Department Of Tourism Tender

Description Terms Of Reference Procurement Of Anti-virus Paper License For Fy 2024 L. Objectives The Main Objective Is To Have Protection, Detection, And Response With Threat Intelligence That Will Secure And Protect Dot Ict Infrastructures Such As But Not Limited To Servers, Storage Servers, Databases, Desktops, Laptops, And Other Devices But Also Have A Preventive Measure Against The Newly Developed Virus, Malware, Ransomware, And Other Related Issues. Technical Specifications For Anti-virus Endpoint Security For Business For Minimum 1000 Licenses. Delivers A Multi-layer Anti-malware Protection For Smartphones, Workstations And Servers With End Point Controls, Mobile Device Management, Encryption And Systems Management Under A Single, Unified Management Console With Additional Feature Of Endpoint Detection And Response. Features: 1. Anti-malware (workstations And File Server) (a). The Solution Must Have Multiple Anti-malware Engines — With The Combination Of The Traditional Signature-based, Heuristic, Cloud-assisted Scanning And Machine Learning Technology — For Superior Scanning And Detection Capability. (b). The Solution Should Be Able To Provide Security For Heterogeneous It Environment. It Shall Support A Range Of Platforms — Including Mac, Linux And Windows — Including The New Windows 10 And Windows Server 2016 Operating System. (c). Lightweight Mode For Threat Protection ("cloud Mode"). Light Antivirus Databases With Enabled Ksn (require Less Ram And Drive Space). (d). The Solution Should Provide Protection Against New And Unknown Malwares. It Should Have An Urgent Detection System That May Help Protect The System Against New Threats, Even Before The Release Of A New Malware Signature. (e). The Solution Should Be Able To Monitor The Behaviour Of Applications Automatically. It Should Have Behavioural Detection, Exploit, Anti-rootkit And Remediation Engine That Monitor The System — Real Time — And Will Detect Any Suspicious Behaviour Deeper Within Your System And Application That Rolls Back Actions Done By Malware. (f). The Solution Should Have Protection Against Encryption For Shared Folders Unique Anti-cryptor Mechanism Capable Of Blocking Encryption Of Files On The Shared Resources From The Malicious Process Running On Another Machine On The Same Network. (g). The Solution Should Have A Deeper Level Of Protection That Could Work On The Lowest Level Of A Computers' Operating System. (h). The Solution Should Have Technologies That Are Improving Its Performance By Estimating File Threat Level On The Basis Of Its Last Modification Date. File Last Modification Date Is Compared Against Its First Scan Date, Creation Date, And Antivirus Databases Release Date. (i). The Solution Should Have Host-based Intrusion Prevention System (hips) And Personal Firewall That Would Protect Against Hacker Attacks. It Should Be Able To Control Inbound And Outbound Traffic — By Setting Up Parameters For An Individual Port, Ip Address Or Application. (j). The Solution Should Have A Network Threat Blocker Mechanism That Detects And Monitors Suspicious Activity On Your Network. It Should Be Pre-configurable On How The System Should Respond When Suspicious Behaviour Is Detected. (k). The Solutions Should Be Able To Auto-quarantine Or Auto-delete Identified Malwares Without End-user Interaction. (l). The Solution Should Be Able To Scan Body Text And Attachments Of Incoming Email Messages That Are Delivered Through Pop3 / Imap Mail Clients. (m). The Solution Should Be Able To Block Malicious/phishing Urls. (n). The Solution Should Be Able To Scan Password Protected Compressed Files For Malicious Programs. (o). The Solution Should Be Able To Re-launch Itself Automatically - When File Server Restarts - On Events That The Server Experiences Fault Or Suffering An Unplanned Shut Down. (p). The Solution Should Have Amsi Protection Provider. Antimalware Scan Interface (amsi) Allows A Third-party Application With Amsi Support To Send Objects (for Example, Powershell Scripts) To Endpoint Security Solution For Additional Scan And To Receive Scan Results For These Objects. (q). The Solution Should Be Able To Monitor And Block Abnormal Behavior Of Applications. (r). The Solution Should Have The Option Of Single Agent For Edr And Epp (endpoint Protection) That Can Be Activated Via Licensing Option. 