Email Security Solution

The vendor is required to provide for centralized security solutions that protect the county from threats originating from both inside and outside of the county, and services 135,000 user and shared email boxes, distributed across multiple departments, each with its own subdomain(s) for eighteen months (18).
- Secure Email Gateway Requirements:
• Handling On-Premises and Cloud-Based Email Security (Flexibility in Deployment): The solution must support deployment in both on-premises and cloud environments; provide details of the deployment models (cloud-based, on-premises, and hybrid).
• The system must be capable of supporting 135,000 user mailboxes with provisions for further expansion.
• The system must ensure the ability to process 2 million emails daily with high throughput and minimal latency.
• The system must ensure the ability to process up to 2 million emails per hour during emergency peak times.
• The solution must be highly available (24x7x365) and guarantee system uptime with a minimum of 99.999% with comprehensive failover solutions.
• The solution must include redundant components and seamless disaster recovery capabilities to maintain continuity in all scenarios.
• The solution must provide flexible deployment models such as cloud - based, on -premises, and hybrid. • The solution must be fully compatible with the existing IT infrastructure of County such as Cisco CES, Cisco IronPort, Microsoft Windows Defender, and Abnormal Security to accommodate various operational needs without significant modifications. • The solution must implement AES 256 -bit encryption for data at rest and TLS 1.3 for data in transit.
• The solution must employ robust, state -of-the -art firewall and intrusion prevention systems to safeguard all ingress and egress points.
• The solution must use comprehensive identity and access management (IAM) controls to ensure secure access to email management functions.
• The solution must provide highly effective spam detection mechanisms.
• The solution must offer 99% anti - spam protection with 0.0001 % false positives.
• The solution must provide customizable spam filtering policies to adapt to organizational needs.
• The solution must include mechanisms for admins to report false positives and false negatives in order to improve detection accuracy.
• Mechanisms to report false positives and false negatives should not be limited to submission by email only and should include additional mechanisms such as File Transfer Protocol (FTP).
• The solution must have the capability to assess the reputation of sender domains in real -time using multiple reputation sources.
• The solution must utilize threat intelligence feeds and historical data, to determine the reputation of sender domains.
• The reputation assessment should consider factors such as the sender's history of spam, phishing, and malware distribution, as well as their compliance with email authentication protocols such as Sender Policy Framework (SPF ), Domain Keys Identified Mail (DKIM ), and Domain -based Message Authentication, reporting, and Conformance (DMARC).
• The solution must provide configurable policies to filter, quarantine, or reject emails based on the sender domain's reputation score.
• The solution must allow administrators to set threshold values for different actions (e.g., quarantine if the reputation score is below a certain level, reject if it is even lower).
• The solution must support customizable reputation scores for different domain categories (e.g., newly registered domains, high -risk domains).
•The solution must integrate with global threat intelligence feeds and continuously update domain reputation data to ensure accurate assessments.
• The solution must allow for the creation of reports such as CSV, PDF, Excel and HTML at minimum which include metrics such as the number of emails filtered by reputation, top offending domains, and trends over time.
• The solution must allow for the creation of custom reports and dashboards to track domain reputation -related incidents.
•The solution must allow administrators to manually override domain reputation assessments and whitelist or blacklist specific domains.
• The solution must provide a user - friendly interface for managing reputation -based filtering policies and viewing reputation scores.
• The solution must ensure that all data related to domain reputation assessments and filtering actions are encrypted and secured such as AES 256 -bit encryption for data at rest and TLS 1.3 for data in transit. • The solution must comply with relevant data privacy and protection regulations such as the Criminal Justice Information Services (CJIS) Security Policy and Health Insurance Portability and Accountability Act (HIPAA). Additionally, the solution must adhere to the Payment Card Industry Data Security Standard (PCI -DSS) and align with the ISO/IEC 27001:2022 security framework and National Institute of Standards and Technology (NIST) Cybersecurity Framework (NIST CSF).
• The solution must provide dynamic, real -time analysis of URLs embedded within email content to detect and prevent phishing and malware threats.
• The solution must utilize threat intelligence to assess the safety of URLs.
• The solution must be capable of analyzing shortened URLs and redirect chains to their final destination.
• The solution must be capable of blocking script -based URLs associated with known Common Vulnerabilities and Exposures (CVE) s.
• The solution must automatically block access to malicious or suspicious URLs detected within emails.
• The solution must provide configurable policies for handling emails containing malicious URLs, including quarantine, rejection, or tagging with warning messages.
• The solution must allow for customizable URL filtering policies based on user roles, departments, and threat levels.
• The solution must provide notifications to users and administrators when an email is flagged for containing a malicious URL.
