Lee College District Purchasing Dept. Sealed Solicitation
Title: Information Security Operations Center (ISOC)
Deadline: 10/20/2022 10:00 AM (UTC-06:00) Central Time (US & Canada)
Status: Deadline Expired
Solicitation Number: RFP #221020-01
Description: Lee College is seeking an Information Security Operations Center (ISOC) team of IT security professionals to protect the organization by monitoring, detecting, analyzing, and investigating cyber threats 24/7/365 for ongoing operational support of Lee College Information Security. Lee College seeks responses from qualified companies in order to procure a 24/7/365 SOC Next Generation Security Operations Center as part of its strategic initiative to build strong proactive measures to detect and respond to security incidents and cyber threats and risks. We are requesting vendors to present their service offerings to monitor the campus from advanced persistent threats, managed detection and response (MDR), endpoint detection and response (EDR), Web Application Firewall (WAF) services, Next Generation Firewall services against malware and phishing, security information and event management (SIEM) as well as cloud detection and response capabilities. We seek prospective vendors to present their service offerings for a trusted and actionable intelligence solutions, security monitoring and device management, risk and compliance and incident response services including digital forensics and Darknet Intelligence monitoring and assessment and to mitigate against threats to the campus Data Center Network.
Documents:
| Documents as of 9/22/2022 |
|---|
| Login to view documents |
Question 1
Posted: 9/28/2022
Question: How many total devices to monitor are covered in this contract?
Response: Monitor all critical devices according to industry standards best practices.
Question 2
Posted: 9/28/2022
Question: How many end-points do Lee College have i.e. desktops, laptops, etc?
Response: Currently, a combined total of 2,500 for Lee College Main Campus (Baytown, TX), Liberty Education Center (Liberty, TX), McNair Education Center (Baytown, TX) and Huntsville Education Center (Huntsville, TX)
Question 3
Posted: 9/28/2022
Question: How many network devices do Lee College have including switches, routers, etc?
Response: 85 - 95
Question 4
Posted: 9/28/2022
Question: What do Lee College use for EDR solution?
Response: Watchpoint, Malwarebytes, Barracuda
Question 5
Posted: 9/28/2022
Question: What do Lee College use for email i.e. O365, Google, etc?
Response: O365
Question 6
Posted: 9/28/2022
Question: What is the size of Lee College's IT security team?
Response: A single position which is currently open pending replacement of full-time security analyst.
Question 7
Posted: 9/28/2022
Question: Will Chief Information Security Officer (CISO) at Lee College will serve as the contract administrator for this contract?
Response: CIO/CISO
Question 8
Posted: 9/28/2022
Question: Are all Lee College's devices needing to be monitored, located centrally or geographically distributed?
Response: Centrally and Geographically distributed.
Question 9
Posted: 9/28/2022
Question: What cloud services require monitoring under this contract?
Response: O365, Azure, Blackboard Learn SaaS
Question 10
Posted: 9/28/2022
Question: Is Lee College currently using a SOC solution? If yes, please provide the details.
Response: No overall SOC solution.
Question 11
Posted: 9/28/2022
Question: Is there any budget aligned with this project?
Response: Yes
Question 12
Posted: 9/28/2022
Question: What is the timeline to Go-Live for this project?
Response: December, 2022
Question 13
Posted: 9/28/2022
Question: What is the makeup of the evaluation committee at Lee College?
Response: I.T./Staff/Faculty
Question 14
Posted: 9/29/2022
Question: Can we get the inventory count for: · Servers · Workstations/laptops · Firewalls / Total number of network devices · MDM for phones/Tablets · Any idea on daily log file ingest size? - Other App's they want to monitor - Total employee count - Total number of IP’s - Total asset inventory count
Response: The department answered as follows, but also requests more clarity on the information you are requesting. Servers · Hyper-converged 56 physical/99 virtual Workstations/laptops - 2,000 - 2,500 Firewalls - 5 Total number of network devices MDM for phones/Tablets: Clarify Any idea on daily log file ingest size? Clarify Other App's they want to monitor: Malwarebytes Total employee count? 861 Total number of IP’s: Clarify external IP's or internal IP's. 11,000 Total asset inventory count: Clarify
Question 15
Posted: 9/29/2022
Question:
Response: N/A No question was submitted.
Question 16
Posted: 9/29/2022
Question: What are you using for vulnerability scanning and management? Are you looking to change?
Response: Annual Third-party vulnerability scanning and management. We will accept recommendations.
Question 17
Posted: 9/29/2022
Question: Retention policy for log files
Response: 12 months.
Question 18
Posted: 9/29/2022
Question: How long does Lee College need us to retain the log files? Standard is 12 months.