2. End — Point Controls (a). Application Control The Solution Should Be Able To Control Application Start Up By Blocking, Granting Or Auditing Each Application Upon Launch. The Solution Should Be Able To Monitor And Classify Each Application As Trusted, Untrusted Or Restricted. The Solution Should Be Able To Control Whether An Application Is Given Access To Specific System Resources, Such As The File System Or The Registry. The Solution Should Be Able To Do Blacklisting And Whitelisting Technology. The Solution Should Have A Dynamic Whitelisting Service That Assesses The Security Of Commonly Used Applications. Whitelist Database Should Be Updated Regularly And Automatically To Ensure Up-to-date Protection. Policy Should Be Able To Use User Account-based Profile On The Active Directory. (b). Device Control The Solution Should Be Able To Allow Administrator To Set Policy And Control To Any Connected Device, On Any Connection Bus (not Only Usb), At Any Time. The Able To Support Device Management And Shall Allow Administrator To Monitor, Block Or Make The Device Read-only Along With The Option Of Providing Exceptions. The Solution Should Be Able To Block Or Allow Devices Based On Specific Serial Number. The Solution Should Be Able To Generate Logs Of Events Associated With Deleting And Saving Files On Usb Device. The Solution Should Be Able To Generate Logs Of List Of Trusted Wi-fi Networks, Based On Network Name, Encryption Type, And Authentication Type. The Solution Should Be Able To Monitor Information About Write And Removal Operations Performed With Files Located On Removable Drives. The Solution Should Have Anti-bridging Capability Which Blocks Unauthorized Commuting Between Networks. Policy Should Be Able To Use User Account-based Profile On The Active Directory. (c). Web Control The Solution Should Be Able To Filter Each Client's Web Browser Usage. It Should Be Able To Permit, Prohibit, Limit Or Audit Users' Access To Individual Websites Or Categories Of Websites — Including Games Websites, Gambling Sites Or Social Networks. Policy Should Be Able To Use User Account-based Profile On The Active Directory. 3. Data Protection (a). The Solution Should Be Capable Of Doing Full-disk Encryption (fde) And Protects Data On Hard-drives (b). The Solution Should Be Capable Of Bitlocker Management (c). The Solution Should Be Able To Do - Pre-boot Authentication — That Is Requiring Users To Pass Through An Authentication Process Before The Operating System Will Even Launch. (d). The Solution Should Be Capable Of Doing Single Sign-on (sso). (e). The Solution Should Be Capable Of Doing File-level Encryption (fle). (f). The Solutions Should Be Capable Of Encryption Removable Drive (usb) By Means Of Entire Drive Encryption And Portable Mode. (g). The Solutions Should Be Capable Of Protecting Data During Transfer, Storage And Restoration, Regardless Of The Policy Settings At The Endpoint To Which The Data Is Restored. (h). The Solution Should Be Able To Prevent Exchange Of Encrypted Files Over 1m Or Skype, Without Restricting Legitimate Message Exchange. (i). The Solution Should Be Capable Of Providing Mechanism For Password Recovery. (j). Ability To Recover Disk Data In Case Of Hardware Failures. (k). The Solution Should Be Gdpr Compliant. 4. Mobile Device Management And Security (a). The Solution Should Be Able To Configure And Manage Smartphones And Tablets From A Single Console. (b). The Compatible With Different Mobile Platforms — Ios And Android. (c). The Solution Should Be Able To Do — "over The Air" Provisioning. It Should Be Able To Secure Phones Remotely By Sending Either An Email Or Sms Containing A Link To The Corporate Portal Where Users Can Download The Profile And Applications That Administrator Has Approved. (d).the Solution Should Be Able To Detect Rooted And Jailbreak Mobile Devices To Ensure Compliance Policy In The Network. The Solution Should Be Able To Enforce Security Settings Such As Camera Disabling And Force Password. The Solution Should Be Able To Control The Applications That Are Being Run In The Mobile Devices. The Solution Should Be Able To Encrypt Corporate Data On Mobile Devices. (h).the Solution Should Have "anti-theft" Mechanism For Mobile Devices. The Solution Should Have Multiple Layer Of Anti-malware Protection On Mobile Devices. (j). The Solution Should Have A 'containerization" Mechanism That Wilt Separate Corporate Data From Personal Data On Mobile Devices. 