FIRN Secure Internet Bundled Services:
|
|
- Eustace Miles
- 7 years ago
- Views:
Transcription
1 FIRN INTERNET SECURITY BUNDLE SERVICES AND NEW ADVANCED SECURITY OPTIONAL SERVICES (New Services and Prices Available July 1, CSAB Orders can be placed as early as March 1, 2014) Ethernet Bandwidth Erate Eligible Cost Priority 1 Bundled Cost - Core + Access + CPE + Basic Firewall Security FIRN Secure Internet Bundle* Monthly Pricing - Table 1.0 DMS Admin Fee Total For Basic Internet & Security Non-Erate Eligible Additional Cost for Advanced Security and Content Filtering and URL blocking 10 Mbps $1, $78.47 $1, $ Mbps $2, $ $2, $ Mbps $2, $ $2, $ Mbps $3, $ $3, $ Mbps $4, $ $4, $ Mbps $5, $ $5, $1, Mbps $5, $ $6, $1, Mbps $6, $ $6, $1, Mbps $6, $ $6, $1, Mbps $6, $ $7, $2, Mbps $6, $ $7, $2, Mbps $6, $ $7, $2, Mbps $10, $ $11, $4, Mbps $15, $1, $16, $6, Mbps $22, $1, $24, $9, *Not available in all FIRN service areas. Engineering evaluation required to determine availability. DMS will generate a service availability inquiry once a CSAB order is received or upon customer request. FIRN Secure Internet Bundled Services: Secure Internet Services: Secure Internet Services for end users are Services combined with a cloud-based basic firewall protection, using a uniform approach and tools, against unauthorized use and access. Page 1 of 12
2 FIRN Secure Internet includes: a) Internet Access b) Local Transport Facilities c) Premise Router d) Cloud Based Basic Firewall Service The cloud-based basic firewall provides the following security functions for all virtual contexts: a) The Sandbox Analyzer to identify and analyze targeted and unknown files for malicious behaviors. It shall generate and automatically deliver protection for newly discovered malware via signature updates. Signature update delivery shall include integrated logging/reporting. b) Geo Blocking to prevent network based access to internal resources by blocking based on geographic location. c) Application Blocking to identify and block unwanted applications without regard to the port they are using for communication. d) Security Information and Event Management (SIEM): Secure Internet Services will include detailed information provided by the MyFloridaNet QRadar tool. DMS and each Secure Internet Services end user will receive two QRadar login accounts allowing them accurate, correlating information regarding network flows (500:1 sampling), session data, packet captures, reputation white/black listing and endpoint system vulnerability results providing the maximum amount of detail to traffic traversing their network connection. This access shall give Secure Internet Services end users visibility into their Internet connection activity, virtual activity, user activity and application activity, giving them intelligence into their FIRN Secure Internet connection. The cloud-based firewall will provide the following optional more advanced security functions for all virtual contexts subscribing to the Advanced Security and Content Filtering service at the pricing listed in the second column of Table 1.0. a) NextGeneration IPS & IDS: By proactively applying deep packet and application inspection of network activity at the border of the FIRN and the internally protected zones, service will provide better analysis and overall security for each FIRN Organization. Automated correlation and Intrusion Analysis by this service will provide notifications of suspected unauthorized network activity and has the ability to prevent the activity from ever reaching the end user s internal network. This feature is part of the advanced cloud-based firewall deployment. b) Malware & Anti-Virus detection: This service feature provides real time antivirus and anti-malware protection. End users will have the ability to automatically take action on malicious files currently in transport across the network. This feature will block unwanted malware and viruses at our edge devices before they consume Internet bandwidth or threaten the local network and ultimately desktop endpoint systems users depend on to access the Internet. This feature is part of the advanced cloud-based firewall deployment. c) Next Generation Content Filtering/URL Blocking is enabled upon request. This service helps End users enforce their protection policies and block inappropriate, Page 2 of 12
