University Of The Philippines Tender

Description Terms Of Reference Supply, Delivery, Installation And Commissioning Of Cloud-based Endpoint Security Solution For Up Manila 1. Background Of The Item To Be Procured 1.1. General Overview Of The Procurement Project This Project Aims To Address The Need For A More Robust Cybersecurity Infrastructure In The University. Since, There Are Many Devices And Servers In Up Manila Handling Sensitive Data (both At Rest And In-transit), There Is A Need To Procure A Comprehensive, Cloud-based Antivirus Solution To Safeguard Against Malware, Viruses, And Other Cyber Threats, Ensuring Data Integrity And Security Across All Offices Of Up Manila. 1.2. Brief Description Of The Item Procured The Project Aims To Procure Licenses For Cloud-based Endpoint Security Intended To Secure Devices And Servers To Ensure That Data At Rest And In-transit Are Secure From All Types Of Cyber Threats. Furthermore, Realizing The Gaps In Personnel And Resources, A Managed Detection And Response (mdr)-based Endpoint Security Solution Will Be Procured. 1.3. Project Cost 1.3.1. Approved Budget For The Contract (abc) The Approved Budget For The Contract (abc) Is Twenty-eight Million, Seven Hundred Forty-eight Thousand Pesos Only (php 28,748,000.00). The Breakdown Of The Cost Is As Follows: Description Count Estimated Price Total Price License For Desktops/laptops (36 Months Minimum) 1,300 Php 21,500.00 Php 27,950,000.00 License For Servers (36 Months Minimum) 19 Php 42,000.00 Php 798,000.00 2. Purpose Of The Procurement 2.1. Rationale With The Increasing Amount Of Cybersecurity Threats And Malicious Actors In Cyberspace, There Is A Need To Provide Protection At The Endpoint Level For Computer Data Stored At Rest And When In Transit Within The Up Manila Network. This Is Desperately Needed As Up Manila, An Academic Institution, Handles Highly Sensitive Government And Personal Data, Including But Not Limited To, Student Grades, Faculty Profiles, Procurement Contracts, Etc. The Lack Of An Endpoint Security Solution Leaves Us Vulnerable To Security Threats, And May End Up In Situations Similar To The Recent Happenings In Certain Government And Academic Institutions. 3. Mode Of Procurement The Mode Of Procurement Will Follow Competitive Bidding In Accordance With The Provisions Of R.a. 9184, Otherwise Known As The Government Procurement Reform Act. 4. Nature Of Procurement Goods And Services, Including Software And Licenses. 5. Scope Of Work And Technical Specifications 5.1. Scope Description Number Of Licenses Desktops/laptops 1,300 Server / Vm’s 19 5.1.1. Installation, Testing And Commisioning Of A Cloud-based Endpoint Security Solution For Computer Units And Servers Of Up Manila. 5.1.2. Must Be Able To Provide The Following Services: 5.1.2.1. 24/7 Expert-led Threat Monitoring And Response 5.1.2.2. Compatible With Third-party Security Products 5.1.2.3. Weekly And Monthly Reporting 5.1.2.4. Monthly Intelligence Briefing That Provides Insights Into The Latest Threat Intelligence And Security Best Practices. 5.1.2.5. Account Health Check 5.1.2.6. Expert-led Threat Hunting 5.1.2.7. Threat Containment: Attacks Are Interrupted, Preventing Spread 5.1.2.8. Uses Full Xdr Agent (protection, Detection, And Response) Or Xdr Sensor (detection And Response) 5.1.2.9. Direct Call-in Support During Active Incidents 5.2. Technical Specifications 5.2.1. Multi-platform Support • Supports Windows 11 With Backward Compatibility, Mac And Linux. • Endpoint Protection For Windows, Mac, And Linux Machines Must Be Managed From One Management Console. 5.2.2. 24/7 Threat Detection And Response • Must Have A Fully Managed 24/7 Service Delivered By Experts Who Detect And Respond To Cyberattacks Targeting Your Computers, Servers, Networks, Cloud Workloads, Email Accounts, And More. 5.2.3. Cybersecurity Delivered As A Service Enabled By Extended Detection And Response (xdr) Capabilities That Provide Complete Security Coverage Wherever Your Data Reside, The Mdr Service Must Be Able To: • Detect More Cyber Threats Than Security Tools Can Identify On Their Own • Must Have Tools That Automatically Block 99.98% Of Threats, Which Enables Mdr Analysts To Focus On Hunting The Most Sophisticated Attackers That Can Only Be Detected And Stopped By A Highly Trained Human. • Take Action On Behalf Of The Ims To Stop Threats From Disrupting Business Operations • Mdr Analysts Detect, Investigate, And Respond To Threats In Minutes — Whether You Need A Full-scale Incident Response Or Help Making Accurate Decisions. 