Managed Security Services

Description

GSA require a Managed Detection and Response, Security service to mitigation of threats across the GSA's digital environment. Lot 1: The service includes Managed Detection and Response, Security Information and Event Management, Endpoint Detection and Response supported by Next Generation Anti‑Virus, identity monitoring, cyber threat intelligence, threat hunting, cyber maturity assessments, efficiency testing and full incident response readiness. These capabilities collectively enable the proactive identification, investigation and mitigation of threats across the GSA's digital environment. Managed Detection and Response (MDR). Enterprise data will be captured and analysed for indicators of attack or compromise, which, if discovered, shall initiate a first response. This response will be either automated or human, depending on the source of the detection. GSA require Level 1 and 2 support, and the first one hour of any Level 3 investigations. Support levels are defined below. Level 1 The first line of security analysts who manage security tools and run regular reporting. At this level, alerts and alert urgency will be determined by the security team. Decisions about escalation to Level 2 will also be undertaken at this level. Level 2 The second line of security analysts / engineers who have the expertise required to get to the root of a problem and assess which part of the enterprise may be compromised. Remediation and repair of problems is expected and issues for additional investigation will be highlighted. Level 3 The third line of security engineers / incident responders, which consists of highly skilled technical resource. If required, personnel will use advanced detection methods (threat hunting) to identify and neutralise the threat, providing remediation advice to the Client's IT team. Key deliverables: - Managed Detection and Response (MDR) Service o 24/7x365 Threat Detection & Response o Ongoing Detection Engineering o Ongoing Use Case Development o Cyber Threat Intelligence (CTI) o Threat Hunting o Cyber Maturity Assessment o Incident Response (first 1 hour of IR) o Dedicated Customer Success Manager - SIEM Licensing (Splunk) 100GB - CrowdStrike EDR Licensing with Falcon Mobile (1650 endpoints)