3 illegal, and dangerous web content. It will have the ability to block multiple categories of objectionable web content, providing the necessary combination of control and flexibility to protect important resources. The service will deliver sophisticated reporting and visually descriptive monitoring through dashboards, graphs, charts, and data search functionality. This feature is part of the advanced cloud-based firewall deployment. FIRN Help Desk a) FIRN Secure Internet includes access to our standard FIRN helpdesk to provide assistance directly to FIRN end users to answer questions related to all FIRN Secure Internet service tools and services. b) The helpdesk will work directly with the end user to provide advice on remediation methods and industry best practices as they relate to services FIRN provides as part of our Secure Internet offering. c) The helpdesk will be staffed live and/or offer immediate call back within thirty (30) minutes 24x7x365. d) The Secure Internet Service staff will perform daily eyes on glass real-time monitoring and analysis of security events. Monitoring and analysis shall span multiple sources including but not limited to events from the security tools (SIEM), MFN network tools, NetFlow logs, firewall logs, and router logs. New Secure Internet and Advanced Security & Content Filtering Secure Internet services shall be offered based on the rates provided in Table 1.0 below. All current FIRN Internet Services shall remain with the exception of the following changes: 1) Pricing for Secure Internet Services is flat rate (included in Table 1.0) in the AT&T, CenturyLink and Verizon LATA areas. This new pricing shall be an addition to the flat rate and mileage band pricing originally available under the FIRN contract. The new flat rates in Table 1 may not apply outside of these areas. Any connections outside of the AT&T, Century Link, and Verizon LATAs shall be priced as an individual case basis (ICB). ICB pricing shall never be more than the original flat rate pricing available under the original FIRN contract. 2) A FIRN managed CPE router is included in the standard service. However, the FIRN end-user may choose to manage the FIRN CPE router or provide and manage their owned CPE router as long as it is certified by the FIRN Service Provider. The option to manage the CPE router is at no additional cost to the end user. 3) The FIRN Secure Internet service bundle introduces performance measures via Service Level Agreements for Install, Moves, Adds, Changes and Outages with the following Table 2.0 Page 3 of 12
4 Service Performance Measures Table 2.0 SLA Performance Target Liquidated Damages Install, Moves, Adds, Changes ( IMAC ) Site Outage & Service Troubles Restore 64kbps to T1 = 60 days >T1 to 45Mbps = 80 business days >45Mbps = 180 business days Within twenty-four (24) hours Monday Friday. 10% MRC of Service* if performance is not met. 5% MRC of the entire service if outage > 24 hours *MRC of Service = MRC of (Core Port + CPE + Access) for each site Measurement Measured and calculated per incident based on the operational tools provided. FIRN will not be liable where facilities do not exist for access types (excluding Ethernet) greater than 12 Mbps. Measured using the trouble ticketing system. SLA clock will start when the trouble has been reported in the ticketing system. The SLA clock will stop when the site has been restored and verified with the end user. For all service troubles, FIRN must open trouble tickets pro-actively and immediately when the outage has been discovered. The time between the actual outage and the opened trouble ticket was opened will be counted towards SLA restoral time. For example: if an outage occurred at 1:00PM and the trouble ticket was opened at 1:30PM, 30 minutes of this time will be counted towards the SLA restoral time. Note: Secure Internet service shall be available and pricing effective July 1st, FIRN Advanced Security Offerings (ASO): A. ASO can be purchased by end users as an Advanced Security Bundle (ASB) (see B.). Some of these ASB as well as other Advanced Security Offerings may also be purchased separately (See I-J.). B. Advanced Security Bundle (ASB): ASB includes, for each end user selected location (district headquarters): Page 4 of 12
5 1) Fully Managed Device for On-site Intrusion Prevention System (IPS) Device and Service. 2) Fully Managed Device for On-site Premise Firewall Event Logging Management, Analysis and Notification of end user District Area Network (DAN) Firewall. 3) Fully Managed Device for On-site end user Device Event Logging Management and Analysis for up to 15 devices per end user location. 4) Fully Managed Counter Threat Appliance (CTA) to assimilate logging information from all end user selected sources passing on significant events for further analysis. 