Response: The standard 12 months.
Question 19
Posted: 9/30/2022
Question: Do you use an MDM to manage phones and tables? Such as Intune? How large are the log files are?
Response: We do not manage mobile phones and tablets and therefore no log files exist for mobile phones.
Question 20
Posted: 10/4/2022
Question: On RFP page 5, it mentioned a #2 publication. However, we couldn't locate it online. Will the #2 RFP be released in Vendor Registry or could you provide us the link to it?
Response: The references regarding publications on page 5 are the dates in which the Legal notice is advertised to the public in our local newspaper.
Question 21
Posted: 10/6/2022
Question: Can we please get a list of vendors that already exist in the environment this will help gauge LOE for installation and configuration of SIEM tools.
Response: A comprehensive list is not available.
Question 22
Posted: 10/6/2022
Question: 1. It is mentioned that the products “managed detection and response (MDR), endpoint detection and response (EDR), Web Application Firewall (WAF) services, Next Generation Firewall services against malware and phishing, security information and event management (SIEM) as well as cloud detection and response capabilities. Which if these products already exist within the environment, need replacing and or should be part of the proposal for purchasing? 2. For any products that we are to propose from question 1 does Lee College prefer any vendors?
Response: 1. EDR, WAF and Next Generation Firewall services currently exist in the environment and Barracuda Spam Filter. 2. No preference.
Question 23
Posted: 10/6/2022
Question: Is there currently an incumbent company or previous incumbent, who completed a similar contract performing these services? If so - are they eligible to bid on this project and can you please provide the incumbent contract number, dollar value, and period of performance?
Response: There are no current or past incumbent companies.
Question 24
Posted: 10/6/2022
Question: How much (%) of the infrastructure is in cloud?
Response: Approximately 50%
Question 25
Posted: 10/6/2022
Question: In the IT department/environment, how many employees work?
Response: The Lee College IT department consists of 20 employees.
Question 26
Posted: 10/6/2022
Question: Do you manage your own data Center, or do you utilize any 3rd-party/colocation facilities?
Response: On premise Data Center is managed on site.
Question 27
Posted: 10/6/2022
Question: Can you provide the number of the security devices and other log sources to be monitored per the categories listed below? Just need the Device Qty for each. Endpoint • Number of endpoints? • Count of Windows/Mac/Linux Desktops/servers (rough)? Network • Number of ingress/Egress Points • Type of media connectivity • Average and Max Mbps at each Ingress/Egress point • High Level network diagram, if available Email • How many mailboxes? • Are you currently using Office 365? If so are you using EOP/ATP? Current and projected number of users. • How many network users (at a workstation most of the day)? • How many users are not on the network most of the day, but authenticate with a domain controller (such as remote workers, maintenance staff, etc)? Servers/Desktops • Windows Servers - HIGH EPS (~50 eps) • Windows Servers - Low EPS (~2 eps) • Windows Workstations (5 / 1k users) • Windows AD Servers • Linux Servers • DNS (enter # per 1000 users) Network Infrastructure (# of devices) • Routers • Switches (netflow not supported) • Wireless LAN • Network Load-Balancers • WAN Accelerator • Other Network Devices Security Infrastructure • Firewall - Internet (Enter # in 1000's of users) • Network Firewalls (Partner / extranets) • Network Firewalls (DMZ) • Network IPS/IDS • Network VPN - Enter # in 100's of users • Email AntiSpam - Enter # in 100's of users • Network Web Proxy (enter # in 100's of users) • Other Security Devices Applications (Device count assumed with numbers above) • Web Servers (IIS, Apache, Tomcat) • Database (MSSQL, Oracle, Sybase - indicate # of instances) • Email Servers (Enter # in 1000's of users) • AntiVirus Server (Enter # in 1000's of users) • Other Applications (Email, DB, AV, etc)
Response: Please see other questions and their responses for this information.
Question 28
Posted: 10/6/2022
Question: Is there a funding/financial/budget range estimated that can help us to provide a quotation for this project?
Response: A funding/financial/budget range estimate is currently not available.
Question 29
Posted: 10/6/2022
Question: Does the City want network activity monitored, or at least log monitoring?
Response: The college wants network activity monitoring. We currently are using PRTG.
Question 30
Posted: 10/6/2022
Question: What data is being considered for ingestion into any SIEM solution that the city is considering?
Response: We are considering a SIEM solution, but we do not have one at this time.
Question 31
Posted: 10/6/2022
Question: Can the collage break down its current # of endpoints by Operating System and specify whether they are using an existing EDR on them? Is it Microsoft Defender for the Endpoint (MDE)? If so, does the collage have the full license which vendor can use?
