Specifications include, but are not limited to: The Twin Rivers Unified School District is seeking proposals from qualified vendors to design, develop, and implement a customer-managed, non-MDR Extended Detection and Response (XDR) solution that enhances security, streamlines threat detection and response, and integrates seamlessly with our existing infrastructure. The proposed solution should meet the requirements outlined herein. Current Environment: Twin Rivers Unified School District has a diverse IT environment that includes: • A mix of Windows and ChromeOS devices used by staff and students. • Palo Alto Networks next-generation firewall. • Microsoft Azure Active Directory for identity management. • A combination of cloud-hosted and on-premises servers and endpoints. • A QRadar centralized log management SEIM Scope of Work: The XDR solution must meet the following requirements: Advanced Threat Detection and Response: • Provide AI-driven threat detection, correlation, and response across endpoints, cloud workloads, and network traffic. • Enable real-time and retrospective analysis of security incidents. • Offer automated response capabilities, including host isolation, process termination, and forensic data collection. • Include a malware analysis sandbox for in-depth analysis of suspicious files and rapid threat determination. Endpoint Protection: • Deliver endpoint protection with AI-driven behavioral analysis and heuristics. • Offer device control policies to manage USB, Bluetooth, and other peripherals. • Provide rollback and remediation capabilities to mitigate ransomware and other threats. • Support cross-platform protection (Windows, macOS, Linux,). Threat Intelligence and Hunting: • Integrate with threat intelligence feeds for proactive threat hunting. • Provide advanced search and querying capabilities to identify malicious activity. • Support Indicator of Compromise (IoC) and Indicator of Attack (IoA) detection. • Include adversary profiling to track tactics, techniques, and procedures (TTPs) of known threat actors. • Provide real-time and historical alerting based on adversary behaviors and attack patterns.