• Notifications must include detailed information about the detected threat and recommended actions. • The solution must offer comprehensive logging and reporting of all URL filtering actions, including details of detected threats and the actions taken.
• The solution must support the generation of custom reports and dashboards to monitor URL -based threats and filtering effectiveness.
• The solution must integrate seamlessly with existing web security solutions to provide a unified approach to URL filtering and web threat protection.
• The solution must support API - based integration with third -party threat intelligence platforms such as Cisco CES, Cisco IronPort, Microsoft Windows Defender, and Abnormal for enhanced URL threat detection.
• The solution must provide URL - rewriting capabilities to enhance security by redirecting URLs embedded in emails through a secure gateway for real -time analysis.
• The solution must modify URLs in email content to point to a secure proxy or gateway.
• When users click on rewritten URLs, the solution must perform real -time analysis to check for threats or malicious content.
• Based on the analysis, the solution must either allow access to the original URL, block it, or provide a warning to the user.
• The solution must provide comprehensive logging and monitoring of all URL clicks and access decisions.
• The solution must support customizable URL -rewriting policies based on organizational requirements.
• The solution must offer detailed reporting and analytics on URL - rewriting activities, including: Visibility of user ID/email address; URL -based search that lists all users who clicked the URL; Ability to identify URL origin email
• Metrics on the number of URLs rewritten, blocked, or allowed.
• The solution must provide real -time scanning of all incoming and outgoing email content, attachments, and URLs to identify and block new and emerging threats.
• The solution must integrate with global threat intelligence feeds and continuously update its threat detection mechanisms based on the latest threat data.
• The solution must provide automated investigation and response actions, including automatically removing malicious messages, quarantining threats, blocking harmful content, and tagging suspicious emails for further review.
• The solution must support customizable response policies based on threat severity and organizational requirements.
• The solution must provide real -time alerts such as email, text and call at minimum to users and administrators when a threat is detected.
• Alerts must include detailed information about the detected threat, its severity, and recommended mitigation actions.
• The solution must offer comprehensive monitoring and reporting tools to track real -time threat detection and response activities.
• The solution must support the generation of custom reports and dashboards to analyze threat trends and the effectiveness of real -time protection measures.
• The solution must be capable of identifying and mitigating Distributed Denial of Service (DDoS) email attacks, including protection against email -based Distributed Denial of Service attacks that involve the mass influx of malicious or unsolicited emails.
• The solution should provide automated defenses such as rate limiting, connection throttling, and dynamic filtering to prevent service disruption and ensure continued availability of the email system during an attack.
• The solution must include image analysis capabilities to detect and block emails containing malicious content.
• The solution must provide a way to trace threats by displaying a risk score for each person based on their vulnerability, attack exposure, and IT privileges.
- Antivirus and Anti -malware
• The solution must provide dual -layer antivirus and anti -malware protection to detect, and block known and unknown threats.
• The first layer must utilize signature - based scanning to detect, and block known malware based on virus definitions.
• The second layer must employ heuristic analysis and behavioral detection to identify and mitigate unknown or zero -day threats.
• The solution must incorporate file reputation analysis to enhance malware detection accuracy.
• The solution must support deep content inspection to analyze embedded objects, compressed files, and multi -layered attachments (i.e. HTML smuggling)
• The solution must allow file attachment blocking by file type.
• The solution must be capable of blocking script -based attachments associated with known Common Vulnerabilities and Exposures (CVE) s.
• The solution must ensure that virus definitions and heuristic rules are regularly updated to ensure protection against the latest threats.
• The solution must support automatic updates from multiple threat intelligence sources to maintain up - to -date protection.
• The solution must provide quarantine capabilities for suspected malware -infected emails, allowing for safe review and analysis.
• The solution must include automated remediation actions to remove or neutralize detected threats.
• The solution must offer comprehensive logging and reporting of all antivirus and anti - malware activities, including details of detected threats and remediation actions taken.
• The solution must support the generation of custom reports and 12 dashboards to monitor malware detection trends and the effectiveness of protection measures.
- Multi -Layered Scanning
• The solution must utilize multiple scanning engines to provide thorough analysis and detection of threats in incoming and outgoing emails.
• The solution must support integration with various antivirus, anti -malware, and advanced threat detection engines to ensure comprehensive threat coverage.
• The solution must allow administrators to configure and prioritize different scanning engines based on organizational requirements and threat profiles.
• The solution must support real -time scanning and automated response actions for detected threats.
• The solution must offer comprehensive logging and reporting on multi -layered scanning activities, including metrics on the performance and effectiveness of each scanning engine.
• The solution must support the generation of custom reports and dashboards to monitor threat detection trends and the effectiveness of protection measures.
- Contract Period/Term: 2 years