Cyber Security Services

The Vendor is required to provide a comprehensive, managed detection and response (MDR) service that enhances the Agency’s cybersecurity posture to a proactive state of monitoring and responding to security vulnerabilities and incidents.
- Currently operates:
•    On-premises infrastructure
•    Private cloud infrastructure
•    Microsoft 365 environment
- The selected SOC provider must deliver a flexible solution capable of monitoring hybrid environments (on-premises, private cloud, and SaaS/cloud-based systems).
- The solution shall support regulatory compliance requirements and provide tunable detection capabilities to minimize false positives and false negatives.
- Provide, but not limited to:
•    Implementation Plan(s);
•    Onboarding & Integration Plan(s);
•    Incident Response Playbook(s);
•    Monthly Security Operations Report(s);
•    Quarterly Executive Summary
•    Vulnerability Assessment Report(s);
•    Annual Program Review(s);
- Security Monitoring & Log Management
•    24x7x365 real-time monitoring
•    Centralized log ingestion and correlation
•    Monitoring of:
o    Windows and Linux servers
o    Network equipment
o    Wireless infrastructure
o    Firewalls
o    Endpoint systems
o    Microsoft 365
o    Private cloud infrastructure
•    Minimum of twelve (12) months log retention
•    Secure storage of logs within U.S.-based datacenters
- Threat Detection & Analytics
•    AI/ML-based behavioral analytics
•    Threat intelligence integration
•    Proactive threat hunting
•    Detection rule tuning and optimization
•    False positive/false negative reduction processes
•    Event correlation across hybrid environments
- Incident Response & Remediation
•    24x7 monitoring and alerting
•    Defined response playbooks
•    Incident triage and classification
•    Escalation procedures
•    Remote containment and remediation support
•    Root cause analysis reporting
•    Post-incident recommendations
- Vulnerability Management
•    Continuous vulnerability scanning
•    Risk-based prioritization
•    Monthly vulnerability reporting
•    Remediation tracking
- Reporting & Compliance Support
•    Monthly operational reports
•    Executive dashboard reporting
•    Incident metrics and SLA reporting
•    Audit support documentation
•    Support for Texas regulatory oversight and state audit inquiries
- Service Level Requirements
•    24x7x365 monitoring
•    Defined alert acknowledgment SLAs
•    Escalation matrix
•    Quarterly security review meetings
•    Named technical account manager
- Agency Environment Overview
•    850 Microsoft Office 365 users
•    38 Virtual Servers
•    2 Wireless Controllers
•    38 Wireless Access Points
•    Up to 30 Network Devices
•    Hybrid on-premises and private cloud infrastructure.