5. System Management Tools (a). The Solution Should Have Operating System And Application Provisioning. Provide Easy Creation, Storage, Cloning And Deployment Of System Images From A Central Location. (b). The Solution Should Be Able To Check Operating System And Other Application Vulnerabilities (c). The Solution Should Be Able To Patch Microsoft Systems Files And Other 3rd Party Applications Seamlessly. Patching Should Be Automatic Or Scheduled. (d). The Solution Should Have License Provision And Control. It Should Have Tools That Could Limit Usage Only To Approved Applications And Versions - And Restrict The Number Of Licenses In Use. (e). The Solution Should Have An Asset Inventory System That Would List All Hardware Devices And Software Applications In The Network. A Notification Should Be Sent To Administrator Once A New Device Has Been Found In The Network. (f). The Solution Should Support "wake-on Lan Technology" That Would Allow The Solution To Power-on Workstations Remotely During Long Hours Of Deployment Or Troubleshooting Process. (g). The Solution Should Be Able To Assign Workstations That Would Act As Remote Agent In A Remote Branch Office For Central Update Agent. (h). The Solution Should Have The Capability To Do Remote And Software Installation From Centralized Management Server. (i). The Solutions Should Have Troubleshooting Tools That Can Be Use To Remotely And Securely Connect To A Client System To Fix Issues — From The Same Administration Console. 6. Unified Management Console (a). The Solution Should Be Capable Of Deploying Applications Such As End-point And Third-party Applications On A Machine Remotely. (b). The Solutions Shall Support Policy Enforcement (c). The Solutions Shall Provide Dashboard With Multiple Information & These Information Should Also Be Fetched From Database Based On Different Queries. (d). The Able To Have Automated Mobile Policies For Devices That Leave The Corporate Network. (e). The Solution Should Provide Pre-defined Policies As Well As Provide Provision To Change And Customize Policies Based On Groupings. (f). The Solution Should Have A Single And Unified Management Console To All Its Security And Control Features. (g). The Solutions Should Be Able To Manage Mixed Platforms In One Management Console. (h). The Solution Should Be Able To Support Hierarchical Grouping Of Machines And Policy Deployment. The Grouping Could Be Based On Ip Address Of A Subnet Of Machines Or A Particular Site. (i). The Solution Should Be Able To Provide A Concise And Accurate Report That Can Be Customize By The Administrator. (j). The Solution Shall Support Reporting In The Following Format Like Xml, Html And Or Pdf (k). The Solution Should Have A Web-interface That Will Be Use To Monitor The Protection Status And Reports Remotely. 7. Certification And Accreditations (a). The Solution Should Be Recognized By [csa Lab, Nss Lab. (b). The Solution Must Be Certified By The Following 3rd Party Testing Organization: Vbi 00, Av Comparatives — With +advance Rating At Least For 3 Consecutive Years. 8. Endpoint Detection And Response (a). Architecture And Design The Edr Solution Must Support Integration With Free Of Charge Threat Intelligence Portal, Which Contains And Displays Information About The Reputation Of Files And Urls. The Edr Solution Must Support Integration With Cloud Reputation Service. The Edr Solution Must Support Central Management And Analytics Through An On-prem Web Console And Cloud Management Console. (incident-related Data, System Status And Health Check Data, Settings, Edr Agent Must Have Integration With Endpoint Protection Application. Edr And Endpoint Protection Solutions Must Have Unified Console For Administrators And Analysts. Edr Should Support Standalone Agent Installation (without Endpoint Protection Application). Hardware Platform Where The Solution Is Installed Should Be Flexible For Any Upgrade Include Network Interfaces, Ram And Cpu (b). Features Must Provide An Optimum Endpoint Detection And Response To Stay Safe In The Face Of Complex And Advanced Threats By Providing Simplified Investigation, Advanced Detection, And Automated Response, With Simple Root Cause Analysis. Capable To Provides Simple