Response: Majority Operating System is Windows OS and a few MACs. We use both Microsoft Defender and Malwarebytes for EDR.
Question 32
Posted: 10/7/2022
Question: Would technologies/services in this proposal (EDR, MDR, WAF) be a replacement or managing what's already in place? Or a hybrid depending on the proposal?
Response: Supporting existing services and new services as part of the ISOC.
Question 33
Posted: 10/7/2022
Question: Is there a preference for this solution coming all from one vendor or from a vendor partnership?
Response: No preference.
Question 34
Posted: 10/7/2022
Question: What WAF and Next Gen Firewall providers are currently in place?
Response: See #70 for answer.
Question 35
Posted: 10/10/2022
Question: How many log sources do you have: What is the current SIEM in place? How many Firewalls? What vendors?
Response: we are reviewing SIEM options at this time, redundant firewalls, vendors previously answered.
Question 36
Posted: 10/10/2022
Question: Any Intrusion Detection System (IDS)/ Intrusion Detection Prevention (IPS)?
Response: Yes.
Question 37
Posted: 10/10/2022
Question: Any Web Application Firewalls (WAF)?
Response: Yes.
Question 38
Posted: 10/10/2022
Question: How many Servers: Windows? Linux? SQL?
Response: Previously answered. See other.
Question 39
Posted: 10/10/2022
Question: How many Flow Sources like routers/switches?
Response: Previously answered. See other.
Question 40
Posted: 10/10/2022
Question: Any Wireless Access Points (WAP)?
Response: Yes.
Question 41
Posted: 10/10/2022
Question: What Endpoint Detection & Response (EDR) solution is in place? How many endpoints are protected?
Response: Previously answered. See other.
Question 42
Posted: 10/10/2022
Question: What Email security solution is in place?
Response: Previously answered
Question 43
Posted: 10/10/2022
Question: Any File Integrity Monitoring (FIM)/Cloud Access Security Broker (CASB)? Cloud environments?
Response: No.
Question 44
Posted: 10/10/2022
Question: What Multi Factor Authentication (MFA) is in place?
Response: OneLogin
Question 45
Posted: 10/10/2022
Question: What Vulnerability Management solution is in place?
Response: 3rd party Vulnerability annual testing
Question 46
Posted: 10/10/2022
Question: Are you subscribed to any Threat Intelligence services, and if so which ones?
Response: Yes.
Question 47
Posted: 10/10/2022
Question: Is there any automation required like automated Firewall Security Policy blocking?
Response: Yes.
Question 48
Posted: 10/10/2022
Question: Many sites are there? One main, and how many hub/satellite sites? What size connections do the sites have to each other? Will an All in One (AiO) solution or Distributed Deployment (DD) be required?
Response: 1 main campus and 3 educational centers. All sites have connections to the main campus.
Question 49
Posted: 10/10/2022
Question: Are they subject to any compliance standards?
Response: Yes, state and federal compliance. TAC202, HIPPA, FERPA, etc.
Question 50
Posted: 10/10/2022
Question: What are their main security concerns within their environment? Are there any specific use cases they have in mind?
Response: Security Operations Center. We have no specific use cases in mind.
Question 51
Posted: 10/11/2022
Question: Can we get the inventory count for: Servers · Workstations/laptops be monitored · Firewalls and Total number of network devices · Daily log file ingestion size?
Response: Workstation counts provided earlier. See #66.
Question 52
Posted: 10/11/2022
Question: Other App's you all want to monitor?
Response: Under evaluation
Question 53
Posted: 10/11/2022
Question: otal employee count (RFP mentions 2800 approx employees, we need exact number) Total number of IP’s?
Response: Total number of employees is approximately 850 to 900. As far as IPs private or public or ones to be monitored.
Question 54
Posted: 10/11/2022
Question: s Azure the only cloud platform being utilized? How many O365 accounts?
Response: No. 10,000 to 15,000 – In addition, several 3rd party cloud applications.
Question 55
Posted: 10/11/2022
Question: What is your expected Retention policy for log files Will we need to have someone on Prem? Do you need an IR team? in case of an incident?
Response: Remote Team must be deployed re: incidents, etc.
Question 56
Posted: 10/11/2022
Question: Under "Minimum Requirements for All Insurers" (page 18 and 19 of RFP), do items 6 and 7 apply to this RFP?
Response: Those requirements are usually just for construction projects.
Question 57
Posted: 10/11/2022
Question: 1. What is the total number of employees that access the network?
Response: Around 800 to 900.
Question 58
Posted: 10/11/2022
Question: Does the Lee College segment the student network from employee/production network? If Yes, Is intra-VLAN access permitted? If Yes, Is intra-VLAN access controlled by security devices (e.g., