signature for the platform (the Virus Catch Rate ). Exceptions Messages that contain a URL to a website hosting malware are not included. If Customer experiences a Virus Catch Rate infraction and subject to the General Exceptions (defined below) and the exception set forth above, then the Customer will be entitled to the applicable service credit (as set forth in the table below) as its sole and exclusive remedy: Service Credit for Virus Catch Rate <100% Within any given three hundred sixty-five (365) day period, Customer may only make a total of two (2) claims for service credits that this Virus Catch Rate SLA is not being met. If Customer experiences three (3) or more occurrences within a rolling three hundred sixty-five (365) day period that this Virus Catch Rate SLA is not being met, then Cisco and Customer will come to a written agreement, within thirty (30) days of Customer providing notice of such occurrence, on the next course of action. CRES Uptime Service Level Agreement The Cisco Registered Envelope Service ( CRES ) will be Operational at least % of the time, over a trailing one-year period. For the purposes of this Section, Operational means that Customer will have access to CRES for the purposes of: (1) encrypting s; (2) enabling secure envelope recipient actions (e.g. opening, secure reply, secure forward, and/or forwarding to mobile@res.cisco.com); and (3) CRES user account access. CRES uptime is determined by

8 Page 8 of 1 dividing the total number of minutes CRES was Operational divided by the number of minutes in a one year period or 525,600 minutes. Consequently, an infraction is a minimum of thirty (30) seconds of CRES downtime. An infraction is limited to a single incident, and separate downtime occurrences cannot be aggregated. CRES uptime is determined and validated by an industryrecognized third-party monitoring service that performs service-level checks from various locations on the Internet. Exceptions This CRES Uptime SLA excludes any downtime resulting from Customer s administrator account access. If the Customer experiences a CRES SLA infraction, subject to the General Exceptions (defined below) and the exception set forth above, then the Customer will be entitled to the applicable service credit (as set forth in the table below) as its sole and exclusive remedy: Service Credit for CRES Uptime <99.999% Within any given three hundred sixty-five (365) day period, Customer may only make a total of two (2) claims that the CRES Uptime SLA is not being met. If Customer experiences three (3) or more occurrences within a rolling three hundred sixty-five (365) day period that the CRES Uptime SLA is not being met, Cisco and Customer will come to a written agreement, within thirty (30) days of Customer providing notice of such occurrence, on the next course of action. General SLA Conditions All remedies for service credits referred to above are conditioned upon the Customer having paid all applicable fees and fulfilled all of its obligations under this Offer Description and Customer submitting a claim in accordance with the SLA Claim Procedure below. Service credits do not apply as a result of the Service not meeting a particular SLA due to any of the following ( General Exceptions ): Customer-requested hardware or software upgrades, facility upgrades, or other similar Customer-led network interruptions, A scheduled maintenance period that was announced at least 24 hours in advance, Hardware, software or other data center equipment or services not in the control of Cisco or within the scope of the Service, Hardware or software configuration changes made by the Customer, Denial of Service attacks on the installed security infrastructure or ancillary services such as SenderBase, or Events outside Cisco s reasonable control, including without limitation acts of God, earthquake, labor disputes, industry wide shortages of supplies, actions of governmental entities, riots, war, terrorism, fire, epidemics, or delays of common carriers. With respect to the False Positive Rate SLA, the following conditions also apply: SenderBase reputation filters must be enabled at default levels or more conservatively, Customer must have the reputation messages per connection multiplier set to the default value,