5) Fully Managed Cloud Based Security Information and Event Management (SIEM) Correlation via forwarded information from the CTA. 6) End User Portal for detailed information regarding their Security incidents and security posture. C. Intrusion Prevention System (IPS): IPS helps eliminate malicious inbound and outbound traffic 24x7x365, without device or signature management, and without increasing in-house headcount. IPS service lets the end user comply with data loss regulations to protect against threats to sensitive data by centralizing the analysis of all devices including firewall logs and provides comprehensive reporting via the FIRN s end user portal to demonstrate the effectiveness of the end user s security controls. The IPS device can be attached to the End User network to provide Intrusion Detection with the onus then on the end user to implement appropriate corrective action. Alternatively, the IPS can be placed in-line of Internet traffic, in which case the FIRN service provider shall implement recommended security response to the intrusion. IPS includes: 1) Configuration and implementation. 2) Administration and tuning. 3) 24x7x365 Real-time security event and device health monitoring. 4) Upgrade, change, and patch management. 5) Thousands of unique countermeasures. 6) Daily audits of existing rules. 7) Advanced analysis and blocking techniques, including advanced statistical analysis, suspicious activity correlation and expert security analysis of patterns. 8) Twice weekly countermeasure updates. 9) Intelligence-enhanced threat protection. 10) On-demand security and compliance reporting. D. Firewall Event Logging: Monitoring of any supported end user premise firewall listed below and support for next generation and HA Firewall pairs at no additional charge. Log information shall be incorporated into the provided SIEM and any SIEM indications of a problem are analyzed by security professionals in near real time and end user are notified Page 5 of 12
6 of any significant firewall events complete with recommended firewall configuration changes. End users desiring a full proactively managed firewall solution can combine this offering with existing FIRN contract firewall management options. Supported firewall devices are: 1) Cisco 2) Juniper Networks 3) Palo Alto Networks 4) Dell SonicWALL 5) Check Point 6) Fortinet E. End User Device Event Logging: The 15 devices can be any mixture of any supported devices (servers, routers, etc.) capable of sending log information to the provided logging device. The logging information shall be fed into the SIEM similar to the Firewall log information and proactively responded to the same way, resulting in notification of the end user of any suspicious activity complete with recommended actions. F. Counter Threat Appliance (CTA): The CTA resides on the end user s network and shall be responsible for maintaining connections to all sources an end user needs monitored and managed. The CTA shall collect logs from these sources and handles parsing, normalization, de-duplication and filtering of collected events. Security events of interest are sent from the CTA to the FIRN s Security Operations Centers (SOC) via a secured connection, where they are prioritized and, if needed, reviewed by the FIRN s service provider certified Security Analysts to determine if any malicious or suspicious activity is occurring. Additionally, the CTA is a secure point from which FIRN s Security Analysts can provide device management. Through the secured connection, the CTA shall have the capability to enable communications and administrative activities for vendor managed devices. G. End User Portal and Reports: The End User Portal shall provide the intelligence and analytics needed to easily understand the risks, demonstrate compliance and make better security decisions. The Portal shall give end users full visibility into their security and compliance posture with advanced reporting functionality integrated across all proffered Advanced Security Offerings. The End User Portal shall include a mobile application ensuring security data is always at the end user s fingertips. H. Advanced Security Bundled Pricing Page 6 of 12
7 ASB Monthly Pricing Table 2.0 Bandwidth Monthly Recurring 10 Mbps $3, Mbps $3, Mbps $3, Mbps $3, Mbps $4, Mbps $4, Mbps $4, Mbps $4, Mbps $4, Mbps $4, Mbps $4, ,000 Mbps $4, ,000Mbps* $9, ,000Mbps* $23, ,000Mbps* $47, *Where available Standalone Advanced Security Options. End user may purchase any of the products and services described below. 1) IPS Monitoring is as described in C. 3) above. Pricing for those wishing to buy as a standalone product is as follows: IPS Monitoring Monthly Pricing - Table 3.0 Internet Bandwidth Monthly Recurring 0 Mbps to 100 Mbps $ Mbps to 1000 Mbps $1, Mbps to 2000 Mbps $1, ) IPS Management was included and described in the bundled offering. Pricing for those wishing to buy as a standalone product is as follows: Page 7 of 12
