Increased security and logging requirements have caused information overload for Security Analyst. Today’s demands for cyber related services have resulted in more security alerting, excessive logging and longer analysis time needed to detect malicious activity.
The combination of too many alerts and too little context causes security teams to lose visibility and control. Extended detection and response (XDR) has emerged as a response to this problem. XDR is a category of threat detection, investigation, and response solutions that work together across all threat vectors in a company’s infrastructure — including network, endpoint, cloud, and identity rather than just one aspect of the infrastructure. By building integration directly into the architecture, XDR tools by design deliver threat insights and recommendations that optimize how security teams operate.
The Department of State is seeking input from the XDR vendor community to conduct market research on potential solutions. The intent of this problem statement is to broadly announce the Department’s need and find opportunities to conduct more targeted engagements (i.e., one-on-one meetings) with those vendors that may be able to provide these solutions.
These meetings are an opportunity to exchange general information and conduct market research related to a possible acquisition. There is no requirement that the meetings include all possible vendors, and the government will select those vendors that they would like to consider for these meetings.
All interested vendors shall submit a response demonstrating their capability of providing a fully integrated solution addressing the salient points of the solution as described in this notice to the Points of Contact (POCs) listed below. Proposals are not being requested or accepted at this time. As stipulated in FAR 15.201(e), responses to this request are not considered offers and cannot be accepted by the Government to form a binding contract. The decision to solicit for a contract shall be solely within the Government’s discretion. Any information submitted by respondents to this request is voluntary. Per FAR 52.215-3, this request is not to be construed as a commitment by the Government, nor will the Government reimburse any costs associated with the submission of information in response to this notice.
Viable Solution
- Flexible suite of endpoint protection features to identify and prioritize endpoint risks, reduce attack surface and stop data loss.
- Holistic approach to detection and response that eliminates blind spots, increases accuracy, and streamlines investigations across all environments, including network, cloud, and endpoint.
- View all your endpoint, network, and cloud activity in a single dashboard that simplifies event correlation.
- Simplify investigations by automatically revealing the root cause, sequence of events, and threat intelligence details of alerts.
- Deliver a comprehensive set of machine learning and analytics techniques to stay ahead of rapidly evolving threats and counter sophisticated attacks.
- View coverage across attack surfaces with security alerts mapped to the MITRE ATT&CK® framework.
- Enrich investigations and User Behavior Analytics alerts with threat intelligence feeds.
Users
- Security Analyst
Features
- Data collection
- Threat Detection (anomalous and signature based)
- Threat Prevention (Deny/Block)
- Threat Response/Remediation
- Automated Playbooks
- External Integration: SOAR
- Threat Hunting
- User and Entity Behavior Analytics
System environments
- Analysis performed through a Cloud Service Provider
- Preferably AzureGov
- Preferably FISMA High
- Capable of monitoring Onprem and Cloud environments
Concerns
- FISMA High may not be available, but need to ensure process to become high is being worked
- Compatibility with others end point agents/clients
Submission Instructions:
All interested vendors shall submit a capability statement of no more than 2 pages (8×11 standard letter format, 12 point Arial font, .pdf format preferred) that explicitly demonstrates their capability to provide/perform the requirements stated in this notice. If late information is received, it may or may not be considered depending on agency time constraints. The capability statement should be concise, yet clearly demonstrate an ability to meet the stated requirements. The statement shall include answers to the following inquiries:
Please provide company information including:
- Name of Company
- Address
- Points of Contact (to include phone number and email address).
- Recent, relevant experience in all related areas.
- Planned Teaming and/or subcontracting arrangements and previous experience with those partners.
- Firms responding to this announcement should indicate whether they are a large business, SB, 8(a) certified business, HUBZone, EDWOSB, WOSB, or SDVOSB.
- Company size status and CAGE code.
- Whether your company is domestically or foreign-owned. If foreign-owned, please indicate the country of ownership and any contemplated use of foreign national employees on this effort.
RESPONSES ARE DUE TO THE POCs BELOW NO LATER THAN 3:00 P.M. (ET) ON 02 JUNE 2023.
POC: Swindell, Nicholas L ([email protected])
Morgan, Brett M ([email protected])