5.2.4. Machine-accelerated Human Response Must Be Able To Fuse Machine Learning Technology And Expert Analysis For Improved Threat Hunting And Detection, Deeper Investigation Of Alerts, And Targeted Actions To Eliminate Threats With Speed And Precision. 5.2.5. Service Level Targets (slts) Must Have Established Slts To Ensure That The Team Is Meeting The Ims’ Expectations And Providing The Best Security Service To Protect The University. Slts Are Designed To Provide Guidelines Around Timing Expectations For Case Creation And Response Actions Resulting From Investigations. Must Have The Following Slts: • Target Time For Case Creation - 2 Minutes From Detection • Target Time For Initial Response Action - 30 Minutes From Case Creation 5.2.6. Integrated Management • Must Have A Unified Console For Managing Multiple Products Such As Advanced Endpoint Protection, Email Gateway, Server Security, Mobile Control, Network Firewall, Wireless, Encryption, Public Cloud Protection, Xdr, And Managed Detection & Response. • All Settings For These Products Including Policies Must Be Configured From A Single Management Console Without The Need To Access Additional Consoles. • Windows, Mac, And Linux Machines Must Be Managed From One Management Console. • Detection And Response Features Including Threat Analysis, Threat Detection, Threat Investigation, And Managed Threat Response Dashboard Must Be In A Single Console As The Endpoint & Server Protection And Other Managed Solutions. • Must Have The Option To Set Up A Local Cache Updating Server Within The On-premises Network Environment To Minimize Large Software Engine Update. Relay Must Communicate All Policy And Reporting Data To The Management Console. • Must Have The Option To Set Up A Relay On The Same Server As The Local Cache For Devices That Are Not Connected To The Internet. • Must Have An Option For Update Management Policy To Customize The Day And Time When Product Updates Become Available To All Or Selected Devices. Scheduled Must Not Affect Security Updates, Such As Identities Used To Protect Devices Against New Threats. 5.2.7. Multi-factor Authentication & Role Management • Mfa Must Be Enabled By Default Upon Creation Of Central Management Account. • Must Have The Option To Set Mfa:  All Admins Need Mfa  Select Admins Who Will Need Mfa  No Mfa Needed • Must Have An Option To Have Mfa Using Email, Sms, Google Authenticator, And Native Authenticator (by Proposed Solution). • Must Have The Capability To Customize Admin Roles. • Must Provide Admins The Capability To Assign Predefined Administrative Roles To Users Who Need Access To The Admin Console.  Super Admin  Admin  Help Desk  Read-only 5.2.8. Managed Detection And Response (mdr) Dashboard • Must Have Dashboard That Shows A Summary Of Threats Recently Detected And Investigated. • Must Have An Action Required Banner On The Dashboard That Is Shown When There Is A Notification About An Incident Or Incidents. • The Dashboard Must Have A Cases Section Where Notification Details Can Be Reviewed. • The Dashboard Should Also Include The Following:  Detections By Time Of Day (utc) Heat Map That Shows The Level Of Detections Each Hour.  Total Detections By Operating System That Shows The Number Of Detections For Each Os.  Mitre Att&ck Techniques Chart That Shows A Breakdown Of Attacks According To The Classifications Used In The Mitre Knowledge Base.  Detections Classification Summary That Lists The Five Most Frequently Detected Types Of Malicious Behavior, Along With The Number Of Each.  Most Investigated Devices That Show The Devices We've Investigated Most Frequently.  Active Cases That List Managed Threat Response Cases (investigations Into Potential Threats) That Are Currently Active.  