Description
The service includes Managed Detection and Response, Security Information and Event
Management, Endpoint Detection and Response supported by Next Generation
Anti?Virus, identity monitoring, cyber threat intelligence, threat hunting, cyber maturity
assessments, efficiency testing and full incident response readiness. These capabilities
collectively enable the proactive identification, investigation and mitigation of threats
across the GSA's digital environment.
Managed Detection and Response (MDR). Enterprise data will be captured and analysed
for indicators of attack or compromise, which, if discovered, shall initiate a first response.
This response will be either automated or human, depending on the source of the
detection. GSA require Level 1 and 2 support, and the first one hour of any Level 3
investigations. Support levels are defined below.
Level 1
The first line of security analysts who manage security tools and run regular
reporting. At this level, alerts and alert urgency will be determined by the security
team. Decisions about escalation to Level 2 will also be undertaken at this level.
Level 2
The second line of security analysts / engineers who have the expertise required to
get to the root of a problem and assess which part of the enterprise may be
compromised. Remediation and repair of problems is expected and issues for
additional investigation will be highlighted.
Level 3
The third line of security engineers / incident responders, which consists of highly
skilled technical resource. If required, personnel will use advanced detection
methods (threat hunting) to identify and neutralise the threat, providing remediation
advice to the Client's IT team.
Key deliverables:
- Managed Detection and Response (MDR) Service
o 24/7x365 Threat Detection & Response
o Ongoing Detection Engineering
o Ongoing Use Case Development
o Cyber Threat Intelligence (CTI)
o Threat Hunting
o Cyber Maturity Assessment
o Incident Response (first 1 hour of IR)
o Dedicated Customer Success Manager
- SIEM Licensing (Splunk) 100GB
- CrowdStrike EDR Licensing with Falcon Mobile (1650 endpoints)