Service Catalog

Your Service Catalog is the foundation of value translation in LanternOps - it defines what services you offer, and our AI/RAG system automatically maps them to compliance framework controls.

What Is the Service Catalog?

The Service Catalog is your complete menu of MSP services that you offer to customers. Each service includes:

• Service Name - What you call it
• Description - What it does
• Features - Specific capabilities included
• Value Proposition - Business outcomes delivered
• Integration Requirements - Data sources needed for evidence
• Pricing - Monthly/annual cost

Key Insight: You define services in business language, and LanternOps automatically understands how they satisfy compliance controls through semantic AI.

How Automatic Mapping Works

The Intelligence Layer: RAG System

LanternOps uses RAG (Retrieval-Augmented Generation) to semantically understand your services and map them to framework controls.

No manual configuration required.

Example: Asset Management Service

You Create:

Service Name: Complete Asset Management

Description: Automated asset discovery and tracking via NinjaOne
and Syncro with real-time inventory updates, hardware lifecycle
management, and warranty tracking.

Features:
- Automated device discovery
- Real-time inventory updates (every 15 minutes)
- Hardware age and warranty tracking
- EOL operating system detection
- Network visibility and mapping

Value Proposition: Maintain audit-ready asset inventory, identify
aging hardware before failure, ensure compliance with asset
management requirements.

Integration Requirements: NinjaOne, Syncro

RAG Automatically Maps To:

✅ CIS 1.1 - Establish and Maintain Detailed Enterprise Asset Inventory
✅ CIS 1.2 - Address Unauthorized Assets
✅ CIS 1.5 - Use a Passive Asset Discovery Tool
✅ NIST ID.AM-1 - Physical devices and systems are inventoried
✅ NIST ID.AM-2 - Software platforms are inventoried
✅ CMMC AC.1.001 - Limit system access to authorized users
✅ HIPAA 164.310(d)(1) - Device and media controls
✅ SOC 2 CC6.1 - Logical and physical access controls
✅ PCI DSS 2.2.1 - Configuration standards for system components

How RAG Does This:

1. Semantic Understanding - RAG analyzes service description using AI embeddings
2. Control Matching - Compares service semantics to all 618 framework controls
3. Confidence Scoring - Returns matches with confidence levels (e.g., 95% match)
4. Context Awareness - Considers integration data, features, and value proposition

Result: ONE service satisfies 9+ controls across 6 frameworks automatically.

Creating Your Service Catalog

Step 1: List Your Services

Start with the services you actually offer:

Security Services:

• EDR/Endpoint Protection (Huntress, SentinelOne)
• Email Security (Avanan, Proofpoint, Mimecast)
• DNS Filtering (NextDNS, Cisco Umbrella)
• Password Management (Keeper, 1Password)
• Advanced MFA (Microsoft Entra, Duo)
• SIEM/Security Monitoring

Infrastructure Management:

• Complete Asset Management
• Patch Management (Windows, third-party applications)
• Remote Monitoring & Management
• Server Management
• Network Management
• Cloud Infrastructure Management (Azure, AWS)

Backup & Recovery:

• Workstation Backup
• Server Backup
• Microsoft 365 Backup
• Disaster Recovery Planning
• Business Continuity Services

Compliance Programs:

• HIPAA Compliance Program
• SOC 2 Preparation & Audit Support
• CMMC Compliance Program
• PCI DSS Compliance Program
• Cyber Insurance Compliance

Help Desk & Support:

• 24/7 Help Desk
• Desktop Support
• VIP Support (executive tier)

Step 2: Define Service Details

For each service, provide:

Required Fields:

• Name - Clear, descriptive
• Description - What it does (2-3 sentences)
• Features - Bulleted list of capabilities

Optional But Recommended:

• Value Proposition - Business outcomes
• Integration Requirements - Data sources
• Pricing - Per-user, per-device, or flat rate
• Service Level - Response times, uptime commitments

Step 3: AI Mapping Happens Automatically

Once you save a service:

1. RAG Indexing - Service is added to vector database
2. Semantic Analysis - AI analyzes description and features
3. Control Mapping - Matches to relevant framework controls
4. Confidence Scoring - Assigns match strength (0-100%)
5. Evidence Linking - Connects to integration data sources

No additional configuration needed.

Step 4: Review Automatic Mappings

View which controls each service satisfies:

Service: Complete Asset Management

Mapped Controls (9):
✅ CIS 1.1 (96% confidence)
✅ CIS 1.2 (89% confidence)
✅ NIST ID.AM-1 (94% confidence)
✅ NIST ID.AM-2 (91% confidence)
✅ CMMC AC.1.001 (78% confidence)
✅ HIPAA 164.310(d)(1) (85% confidence)
✅ SOC 2 CC6.1 (72% confidence)
✅ PCI DSS 2.2.1 (81% confidence)

Evidence Sources:
→ NinjaOne Integration (147 assets tracked)
→ Syncro Integration (last sync 2 hours ago)

You can review mappings, but typically no changes needed - RAG is accurate.

Service Examples

Example 1: EDR Protection

Service Name: Huntress EDR Protection

Description: 24/7 managed endpoint detection and response using
Huntress platform with real-time threat monitoring, automatic malware
removal, and SOC analyst support. Protects against ransomware,
advanced threats, and zero-day attacks.

Features:
- Real-time endpoint threat detection
- Automated malware remediation
- Ransomware rollback capability
- Persistent footholds detection
- 24/7 SOC analyst monitoring
- Threat intelligence updates
- Incident response support

Value Proposition: Prevent ransomware attacks, detect advanced
threats missed by traditional antivirus, reduce incident response
time from hours to minutes, satisfy EDR compliance requirements.

Integration Requirements: Huntress

Pricing: $5/endpoint/month

Automatic Mappings:

✅ CIS 10.1 - Deploy and Maintain Anti-Malware Software
✅ CIS 10.5 - Enable Anti-Exploitation Features
✅ CIS 10.7 - Use Behavior-Based Anti-Malware
✅ NIST PR.PT-1 - Audit/log records are determined
✅ NIST DE.CM-4 - Malicious code is detected
✅ CMMC SC.2.170 - Employ cryptographic mechanisms
✅ HIPAA 164.312(b) - Audit controls
✅ SOC 2 CC7.2 - System monitoring detects incidents
✅ PCI DSS 5.1 - Deploy anti-malware solution

Example 2: Advanced Email Security

Service Name: Advanced Email Security (Avanan)

Description: AI-powered email security using Avanan with real-time
phishing detection, malware scanning, business email compromise
prevention, and DMARC/SPF/DKIM configuration. Protects Microsoft
365 email against advanced threats.

Features:
- Real-time phishing detection
- Malware and ransomware scanning
- Business email compromise (BEC) prevention
- DMARC, SPF, DKIM implementation
- Link protection and URL rewriting
- Attachment sandboxing
- Email encryption (when needed)
- User security awareness alerts

Value Proposition: Block phishing and ransomware before reaching
users, prevent business email compromise, satisfy email security
compliance requirements, reduce user training burden.

Integration Requirements: Avanan, Microsoft Graph

Pricing: $3/user/month

Automatic Mappings:

✅ CIS 9.1 - Ensure Use of Only Approved Email Services
✅ CIS 9.2 - Ensure Use of Only Approved Collaboration Tools
✅ CIS 9.7 - Deploy and Maintain Email Server Anti-Malware
✅ NIST PR.AC-7 - Users are authenticated
✅ NIST PR.DS-5 - Protections against data leaks
✅ CMMC SC.2.179 - Use encrypted sessions
✅ HIPAA 164.312(e) - Transmission security
✅ SOC 2 CC6.1 - Logical access controls
✅ PCI DSS 4.2.1 - Strong cryptography for transmissions

Example 3: Backup & Disaster Recovery

Service Name: Enterprise Backup & Disaster Recovery

Description: Comprehensive backup and disaster recovery for servers,
workstations, and Microsoft 365 data using Veeam and Datto. Includes
daily backups, quarterly restore testing, documented recovery
procedures, and RPO/RTO commitments.

Features:
- Daily automated backups (servers, workstations, M365)
- Immutable backup storage (ransomware protection)
- Quarterly restore testing (documented)
- 4-hour RPO (Recovery Point Objective)
- 8-hour RTO (Recovery Time Objective)
- Offsite backup replication
- Disaster recovery runbooks
- Business continuity planning

Value Proposition: Protect against ransomware and data loss, ensure
business continuity, meet backup compliance requirements, demonstrate
recoverability through testing.

Integration Requirements: Veeam, Datto

Pricing: $25/server/month + $5/workstation/month

Automatic Mappings:

✅ CIS 11.1 - Establish and Maintain Data Recovery Process
✅ CIS 11.2 - Perform Automated Backups
✅ CIS 11.3 - Protect Recovery Data
✅ CIS 11.4 - Establish and Maintain Isolated Instance
✅ CIS 11.5 - Test Data Recovery
✅ NIST PR.IP-4 - Backups are conducted
✅ NIST RC.RP-1 - Recovery plan is executed
✅ CMMC CP.2.009 - Conduct backups
✅ HIPAA 164.308(a)(7) - Contingency plan
✅ SOC 2 A1.2 - System availability
✅ PCI DSS 12.10.1 - Incident response plan

Service Features vs. Add-Ons

You can structure services with base features and optional add-ons:

Example: Tiered Asset Management

Basic Asset Management - $2/endpoint/month
- Automated discovery via RMM
- Weekly inventory updates
- Basic hardware tracking

Complete Asset Management - $3/endpoint/month
- Everything in Basic, plus:
- Real-time updates (15-minute sync)
- Hardware lifecycle tracking
- Warranty expiration alerts
- EOL OS detection
- Network mapping

Premium Asset Management - $5/endpoint/month
- Everything in Complete, plus:
- Hardware refresh project planning
- Automated replacement workflows
- Budget forecasting
- Executive reporting

RAG Handles This: Different tiers map to different control subsets based on features.