Must Have A Report History Section Where Weekly And Monthly Reports Can Be Accessed And Provide Insights Into Security Investigations, Cyber Threats, And Security Posture. 5.2.9. Threat Response Mode Must Let The Ims Decide And Control How And When Potential Incidents Are Escalated, What Response Actions (if Any) The Ims Wants The Mdr To Take, And Who Should Be Included In Communications. 5.2.10. Collaborate The Collaborate Threat Response Mode Must Send The Ims Notifications Of Observed Activities, And Corresponding Recommendations. The Mdr Ops Team Will Investigate But No Response Actions Will Be Taken Without The Consent Or Active Involvement Of The Ims. Selecting Collaborate Gives You The Option To Have Some Response Actions Performed By The Mdr Ops Team And Others To Be Performed By Your Team Or Another Partner (e.g. An It Managed Service Provider). In This Mode, The Mdr Ops Team Must Receive Written Authorization Before Performing Response Actions. An Option Exists Under Collaborate That Authorizes The Mdr Ops Team To Operate In Authorize Mode If The Principal Does Not Receive An Acknowledgment After Attempting To Reach All Customer Defined Contacts By Phone. 5.2.11. Authorize The Authorize Threat Response Mode Must Send Notifications Of Observed Activities, But The Mdr Ops Team Will Proactively Manage All Containment Actions (with Full Neutralization For Mdr Complete Customers) On Behalf Of The Ims And Inform The Ims Of The Action(s) Taken. Selecting Authorize Means The Ims Want Us To Handle As Much Workload As Possible, Notify The Ims Of The Response Actions Taken, And Only Escalate Things That Require Specific Actions From The Ims That The Principal Is Unable To Take. 5.2.12. Free Integrations Security Data From The Following Sources Can Be Integrated For Use By The Mdr Operations Team At No Additional Cost. Telemetry Sources Are Used To Expand Visibility Across Your Environment, Generate New Threat Detections And Improve The Fidelity Of Existing Threat Detections, Conduct Threat Hunts, And Enable Additional Response Capabilities. Solution Must Be Open And Ready For Integration To Mdr And Management Console Given That The Following Technologies Are Licensed For Their Own Use: • Endpoint Protection, Xdr, Firewall, Cloud, Email Protection • Microsoft Security Tools – Microsoft Defender For Endpoint, Microsoft Defender For Cloud, Microsoft Defender For Cloud Apps, Microsoft Defender For Identity, Identity Protection (azure Ad), Microsoft Azure Sentinel, Office 365 Security And Compliance Center • Third-party Endpoint Protection – Compatible With: Microsoft, Crowdstrike, Sentinel One, Trend Micro, Blackberry (cylance), Broadcom (symantec) • 90-days Data Retention 5.2.13. Mdr Guided Onboarding Mdr Guided Onboarding Should Be Available For Remote Onboarding Assistance. This Service Provides Hands-on Support For A Smooth And Efficient Deployment, Ensures Best Practice Configurations, And Delivers Training To Maximize The Value Of The Mdr Service Investment. Ims Should Be Provided A Dedicated Contact From The Vendor Who Will Be With The Team Through The First 90 Days To Make Sure The Implementation Is A Success. Mdr Guided Onboarding Includes: Day 1 - Implementation: • Project Kick-off • Configuration • Build And Test The Deployment Process • Configure Mdr Integrations • Configure Vendor Ndr Sensor(s) • Enterprise-wide Deployment Day 30 - Xdr Training • Learn How To Think And Act Like A Security Operations Center • Understand How To Hunt For Indicators Of Compromise • Gain An Understanding Of Vendor Xdr Platform For Administrative Tasks • Learn To Construct Queries For Future Investigations Day 90 - Security Posture Assessment • Review Current Policies For Best Practice Recommendations • Discuss Features That Are Not In Use That Could Provide Additional Protection • Security Assessment Following Nist Framework • Receive Summary Report With Recommendations From Our Review 6. Deliverables/expected Outputs 6.1. Licenses 6.2. Staff Trained For Xdr 6.3. Documentation (user Manuals, Technical Manuals, Etc.) 7. Internal Implementation Steps 7.1. Vendor Selection Create Terms Of Reference, Plans, And Other Pertinent Documents. Conduct The Bidding Process And Select The Vendor That Is Capable Of Supplying The Needs Of The Project In Accordance With The Terms Of Reference. 