The Vendor is required to provide managed security services to deliver services consisting of but not limited to:
• Managed detection and response services
• Determining cause/origin, impact, and approximate severity of potential security events including timelines of events and systems affected.
• Monitoring and identification of logs and network traffic for security incidents
• Managed SIEM functionality including environment specific tuning and rule development
• Analysis and investigation of potential threats
• Delivery of alerts to university security staff
• Consultation to university information security staff as needed to assist with and/or advise on threat remediation
• Consultation with university security and technical staff to determine the appropriate systems, logs, alerts, and other information to be included for processing as part of the service offering.
• Produce artifacts used to satisfy requests from various audit entities
• Internal vulnerability scanning and reporting
• Routine network enumeration
• Customer Visibility (e.g. Dashboards/SIEM console)
• Compatibility with existing university infrastructure, including Cisco, Aruba, Palo Alto, Microsoft Defender, Windows Server, Linux, Azure AD/Entra ID, VMWare
- Monitoring, Logging and Alerting
• Provide an overview of your company’s managed detection and response services and capabilities.
• Provide detail on tools and processes used by your company to determine cause/origin, impact, and approximate severity of potential security events including timelines of events and systems affected.
• Provide detail on tools and processes used by your company for monitoring and identification of logs and network traffic for security incidents.
• Provide detail on the SIEM product used by your company and how you perform tuning and rule development specific to each customer organization and industry sector.
• Provide detail on tools and processes used by your company during analysis and investigation of potential threats.
• Provide detail on how your company delivers alerts to customer organizations.
• Provide detail on how your company is able to consult with university information security staff as needed to assist with and/or advise on threat remediation.
• Provide detail on how your company is able to consult with university security and technical staff to determine the appropriate systems, logs, alerts, and other information to be included for processing as part of the service offering.
- Miscellaneous
• This may include but is not limited to raw customer logs, details of security events, and evidence of your company’s internal information security controls. Please provide details.
• Provide detail on tools and processes used by your company for vulnerability scanning and reporting of customers’ internal networks.
• Provide detail on tools and processes used by your company for routine network enumeration and reporting of customers’ internal networks.
- Contract Period/Term: 2 years