Customer Subscriptions

Once your catalog is defined, assign services to customers:

Assignment Methods

1. Manual Assignment

Customer Profile → Services → Add Service
Select: "Complete Asset Management"
Quantity: 147 endpoints
Status: Active

2. Service Templates

Create Template: "Healthcare Essentials"
Includes:
- Complete Asset Management
- Advanced Email Security
- EDR Protection
- Backup & DR
- HIPAA Compliance Program

Apply to: All healthcare customers

3. Automatic Detection (Coming Soon)

Integration data suggests customer needs:
→ 147 endpoints without EDR (recommend Huntress)
→ No email security detected (recommend Avanan)

Service Status

Track service delivery status:

• Active - Currently providing service, evidence collecting
• Pending - Sold but not yet deployed
• Suspended - Temporarily paused
• Cancelled - No longer providing

Evidence Collection

Services are linked to integrations for automatic evidence:

Evidence Flow

Service: EDR Protection (Huntress)
  ↓
Integration: Huntress API
  ↓
Data Collected:
- Agent deployment status (147/147 active)
- Threats detected and blocked
- Remediation actions taken
- Agent health checks
  ↓
Evidence Status: ✅ Collecting (last sync: 1 hour ago)
  ↓
Controls Satisfied:
- CIS 10.1: SATISFIED (96% confidence)
- NIST DE.CM-4: SATISFIED (94% confidence)

Integration Requirements

When creating services, specify required integrations:

Service: Complete Asset Management
Required Integrations: NinjaOne OR Syncro

Service: Advanced Email Security
Required Integrations: Avanan AND Microsoft Graph

Service: EDR Protection
Required Integrations: Huntress OR SentinelOne OR CrowdStrike

RAG Uses This: Evidence collection only happens when required integrations are active.

Service Value Metrics

Each service tracks business value delivered:

Automatic Metrics

LanternOps calculates:

Compliance Value:

• Controls satisfied
• Audit preparation hours saved
• Framework coverage percentage

Security Value:

• Threats blocked
• Incidents prevented
• Potential breach cost avoided

Operational Value:

• Downtime prevented
• Failures detected early
• Time saved on manual tasks

Example: Complete Asset Management

Service Value Delivered (Last 90 Days)

Compliance:
✅ 9 controls satisfied across 6 frameworks
⏱️ 40 hours audit prep time saved
📋 Audit-ready asset inventory maintained

Operational:
🔍 12 aging devices identified before failure
💰 $22,500 hardware refresh project scoped
⚠️ 5 warranty expirations caught proactively

Business Impact:
ROI: $6,000 in audit savings + $22,500 opportunity
Customer Satisfaction: Visible proof of proactive management

Service Catalog Best Practices

1. Use Clear, Customer-Friendly Names

Good:

• “Complete Asset Management”
• “Advanced Email Security”
• “24/7 EDR Protection”

Avoid:

• “RMM Asset Discovery Module”
• “Mail Gateway Service”
• “Endpoint Agent Deployment”

2. Focus on Outcomes, Not Tools

Good:

Description: Protect against ransomware and advanced threats with
real-time monitoring and automatic remediation.

Avoid:

Description: Huntress agent deployment with API integration.

3. Include Specific Features

Good:

Features:
- Real-time threat detection
- Automated malware removal
- 24/7 SOC analyst support
- Ransomware rollback

Avoid:

Features:
- Endpoint protection
- Monitoring

4. Connect to Business Value

Good:

Value Proposition: Prevent ransomware attacks (avg cost: $200K),
satisfy cyber insurance EDR requirements, reduce incident response
time from hours to minutes.

Avoid:

Value Proposition: Good security.

Service Catalog Reports

Coverage Analysis

See which services satisfy the most controls:

Top Services by Control Coverage:

1. Complete Asset Management - 9 controls
2. EDR Protection - 8 controls
3. Advanced Email Security - 7 controls
4. Backup & DR - 6 controls
5. Patch Management - 6 controls

Customer Coverage

See which customers have which services:

Service: EDR Protection

Deployed: 42 customers (68%)
Not Deployed: 20 customers (32%)

Revenue Opportunity: 20 × $735/month = $14,700 MRR

Framework Coverage

See which frameworks your catalog supports:

Your Service Catalog Framework Coverage:

CIS Controls: 87/149 controls (58%)
NIST CSF: 61/103 controls (59%)
CMMC: 42/110 controls (38%)
HIPAA: 52/63 controls (83%)
SOC 2: 38/52 controls (73%)
PCI DSS: 34/141 controls (24%)

Recommendation: Add PCI-focused services (payment security)

Next Steps

1. View Compliance Frameworks - See what controls your services can satisfy
2. Configure Integrations - Connect evidence sources
3. Identify Revenue Opportunities - Find service gaps
4. Enable Customer Portal - Show value to customers

Questions?

• How accurate is automatic mapping?
• What if I have custom services?
• Contact Support