Specifications include, but are not limited to: A. Managed Detection and Response (MDR) Services - The Washington County Public School System (WCPS) is seeking proposals from highly experienced professional firms to provide a comprehensive managed detection and response security solution incorporating eXtended Detection and Response (XDR) that may include but is not limited to the following: i. Monitoring and logging of network traffic including North/South (ingress/egress) and East West ii. Network and System data ingestion including cloud and endpoint based systems iii. Proactive threat hunting intelligence, investigation, and reporting iv. Artificial intelligence based security intelligence, investigation, and reporting v. Security event insight, prioritization, analysis, and response vi. Firewall management including manual or automated changes as required resolve incidents, and mitigate identified threats vii. 24-hour x 7-day per week (24x7) incident monitoring, alerting, and response viii.Incident response and remediation ix. Monitoring of server and network status and notification of outages x. Vulnerability reporting and assessment xi. Ongoing assessment of overall security posture and areas for enhancement B. WCPS currently has made investments in a variety of systems to protect WCPS information and the network. Each of these systems has one or more internal owners and administrators. WCPS expects that any solution would incorporate these well-known systems or would include a replacement for the systems. It is expected that anyone assisting in the management or operation of these systems will have related certifications or experience i. Firewalls – Palo Alto ii. L2/L3 Networking - Juniper, Extreme/Aerohive, Mist iii. Productivity & Communications - Microsoft 365, Google Suite iv. Endpoint Protection - Microsoft, VMWare v. Server Virtualization - VMWare C. WCPS expects that this project will start immediately after contract signing, and that the project will have multiple phases, which may include but are not limited to the following: i. Network and system discovery, use case development, incident management and reporting process development between Vendor and WCPS IT department ii. Systems implementation, data ingestion configuration and testing, baselining, WCPS staff training, and systems access iii. Platform tuning, playbook development and implementations, incident response plans based on severity will be operationalized iv. Ongoing management, monitoring, detection, tuning, response, and incident remediation for the duration of the contract, as well as ongoing training for WCPS staff in how to make the best use of the services provided
