The Vendor is required to provide web application and API protection solution for include:
• API protection covers discovering APIs and defending them from exploitation through runtime.
• Web application firewall (WAF) feature that monitors and protects http/s traffic to and from a web application, protecting it from attacks like SQL injection or cross-site scripting (XSS).
• Mitigation to protect applications from being overwhelmed by malicious traffic.
• Intrusion prevention system capability that proactively monitors and blocks malicious network traffic.
• Bot mitigation to detect and control automated, often malicious, traffic that targets web applications with campaigns like credential stuffing, inventory hoarding, and data scraping.
• A single, web-based interface to view, manage and report on all events
• Robust notification engine that can send real-time alerts
• Vendor-agnostic support of different platforms
• Integration with third-party threat intelligence feeds
• Ability to export logs and integrate with SIEM
• 24x7 enterprise- grade technical support with defined escalation paths and SLA’s based on severity
• Ability to integrate with service now for creation of tickets and vulnerability tracking
• The system shall provide industry-standard data encryption in transit and at rest, support, secure single-on using modern authentication protocols, and maintain current SOC 2 type ii or equivalent security certifications with documentation available to agency upon request.
• The system shall provide documented and restorable application configuration, support reliable backup and archive processes, and maintain a comprehensive disaster recovery/business continuity strategy with clearly.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.