All correspondence must be made through the Vendor Portal. Specifications include, but are not limited to: Solution must be a SIEM, MDR, Vulnerability monitoring, and patch management in a single platform. Must provide full viability to the platform allowing the district to all data. Solution should be fast and easy to deploy. Must be cloud hosted. Pricing must be fixed with No Data Ingestions Limits No extra charges regardless of how much data we ingest. Solution must automatically analyze network heath components including metrices like, GPO Violations, Stale Accounts, Passwords that never expire, stale passwords, and analyze privilege across the domain. Solution must have a simplified alert management to reduce alert fatigue. Enhanced Monitoring – System should automatically set a base line of monitoring at deployment. SIEM rules must be initially automatically written without deployment hours or lots of customization. System must have the following Built in Response Options: Target an AD account, disable or force a password, and more. Isolate, Power off or reboot a system. Block IP address on the firewall. System should also have SOAR action that automate a response. Solution must have User & Entity Behavior Analytics (UEBA) with the ability to: Identify, detect, analyze, and prioritize anomalous behavior in real-time. Solution must bring in multiple threat Intelligence feeds including CISA with the ability to automatically threat hunt every IP for in the could data lake for Indicators of compromise. Solution must provide a geo map and analyze IP’s in Microsoft 365, GSuite, firewall, and VPN traffic. Solution must provide sophisticated, but easy to use research tools giving admins the ability to scope a potential breach quickly and expertly. Solution must have Built-in One Touch Reporting Executive and Compliance reporting for PCI, DSS, NIST Cybersecurity Framework, HIPAA compliance, and more. Must be able to schedule reports. Solution must have the ability to create custom reports Comment by Guest User: the ability Solution must provide the ability to Investigate events on accounts, servers, and endpoints quickly searching systems or accounts for different data points. Access Events, Process Execution, Anti-forensics, share device access, remote code execution, and File Creation are some examples. 365 Days 24X7 Real Time Monitoring with a dedicated Security Operation Team. Must be able to respond to critical alert quickly. Solution must provide multiple on-premise scanners to look for internal vulnerabilities. Solution must provide an agent to look for vulnerabilities on all systems. Solution must provide full managed patch management by a security operation team for servers. Solution must provide a free trial with no cost no risk to the district. All of the items described in this section are non-negotiable. However, if a manufacturer's specification is used or identified above, then a bid may include, in sufficient detail, that its bid contains an equivalent brand. If it is determined that a bid does not meet these requirements, at any time during the solicitation process, the bid will be deemed non-responsive and disqualified from further consideration. If a bid is considered responsive, then it will be considered for award.