8 IPS Management Monthly Pricing - Table 4.0 Internet Bandwidth Monthly Recurring 0 Mbps to 100 Mbps $1, Mbps to 500 Mbps $2, Mbps to 1000 Mbps $3, Mbps to 2000 Mbps $4, Mbps to 4000 Mbps $6, Mbps to Mbps $9, ) End User Device Event Monitoring was included and described in for up to 15 devices in the bundled offering. For those wishing to buy monitoring for additional devices or as a standalone offering pricing is as follows: Device Monitoring Monthly Pricing - Table 5.0 Device Count Monthly Recurring 1 $ $1, $12, $23, ) Vulnerability Management service identifies exposures and weak spots in end user environments by performing highly accurate external scanning and internal scanning across the network. Vulnerability Management shall enable vulnerability scanning without the hardware, software and maintenance requirements of scanning products. Vulnerability results shall be integrated into FIRN s other Managed Security Services, allowing threats against vulnerable and non-vulnerable systems to be assessed and prioritized accordingly. The Vulnerability Management technology shall be fully managed and maintained by the FIRN s dedicated vulnerability management team, eliminating administration and maintenance burdens so end users can better focus on protecting assets and reducing risks. Vulnerability Management includes: a) Highly accurate internal and external vulnerability scanning. b) Support for physical, cloud and virtual infrastructure. c) Dedicated vulnerability management team to provide expert guidance and support. d) Flexible reporting and remediation workflow tools via on-demand portal. Page 8 of 12
9 e) 24x7x365 expert support by certified security analysts. Vulnerability Management service Monthly Pricing - Table 6.0 Network or Server Device Count Monthly Recurring 128 $ $1, $12, Application Count Monthly Recurring 10 $ $1, $3, ) Log Retention Services shall be a fully-managed service that provides support for a wide range of sources, allowing capture and aggregation of the millions of logs generated every day by critical information assets such as servers, routers, firewalls, databases, applications and other systems. The Log Retention Services shall support hundreds of devices per appliance. Log Retention Services Include: a) Log Retention device with 13TB of compressed storage (3.8TB uncompressed). b) Capturing and storing end user-specified system logs from the IT devices, systems and other network assets to the Log Retention Appliance. c) Implementing software upgrades and security patches to Log Retention Appliance Monitor the information security, system health and performance of Log Retention Appliances 24x7x365. d) Provide end user client access to the Logs. e) Configure any Log Retention Appliance native alerting functionality to provide alerting to notify end user of any such end user Devices no longer transmitting Logs to the Log Retention Appliances. f) Act as the initial point of contact for end user support. End User Device Count Log Retention Services Monthly Pricing - Table 7.0 (13TB Compressed Capacity) Monthly Recurring 25 $2, $2, Page 9 of 12
10 500 $3, Additional 13/3 8TB Capacity $1, Security Incident Response and Consulting: 1) The Incident Response and Digital Forensics practice shall help provide rapid containment and eradication of threats, minimizing the duration and impact of a security breach. Leveraging elite cyber threat intelligence and global visibility, FIRN shall help end users prepare for, respond to and recover from even the most complex and largescale security incidents. The rate is based upon a response tailored to the particular event and is on a per-end user basis. Incident Response Service Monthly Pricing - Table 8.0 Minimum 50 hours Hourly Rated 1 $449.40* *Includes travel and expenses, discounts may be available for additional hours needed during same on-site visit The FIRN s Security and Risk Consulting (SRC) group shall help customers solve security and compliance challenges. FIRN shall provide services listed below: Regulatory and Compliance Testing and Analysis GLBA (Gramm-Leach-Bliley Act) Gap Analysis HIPAA (Health Insurance Portability and Accountability Act) Gap Analysis FISMA (Federal Information Security Management Act)/NIST (National Institute of Standards and Technology) Gap Analysis PCI (Payment Card Industry) Gap Analysis QSA (Qualified Security Assessor) On-Demand ISO (International Organization for Standardization) 2700x Gap Analysis General Controls Audit Information Security Assessment Security Architecture Review Governance Review Facility Clearance Readiness Review E-Discovery (Electronic Discovery) Security and Compliance Attestation Reporting Third-Party Diligence and Vendor Management IT (Information Technology) Risk Assessment Vulnerability Assessments Penetration Testing Web Application Assessments Network Security Assessment Physical Security Assessment Wireless Network Testing Social Engineering War Dialing Data Discovery and Classification Page 10 of 12
