Statement of Work Security Information & Event Management (SIEM) December 20, 2012 Request for Proposal No. 210802



Similar documents
Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM)

Subject: Request for Information (RFI) Franchise Tax Board (FTB) Security Information and Event Management (SIEM) Project.

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Solicitation RFI-FTB-1415-SIEM Project. SIEM Project. Bid designation: Public. State of California

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

How To Manage Sourcefire From A Command Console

SANS Top 20 Critical Controls for Effective Cyber Defense

The SIEM Evaluator s Guide

Symantec Security Information Manager Version 4.7

Technology Highlights Of. (Medusa)

How To Set Up Foglight Nms For A Proof Of Concept

Monitoring Windows Workstations Seven Important Events

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

syslog-ng Product Line

Peter Dulay, CISSP Senior Architect, Security BU

End Your Data Center Logging Chaos with VMware vcenter Log Insight

GETTING MORE FOR LESS AS LOG MANAGEMENT AND SIEM CONVERGE

THE GLOBAL EVENT MANAGER

Enforcive /Cross-Platform Audit

SapphireIMS 4.0 BSM Feature Specification

Proactive Network Performance Monitoring

Network Monitoring Comparison

Secret Server Splunk Integration Guide

Security Information and Event Management (SIEM) Hardware & Software RFP #

FISMA / NIST REVISION 3 COMPLIANCE

Maintaining Non-Stop Services with Multi Layer Monitoring

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

1. INTERFACE ENHANCEMENTS 2. REPORTING ENHANCEMENTS

Information Technology Policy

PCI DSS: Beating the Cardholder Data Blues

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

XpoLog Competitive Comparison Sheet

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

SolarWinds Log & Event Manager

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Detecting a Hacking Attempt

ArcSight Supports a Wide Range of Security Relevant Products

Symantec Security Information Manager 4.8 Release Notes

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Network Operations Analytics

Campus. Impact. UC Riversidee Security Tools. Security Tools. of systems

Analyzing large flow data sets using. visualization tools. modern open-source data search and. FloCon Max Putas

Monitor all of your critical infrastructure from a single, integrated system.

Logentries Insights: The State of Log Management & Analytics for AWS

QRadar Security Intelligence Platform Appliances

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Symantec Security Information Manager 4.5 Administrator's Guide

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

8/26/2007. Network Monitor Analysis Preformed for Home National Bank. Paul F Bergetz

AKIPS Network Monitor Installation, Configuration & Upgrade Guide Version 16. AKIPS Pty Ltd

Find the needle in the security haystack

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

SOFTNIX LOGGER Centralized Logs Management

Monitoring Microsoft SQL Server Audit Logs with EventTracker The Importance of Consolidation, Correlation, and Detection Enterprise Security Series

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

AKIPS Network Monitor Installation, Configuration & Upgrade Guide Version 15. AKIPS Pty Ltd

Enterprise SysLog Manager (ESM)

IBM QRadar Security Intelligence Platform appliances

Heroix Longitude Quick Start Guide V7.1

REASON FOR LOG RETENTION MANAGEMENT

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Symantec Security Information Manager Administrator Guide

SapphireIMS Business Service Monitoring Feature Specification

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Critical Controls for Cyber Security.

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Paul Cochran - Account Manager. Chris Czerwinski System Engineer

The syslog-ng Store Box 3 F2

RUGGEDCOM NMS. Monitor Availability Quick detection of network failures at the port and

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

mbits Network Operations Centrec

Splunk: Using Big Data for Cybersecurity

How To Use Mindarray For Business

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

STEALTHWATCH MANAGEMENT CONSOLE

ENC Enterprise Network Center. Intuitive, Real-time Monitoring and Management of Distributed Devices. Benefits. Access anytime, anywhere

About this Getting Started Guide. Enabling Log Management... 2 Applying a License... 4 Using Log Management How to forward logs...

