The vendor is required to provide for managed cybersecurity services as part of its managed cybersecurity center initiative.
- Provide security information and event management (SIEM), managed detection and response (MDR), and security operations center (SOC) services integrated with the district’s existing Fortinet-based cybersecurity infrastructure.
- District’s enterprise network and data environment and the funding limitations of the cybersecurity pilot program, this solution will focus on critical network and data infrastructure with a secondary plan for coverage of the entire network and data infrastructure when additional funding can be secured.
- Solution will include a SIEM that aggregates data from critical infrastructure elements, including, but not limited to, firewalls, servers, routers, switches, applications, and endpoint devices.
- An MDR/SOC team will monitor the SIEM 24/7/365 and respond to critical threats.
- The MDR/SOC will be responsible for log management and retention, threat analysis, threat management, vulnerability management, threat response, event notification, and incident management and response using best practices such as mitreatt&ck and CIPA guidelines.
- The MDR/SOC will be responsible for log management and retention, threat analysis, threat management, vulnerability management, threat response, event notification, and incident management and response using best practices such as mitreatt&ck and CIPA guidelines.
- Security operations center (SOC) services must provide:
• 24/7/365 log, event, alerting, and system monitoring
• 24/7/365 real-time security monitoring, alerting, and escalation
• 24/7/365 automated active threat response containment actions
• 24/7/265 threat analysis and investigation
• 24/7/365 threat management
• 24/7/365 threat response
• 24/7/365 incident management and incident response
• 24/7/365 direct contact and support with districts managed cybersecurity center
• Real-time security monitoring, alerting, and escalation
• Proactive threat hunting and investigation
• Security threat and event notifications
• Remediation recommendations for threats and events
• Dedicated security analysts available for consultation
• Log retention for a minimum of one year, and provide pricing options for additional one-year periods for up to five years
• Support for incident response and mitigation
• Must be capable of or scalable to providing managed detection and response for the district’s overall school system network of 85,000+ endpoints
- Security solutions for perimeter, endpoint, and identify including:
• Fortigate firewalls
• FortiXDR
• FortiAnalyzer
• Active directory
• Entra
• Imperva
• Ability to integrate with Qualys
- Security information and event management (SIEM) & security automation capabilities: to enhance threat detection and response, the supplier’s SIEM and MDR solution must include security automation and orchestration capabilities that:
• Automate incident response actions
• Provide a cloud-based dedicated SIEM instance with full access to search all logs, events, review detection rules enables, and utilize dashboards for visibility and reporting
• SIEM must provide resiliency across multiple cloud zones
• SIEM must provide an artificial intelligence (AI) assistant capable of providing accurate information.
• Please indicate the capabilities of your AI functionality.
• SIEM must provide one year online searchable log storage
• SIEM must support predefined response workflows (playbooks) to automatically act on specific threat scenarios
• SIEM must enable automated containment actions such as blocking malicious IPS, isolating compromised endpoints, and disabling user accounts in case of security breaches
• SIEM must be capable of or scalable to provide threat detection for the district’s overall school system network of 85,000+ endpoints
- Enhance security event correlation must:
• Provide automated threat enrichment by integrating external threat intelligence sources with SIEM-generated alerts
• Automate the correlation of multiple security alerts to reduce false positives and identify attach patterns faster
- Streamline security operations must:
• Provide custom security dashboards for real-time monitoring and analytics, tailored to district’s security operations.
• Please describe the available dashboards included in your system/solution
• Ensure role-based access controls for viewing and managing security alerts, incidents, and compliance metrics
• Support integration with existing Fortinet tools (e.g., FortiAnalyzer) for a unified security monitoring experience
• Offer case management functionality for tracking security incidents and collaboration between security analysts
• Support automated reporting and compliance documentation generation to reduce administrative overhead.
• provide weekly, monthly, and quarterly reports and an annual rolled-up report on:
1. Incident detection and response times
2. Vulnerability management progress including risk-based prioritization and remediation timelines
3. Compliance tracking metrics to ensure alignment with acts.
4. Reports shall be submitted in unprotected MS word and excel format
5. Other as required by the district
• Integrate with district’s existing security infrastructure must:
1. Seamlessly work with district’s Fortinet-based cybersecurity stack, including FortiAnalyzer, Fortigate, and FortiEDR
2. Support integration with vulnerability management tools such as Qualys for risk-based remediation prioritization
3. Support all manufacturers currently supported version levels.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: June 5, 2025