11 Note: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop, implement, and maintain a comprehensive written information security program that protects the privacy and integrity of end user records. The Health Insurance Portability and Accountability Act of 1996 (HIPPA) includes: the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. Payment Card Industry (PCI) Gap Analysis are designed to combat identity theft and to better secure credit card data. Credit card associations created the Payment Card Industry (PCI) Data Security Standard (DSS) and expect organizations that process, store or transmit cardholder data to comply with these standards. ISO (International Organization for Standardization) 2700x is a series of specifications which include Information Security Management Systems whose focus is based on evaluating process rather than content. These standards contain a Code of Practice consisting of a comprehensive set of information security control objectives and a menu of best practice security controls. Security Risk Consulting Service Monthly Pricing - Table 8.0 Minimum 50 hours Hourly Rated 1 $385.20* * Includes travel and expenses 2) All CSAB orders shall include a statement-of-work to be reviewed and approved by DMS and end user. The statement-of-work template shall be defined in the operational and user guide. Service Level Objectives: Security Risk Consulting Service Service Level Objectives - Table 9.0 SLO Type Description Action Security Monitoring (applicable to ASB and Standalone options) End user shall receive a response (according to the escalation procedures defined in the End User Portal or in the manner pre- 1/30th of monthly fee for Service for the Page 11 of 12
12 Active Health Monitoring (for all FIRN provided devices) selected in writing by End user, either through the help desk ticketing system, , or by telephone) to security incidents within fifteen (15) minutes of the determination by the Service Provider that given malicious activity constitutes a security incident. This is measured by the difference between the time stamp on the incident ticket created by the SOC personnel or technology and the time stamp of the correspondence documenting the initial escalation. A security incident is defined as an incident ticket that comprises an event (log) or group of events (logs) that is deemed high severity by the SOC. The most up-todate version can always be found in the Real-Time Events section of the End User Portal). Automatically created incident tickets (via correlation technology) and event(s) or log(s) deemed low severity will not be escalated, but will be available for reporting through the End user portal. Active health checks identifying the following conditions are subject to the following SLAs: affected device 1/30th of monthly fee for Service for the affected device Device Unreachable 30 minute response (via phone, ticket, or ) from identification of the device being unreachable. This is measured by the difference between the time stamp on the device unreachable ticket created by the SOC personnel or technology and the time stamp of the correspondence documenting the initial escalation. Page 12 of 12
Current IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationIBM Global Technology Services Preemptive security products and services
IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationIBM Internet Security Systems products and services
Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure
More informationInformation Security Services. Achieving PCI compliance with Dell SecureWorks security services
Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationTOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series
TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Learn More: Call us at 877.634.2728 www.megapath.com Executive Summary Protecting Your Network and
More informationLot 1 Service Specification MANAGED SECURITY SERVICES
Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services
More informationAlways on. Hawaiian Telcom. April 27, 2016. State of Hawaii. State Procurement Office Carey Ann Sasaki P.O. Box 119 Honolulu, HI 96810-119
Managed.. Hawaiian Telcom April 27, 2016 State of Hawaii State Procurement Office Carey Ann Sasaki P.O. Box 119 Honolulu, HI 96810-119 Subject: SPO Vendor List Contract No. 12-12 Furnish, Deliver, Install,
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationMyFloridaNet-2 ITN No: DMS-13/14-024 Attachment D Price Workbook Instructions
MyFloridaNet-2 ITN No: DMS-13/14-024 Attachment D Price Workbook Instructions Return all required Price Sheets in the Price Workbook with the reply to this solicitation as described in Section 2.15, How
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationPCI DSS Top 10 Reports March 2011
PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,
More informationManaged Security Monitoring Quick Guide 5/26/15. 2014 EarthLink. Trademarks are property of their respective owners. All rights reserved.