QRadar SIEM 6.3 Datasheet

Monitor DHCP Logs. EventTracker. EventTracker Centre Park Drive Columbia MD Publication Date: July 16, 2009

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Clavister InSight TM. Protecting Values

Scalability in Log Management

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Enforcive / Enterprise Security

Transcription:

Statement of Work Security Information & Event Management (SIEM) December 20, 2012 Request for Proposal No. 210802 Introduction The Pacific Northwest National Laboratory (PNNL) is located in Richland Washington and is one of the U.S. Department of Energy's (DOE.) ten national laboratories, managed by DOE's Office of Science. PNNL performs research for other DOE offices as well as government agencies, universities, and industry to deliver breakthrough science and technology to meet today's key national needs. Project Description and Purpose PNNL Cyber Security Analytics Team is interested in receiving proposals for the next generation of Security Information & Event Management (SIEM) solutions. This Team will evaluate and rank by an internal scoring methodology the most favorable product after all technical criteria are met. After evaluations are completed a recommendation for award will be made. Assumptions and Constraints If the solution is put into virtual machines, the cost of the virtual environment will be added to the total cost of the price quoted. The solution should support at a bare minimum of one billion events per day. The log size is roughly 330 GB of data per day. Please calculate the total cost based on this information and project the cost if this information was doubled. The number of network devices, machines, switches, routers, etc will be sent upon request. Requirements Technical Requirements are grouped into categories listed below in order of importance: 1. Clients 2. Data Types 3. Appliance Features 4. User Interface 5. Compliance 6. Integration All these categories and their content listings must be met. Any item listed that cannot be met must be so noted as either an add-on with cost or other explanation. 1

Agentless Data capture Clients Capture data with client agents AIX client agent BSD client agent Linux client agent Solaris client agent OS X client agent Windows client agent HIDS agent IDS agent FIM (File Integrity Monitoring) WIDS (Wireless intrusion detection system) Transmission compression Data Types Allow syslog forwards (most common method for alerts and events) Normalize data Process netflow data Raw/unstructured events SDEE (Security Device Event Exchange) Capture SNMP traps Collection Health Monitoring (device offline) Firewall Logs Hypervisor Logs IDS Logs processing Includes all windows 7 logs IPS Logs 2

Parsed/structured events Reports on raw/unstructured data Router Logs Store and forward events Switch Logs Correlation Capability Appliance Features Event message stat monitoring (latency) Events per second (11,574 is ~ 1 billion per day) Retention period - months Scalable disk Scalable hardware Centralized Query Capability Archive and see source data Archive Metadata Can archive Events CLI option CPU Monitoring Max internal storage Queries across peers Raw data searches Storage compression Build in VMs Vulnerabilities correlation Appliance or Software/OS 3

Alerting - near to Real time User Interface Can export data Can save queries/filters Custom Rules Customizable access options per group Customizable reports Customizable dashboard Boolean Queries User privilege roles/groups Web interface Alerting - weighted Can create alerts Can schedule tasks Context-sensitive Graphs Device/host groups Regex Queries Graphical query builder Search Performance Unstructured Data, records searched in a minute Work flow to Maximo Minimum FISMA compliance Integration with Blue Coat Compliance Integration Integration with FireEye Integration with Forefront AV Integration with Ironport 4

Integration with Solera Integration with Symantec DLP integration Integration with Websense Integration with Nessus Open API Evaluation Criteria Technical 60% If all technical items listed above are met, either as standard or add-on items, those responsive, responsible Offerors will be invited for a Proof-of-Concept on-site demonstration. At the time, Offeror's product will be left on-site at the Lab for 90 days for testing within the Lab's environment for analysis by the technical evaluation team. System operations will be scored at that time using an internal ranking method. Scoring will include: - ease operation within the Lab s environment - speed of processing data - integration Price 40% Responsive and responsible Offerors who have met all the technical criteria will be evaluated on pricing of total product along with the on-site demonstration scoring. Price will affect the overall score and will impact the Best Overall Value for the Lab. Contract Award Battelle may evaluate proposals received in response to this solicitation without discussion (initial proposals should contain the Offeror's best price and technical terms). A Fixed Price contract award will be made to the responsive, responsible Offeror whose evaluated proposal provides the Best Overall Value of Price and Technical Merit after satisfying all the requirements of this solicitation. 5