7.2. Site Preparation Prepare Guidelines/memoranda On The Deployment And Mandating Of Use Of The Endpoint Security Solution. 7.3. Configuration And Deployment Configure Admin-side Tools And Deploy The Solution To All End Users. 7.4. Staff Training Select Ims Staff Will Undergo Xdr Training. 7.5. Monitoring And Assessment Determine Extent Of Deployment And Compliance. Review Security Policies And Conduct Security Assessment Following The Nist Framework Post-deployment. 8. Internal Responsibilities 8.1. Information Management Service (ims) 8.1.1. Site Preparation 8.1.2. Configuration And Deployment 8.1.3. Monitoring And Assessment 8.2. Human Resource And Development Office (hrdo) 8.2.1. Provide Ims With Updated List Of All Employees (faculty, Staff, Reps, Including Cos/jo) 8.3. Upm Faculty, Staff, And Reps (including Jo/cos) 8.3.1. Compliance With Memoranda, Policies, And Guidelines 8.3.2. Installation Of Software 9. Terms And Conditions 9.1. Indicate Brand, Model, And Country Of Origin. 9.2. Delivery Period – Ninety (90) Calendar Days Upon Acceptance Of Notice To Proceed (ntp). 9.3. Certification From At Least One (1) Government And/or Private Agencies Within Metro Manila Or The Philippines That They Have Been Supplied With The Same Brand Being Offered For At Least One Thousand (1000) Licenses. 9.4. List Of Projects In The Existing/ongoing Contracts And Project Cited In The Single Largest Completed Contract (slcc) Must Be Security-related Solutions (e.g. Firewalls, Endpoint Security, Etc.) 9.5. Notarized Certification From The Manufacturer And Bidder/contractor That In The Event Of A Change Of Local Distributor, Preventive Maintenance, Warranty, And Services Agreed Upon Here Will Be Honored By The Principal Manufacturer. 9.6. Notarized Certification That The Contractor/bidder And The Manufacturer Have Been In Business Relationship Of Providing That Said Product For At Least Five (5) Years. 9.7. Certificate Issued By The Product’s Principal Manufacturer Should Be Provided Indicating That The Contractor Is An Authorized Partner Of The Product Being Offered. 9.8. Certification That The Contractor Has At Least (2) Certified Engineers Issued By The Product’s Principal Manufacturer. 9.9. Manufacture And Warranty Certificate Issued By The Product’s Principal Manufacturer. 9.10. Certificate For Platinum Partner Of Product Being Offered Or Equivalent Issued By The Principal Manufacturer. 9.11. Contractor Must Have Information Technology Infrastructure Library (itil)- Certified Personnel To Guarantee Its Capability To Run Successful It- Enabled Products And Services. 9.12. Contractor Must Have Project Management Professional – Must Provide At Least Certificate Of Completion. 9.13. Other Inclusions – License Keys, Media Kit, Documentation In Hard And Soft Copies (as Applicable), Installation, Configuration And Testing. 9.14. One (1) Day Comprehensive Training Conducted By The Principal Manufacturer. 9.15. Three (3) Day Basic Knowledge Transfer Conducted By The Contractor For Five (5) Technical Staff On-site 9.16. Acceptance Parameters – Visual Inspection And Functional Testing 9.17. Payment Terms – Full Payment Upon Acceptance By The End-user. 9.18. Contract/license Period – At Least Thirty-six (36) Months For The Initial Contract, Renewable Annually Subject To R.a. 9184. 9.19. Additional Requirements For The Principal Manufacturer: 9.19.1. Principal Manufacturer Must Have A Cross-operational Unit That Will Link Together Threat Labs, Security Operations Team, And Ai Team To Better Defend From Increasing Complex Cyberattacks. This Operations Team Must Follow Its Own Investigative Framework Including Observation, Orientation, Decision, And Action Loop For Efficient Investigation And Response To Threats. Support Team Must Also Include Security Experts Such As Threat Analyts, Malware Analysts, Incident Responders, Data Scientists, And Threat Researchers. 