Managed Security Monitoring Quick Guide 5/26/15 2014 EarthLink. Trademarks are property of their respective owners. All rights reserved. 2 Managed Security Monitoring - Overview Service Positioning EarthLink
More informationSECURITY PLATFORM FOR HEALTHCARE PROVIDERS
SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto
More informationSpyders Managed Security Services
Spyders Managed Security Services To deliver world-class Managed Security Services, Spyders must maintain and invest in a strong Security Operations Centre (SOC) capability. Spyders SOC capability is built
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table December 2011 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationVulnerability Management for the Distributed Enterprise. The Integration Challenge
Vulnerability Management for the Distributed Enterprise The Integration Challenge Vulnerability Management and Distributed Enterprises All organizations face the threat of unpatched vulnerabilities on
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationWhite Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements
White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements The benefits of QRadar for protective monitoring of government systems as required by the UK Government Connect
More informationNEC Managed Security Services
NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is
More informationA Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
More informationQRadar Security Intelligence Platform Appliances
DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management
More informationPCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR
PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance
More informationCloudCheck Compliance Certification Program
CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationIBM ISS Optimizacija Sigurnosti
IBM ISS Optimizacija Sigurnosti Slaven Novak IBM ISS Technical Sales Specialist slaven.novak@hr.ibm.com 1 The Business Challenge: New Methods and Motives: Adding to the complexity and sheer number of risks
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationUncover security risks on your enterprise network
Uncover security risks on your enterprise network Sign up for Check Point s on-site Security Checkup. About this presentation: The key message of this presentation is that organizations should sign up
More informationWhen it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs
White Paper Meeting PCI Data Security Standards with Juniper Networks SECURE ANALYTICS When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright 2013, Juniper Networks,
More informationHow To Use Cautela Labs Cloud Agile.Com
1 Correlation and analysis of security and network events in one integrated solution Cautela Labs Cloud Agile. Secured. Log Management 1 Log Management A great deal of events cross your network, servers,
More informationSP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF
NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationAPPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES
APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES Application Vulnerability Scanning. A web-based application service hosted by Verizon Business to provide customers
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationAdvantages of Managed Security Services. Cloud services via MPLS networks for high security at low cost
Cloud services via MPLS networks for high security at low cost 2 Cloud services via MPLS networks for high security at low cost Executive Summary Protecting your Network and Information Assets Today s
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationBlackStratus for Managed Service Providers
BLACKSTRATUS FOR MSP SOLUTION GUIDE PAGE TM BlackStratus for Managed Service Providers With BlackStratus MSP suite of solutions, you can quickly and effectively ramp up customer security offerings and
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationEcom Infotech. Page 1 of 6
Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationMONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014
MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationnfx One for Managed Service Providers
NFX FOR MSP SOLUTION GUIDE nfx One for Managed Service Providers With netforensics MSP suite of solutions, you can quickly and effectively ramp up customer security offerings and increase your bottom line
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationTrend Micro. Advanced Security Built for the Cloud
datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationManaged Security Services
Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s
More informationTrend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard
Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified
More informationState of California California Department of Technology Statewide Technology Procurement Division
A PROPOSAL TO State of California California Department of Technology Statewide Technology Procurement Division for Best and Final Offer Resubmission Volume 2 Category 7 Network Based Managed Security
More informationAttaining HIPAA Compliance with Retina Vulnerability Assessment Technology
l Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Overview The final privacy rules for securing electronic health care became effective April 14th, 2003. These regulations require
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationFeature. Log Management: A Pragmatic Approach to PCI DSS
Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who
More informationLumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks
IPsonar provides visibility into every IP asset, host, node, and connection on the network, performing an active probe and mapping everything that's on the network, resulting in a comprehensive view of
More informationCONTINUOUS LOG MANAGEMENT & MONITORING
OFFERING BRIEF: CONTINUOUS LOG MANAGEMENT & MONITORING ALERT LOGIC LOG MANAGER AND ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER Virtually every system you use to manage and run your business creates log data.
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationSecurity Services. 30 years of experience in IT business
Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More information