9 Page 9 of 1 Customer must have IronPort Anti-Spam (IPAS) block settings at the default value or more conservatively, Customer must have IronPort Anti-Spam quarantine enabled with settings at default or more conservatively, The Customer must have SenderBase Network Participation enabled, The Customer must provide copies of false positive messages to Cisco, Customer must provide the domains covered by the Service, the number of mailboxes and the incoming mail report for the last 30 days, and Customers must only enable IPAS for spam scanning to qualify. Failure to comply with any of the above conditions may prohibit or limit Customer s right to receive a service credit with respect to the False Positive Rate SLA. With respect to the Virus Catch Rate SLA, the following conditions also apply: Customer must have SenderBase reputation filters enabled at a default level or more aggressively, SenderBase Network Participation must be enabled, Customer must provide all samples of missed Viruses to Cisco, Customer must ensure that the message was scanned by the anti-virus engine (e.g. message did not exceed the maximum scanning size limit), and Customer must provide the domains covered by the service, the number of mailboxes and the incoming mail report for the last 30 days. Failure to comply with any of the above conditions may prohibit or limit Customer s right to receive a service credit with respect to the Virus Catch Rate SLA. SLA Claim Procedure Customer must make a claim for a service credit within thirty (30) days of the claimed infraction. Each claim must be supported with evidence from message logs, sample messages, support ticket numbers, ping or trace route data, reporting data or other applicable method for documenting the occurrence and duration of the claimed infraction. Customer must certify that (1) no Customer-initiated changes or actions were responsible for the occurrence resulting in the claimed infraction, and (2) Customer did not ignore warnings by Cisco of a Customer behavior that is responsible for such occurrence for example, the presence of a mail loop due to configuration within or external to the Service, creating a policy bypass around anti-spam policies in the policy configuration, creating a policy bypass around anti-virus filtering in the configuration, or misconfiguration of an encryption profile or failure to permit upgrade of the PXE-SDK or software version of the Service. Customer must submit all claims for service credits via a support ticket. Cisco will evaluate the claim, respond within forty-eight (48) hours with acceptance of validity of the claim, and, if applicable, make restitution under the applicable remedy section within thirty (30) days following such response. Technical Support Cisco operates a 24/7 help desk for the Service which comprises both Tier 1 and Tier 2 engineers. All issues must be logged with Tier 1 engineers in the first instance. If an issue is not resolved by Tier 1 engineers, then the issue will be escalated to Tier 2 engineers for resolution. If Tier 2 engineers are unable to resolve the issue, then they will escalate the issue internally to Cisco application engineers for resolution. Customer is responsible for (1) using reasonable efforts to internally resolve any support questions prior to contacting Cisco, and (2) reporting any and all errors promptly in writing in English and for providing sufficient information to Cisco to enable Cisco to reproduce the circumstances indicating a reported defect or error. Customer shall provide technical information

10 Page 10 of 1 as may be required by Cisco, including but not limited to IP addresses for Customer s existing solution. Customer can contact Cisco for support issues regarding the Service at the following: Helpdesk Numbers Region Phone Number Europe/Middle East/Africa security@cisco.com +44 (0) Americas/Asia-Pacific security@cisco.com Australia/New Zealand security@cisco.com Severity Definitions The Service help desk shall assign a severity to all problems submitted by Customer in accordance with the following: Severity 1: The Service is down or there is a critical impact to the Customer s business operation. Customer and Cisco will commit full-time resources to resolve the situation. Severity 2: Operation of the Service is severely degraded, or significant aspects of the Customer s business operation are being negatively impacted by a Service degradation. Cisco and Customer will commit full-time resources during Standard Business Hours (defined below) to resolve the situation. Severity 3: Operational performance of the Service is impaired while most business operations remain functional. Cisco and Customer are willing to commit reasonable resources during Standard Business Hours to restore Service to satisfactory levels. Severity 4: Information or assistance is required on the Service s capabilities, installation, or configuration. There is clearly little or no impact to the Customer s business operation. Cisco and Customer are willing to provide resources during Standard Business Hours to provide information or assistance as requested. For the purposes of this Technical Support Section: Business Days means the generally accepted days of operation per week within the relevant region where the Service is provided, excluding local holidays. Local Time means Central European Time for the Service provided in Europe/Middle- East/Africa; Australia's Eastern Standard Time for the Service provided in Australia/New Zealand; Japan s Standard Time for the Service provided in Asia Pacific; and United States Pacific Standard Time for the Service provided in all other locations. Standard Business Hours means 8:00 AM to 5:00 PM, Local Time at location, on Business Days. Escalation Process Customers should engage the below contacts when an issue requires escalation. Severity 1 escalation times are measured in calendar hours - 24 hours per day, 7 days per week. Severity 2, 3, and 4 escalation times correspond with Standard Business Hours. Elapsed Time Severity 1 Severity 2 Severity 3 Severity 4 1 hour Customer Support 4 hours Customer Customer Support Support Manager 24 hours Customer Support Manager 72 hours Customer Support Customer Support 96 hours Customer Support Manager Customer Support Manager

11 Page 11 of 1 -ooo-