9.19.2. Principal Manufacturer Must Have An Expert Team That Stops Advanced Human-led Attacks And Can Take Action To Neutralize Threats Before They Can Disrupt Business Operations Or Compromise Sensitive Data. It Must Be Customizable With Different Service Tiers And Can Be Delivered Via Vendor- Proprietary Technology Or Using Existing Cybersecurity Technology Investments. This Includes Endpoint Ransomware Protection Against Both Local And Remote Threats. 9.19.3. Principal Manufacturer Must Be The Highest Rated And Most Reviewed Mdr Solution On Gartner Peer Insights. 9.19.4. Principal Manufacturer Must Be Rated A Leader Across All Five Cybersecurity Categories In G2’s Spring 2023 Report. 9.19.5. Principal Manufacturer Must Be Named The Top Overall Mdr Solution By G2 In Their Winter 2023 Report. 9.19.6. Principal Manufacturer Must Not Have Had Any Major Incident That Resulted In Significant Downtime. 10. General Contract Conditions In Addition To Relevant Provisions Of R.a. 9184, The Following Shall Be Considered Additional Contract Conditions: 10.1. Contract Documents The Complete Contract Between The Contractor And The Up Manila Includes The Following Documents As Applicable: The Advertisement For Bids, The Complete Request For Proposal (or This Terms Of Reference), The Bid Of The Contractor And Its Acceptance By The Up Manila, The Contractor’s Bid Bond, The Contract And All Amendments Thereto. Any Of These Documents Shall Be Interpreted To Include All Provisions Of Other Documents As Though Fully Set Forth Therein. 10.2. Liquidated Damages Time Is Of The Essence For Completion Of This Project. It Would Be Difficult Or Impractical To Determine Actual Damages Arising From The Contractor’s Failure To Complete The Service Within The Specified Installation Time. Therefore, If Through No Fault Of The Up Manila, The Contractor Fails To Complete The Installation Within The Period Specified In The Contract, Then The Contractor Shall Pay The Up Manila Liquidated Damages Computed In Accordance With The Provisions Of R.a. 9184. Liquidated Damages May Be Deducted By The Up Manila From Monies Due The Contractor Under The Contract. 10.3. Contract Period This Agreement Shall Remain In Effect During The License Period Unless Otherwise Pre-terminated By Either Party In Writing Thirty (30) Days Prior To Expiry Of This Agreement. This Agreement May Be Extended At The Option Of The Client, Or Renewed For An Additional Period Subject To Terms Mutually Agreeable To Both Parties Subject To R.a. 9184. 10.4. Termination For Cause Either Party May Terminate This Agreement For Cause As Follows: Upon Providing Written Notice To The Other Party If The Other Party Breaches Any Material Term Or Condition Of This Agreement And Such Breach Remains Uncorrected For Thirty (30) Days Following The Written Notice From The Non-breaching Party Specifying The Breach; Or By Providing Written Notice To The Other Party At Any Time If The Other Party (a) Terminates Or Suspends Its Business; (b) Becomes Subject To Any Bankruptcy Or Insolvency; (c) Becomes Insolvent Or Subject To Direct Control By A Trustee, Receiver Or Similar Authority; Or (d) Has Wound Up Or Liquidated, Voluntarily Or Otherwise. 10.5. Effect Of Termination In The Event Of Termination Of This Agreement For Any Reason: The Client Shall Remain Liable To Provider For All Service Fees Accrued Prior To Such Termination. The Provisions Of Data Privacy And Confidentiality Shall Survive The Termination Of This Agreement. 10.6. Basis Of Award The Evaluation Of The Bids And Proposals And Ultimately The Vendor Award Is Based On The Technical Specifications, And The Terms And Conditions. The Lowest Calculated And Responsive Bid That Meet All Technical Specifications, And The Terms And Conditions Will Be Selected In Accordance With R.a. 9184. 10.7. Confidentiality Provider Agrees That It Is Absolutely Prohibited To Disclose, Release, Sell Information, Or Allow Other Parties To Obtain A Copy Of Any Data From The System For Any Purpose Other Than That Permitted Or As Required By Law. 10.8. Data Ownership Provider Agrees That All The Client’s Data That Are In Provider’s Care Or Custody Are Rightfully Owned By The Client Even After The Termination Of This Agreement. Upon Termination Or Expiration Of The Agreement, Provider Shall Turn Over All Data To The Client And Destroy And Not Retain Any Copy Thereof.