Investigation Tools, Deep Visibility, And Automated Response Options In Order To Not Just Detect The Threat, But To Reveal Its Full Scope And Origins And Instantly Respond, Preventing Business Disruption. Capable To Perform And Optimizing Manpower Resources And It Overheads By Providing Simple Centralized Controls And A High Level Of Automation With A Streamlined Workflow From A Single Console Available Both On-premises And In Cloud3. Compatible With Existing Av (c). Performance See Security Alerts On The Endpoints And Analyze Them Further To Understand The Full Breadth And Depth Of The Threat. This Helps Ensure The Incidents Are Fully Dealt With And No Remainder Of The Threat Is Left On The Endpoint. Must Have Enriches Incidents With Necessary Information And Helps The Agency Understand Connections Between Different Events Through Attack Spread Path Visualization. Set Up Automated Responses For Threats Discovered Across All Endpoints Based On Ioc Scans, Or Instantly Respond To Incidents Upon Discovery With Single-click' Options. Streamlined Workflow From A Single Console Available Both On-prem And In Cloud Is Coupled With Simple Edr Scenarios And Controls, Including Drilldown Visualization, Ioc Scanning And Response Options That Don't Require Too Much Cybersecurity Expertise Or Time. (d). Detection The Suggested Solution Must Supplement Verdict Information From Endpoint Protection Solution With System Artefacts About The Detection. The Suggested Solution Must Support Auto Generation Of Threat Indicators (ioc) After Detection Occurs With Ability To Apply Response Action. The Solution Must Have The Capability To Force Run Ioc Scan Across All Endpoints With Installed Edr Agents. The Suggested Solution Must Support Ioc Scanning Run According To A Scheduler. The Suggested Solution Must Support Import Of Third-party Ioc In Open Ioc Format For Its Use In Network Scanning. The Suggested Solution Must Support Scanning Using Auto-generated, Uploaded Or External (third-party) Set Of Ioc's To Detect Earlier Undetected Threats. The Suggested Solution Must Support Exporting Of Ioc Generated By The Solution To A File In Openloc Format. The Suggested Solution Must Be Able To Perform The Following Actions: Single Console Threat Prevention Data Protection Hardening System Response Action Root Cause Analysis Automation Ioc Scan Sandbox Features Visibility The Suggested Generate Detailed Incident Card Related To The Detected Threat On An Endpoint. An Incident Card Must Include At Least The Following Information About Detected Threat: - Threat Development Chain Graph (kill Chain). Information About The Device On Which The Threat Is Detected (name, Ip Address, Mac Address, User List, Operating System). •:• General Information About The Detection, Including Detection Mode. Registry Changes Associated With The Detection. History Of The File Presence On The Device. Response Actions Performed By The Application. Threat Development Chain (kill Chain) Graph Must Provide Visual Information About The Objects Involved In The Incident, For Example, About Key Processes On The Device, Network Connections, Libraries, Registry, Etc. An Incident Card Must Present Detailed View On System Artefacts And Incident-related Data For Root Cause Analysis: Process Spawning Network Connections Registry Changes Downloading Object Dropped Objects, Etc. (f). Response The Suggested Solution Must Support 'single-click" Response Form Management Console. The Suggested Solution Must Support At Least The Following Response Actions That An Administrator Can Perform When Threats Are Detected: Prevent Object Execution: Edr Solution Must Support Both Modes: Records To The Events About Attempts To Launch Objects Or Open Documents That Meet The Criteria Of The Execution Prevention, But Does Not Block Launch Or Opening Of These Objects; Blocks Launch Of The Objects Or Opening The Documents That Meet Criteria Of The Execution Prevention Rules. Edr Solution Must Support Blocking Objects By Hash (md5 Or Sha256) Or By Path Pattern. Edr Solution Must Support Blocking Executables, Scripts And Documents O Edr Solution Must Support Notification User About Prevention Option Host Isolation: Edr Solution Must Provide Means Of Isolating Machine From The Rest Of The Network In Case Of Security Incident, While Preserving Controlled. Edr Solution Must Support Creating Custom Host Isolation Rules (i.e. Adding Particular Network Resources To Exclusion E.g. Dns Or Selecting Predefined Profiles). O Edr Support Manual Bringing The Host Back Online From Isolation, •3 Terminate A Process On The Device. Quarantine An Object O The Suggested Solution Must Support Object Recovery From Quarantine. Run System Scan + Remote Program / Process / Command Execution Start Ioc Scan For A Group Of Hosts. 9. Administration And Reporting (a). The Solution Must Have A Unified Policies, Centralized Reporting And Tasks Execution Within A Single-console For Centralized Management — On-prem Or Cloud Based. (b).suggested Solution Management Server Must Have Ability To Send Logs To Siem, Syslog Servers. (c). The Solution Must Have Different Administrators Functions That Have A Single Interface/dashboard During Sign On And Controlled By Privileges And Rights Based On Their Functions (administrator, Reviewer, Investigator, Etc.). (d).the Suggested Solution Must Support Secure Communication Between Management Console And Endpoints With Edr Agent. The Suggested Solution Must Support Management Of Edr Agent Through Command Line Interface. Suggested Solution Must Have Inbuilt Feature/module To Collect The Data Required For Troubleshooting, Without Require A Physical Access To The Endpoint. Edr Agent Must Have Self-defense Mechanism To Prevent Agent Modifying Agent-related Files/system Components Entries Etc. (h). The Solution Must Allow The Creation Of Accounts With Different Roles Used To Administer The Solution, Just Monitor The Alerts, Or Review Changes (i). Administration Server Upgrade Must Not Require Installation From Scratch And Losing Settings, Etc. (j). The Solution Should Be Able To Send Email Notifications When Certain Types Of Security Alerts Are Generated. The Solution Must Support Backup And Restore The Solution Configuration. The Solution Should Be Simple To Install And Operate, And Not Require High-level Skills From It/lnformation Security Staff. (m). The Solution Should Provide Minimal Impact On Existing It/lnformation Security Staff Load. (n). The Solution Should Be Able To Work In Autonomous Mode Without Access To External Threat Intelligence Sources. (o). Requirements For The Solution Documentation. A Documentation For Edr Software, Including Administration Tools, Should Include At Least Online Help For Administrators. 10. Additional Features (a). The Suggested Solution Must Support Integration With Sandbox With Ability To Automatically Scan Endpoints And Apply Responses In Case If Suspicious Activity Has Been Detected By The Sandbox. (b). The Suggested Solution Must Support Integration With Apt Solution. (c). The Suggested Solution Must Support Integration With Managed Detection And Response Service. (d). The Suggested Support Automated Detection Of Malicious Activity Using Endpoint Protection Solution And Sandbox. 11. Compliance, Maintenance And Support Level Agreement (a). Have A Reputable Local Vendor Representative In The Philippines That Has Been Active In Providing Cybersecurity Protection/security And Prevention For At Least 7 Years Now. (b). Supplier Of The Solution Have At Least Two (2) Certified Engineers For End-point Solution. (c). Provides Regular Call Or Email Check-up For Concerns And Product Health Monitoring Even After Sales. (d). Available Support Through Phone, Email, Web-remote Assistance And Onsite/on-call Support. (e). Must Provide A Pcab Certified Sl Provider. (f). The Local Reseller As The First-level Of Support, The Distributor As The Secondlevel And The Principal As The Third-level Of Support. (g). The Supplier Of The Solution Must Be Able To Provide A Comprehensive Aftersales Support And Maintenance Agreement With Options Of 8x5, 8x7 Sla. (h). 1 Day Product Training Certification For 8 Pax. (i). Free Av Upgrade Within The Warranty 12. Warranty One (1) Year Subscription And Services With Quarterly Onsite Support And Services Budgetary Requirements Item Total Procurement Of Paper License For Anti-virus 994,660.00 The Total Budget Is Nine Hundred Ninety-four Thousand Six Hundred Sixty Pesos (php 994,660.00) Chargeable Against Otdprim-itd 2024 Funds. Iv. Delivery 30 Calendar Days Upon Receipt Of Notice To Proceed Payment Government Procedure Project Officer: Erwin C. Silva Admin. Assistant V Itd Ecsilva@tourism.gov.ph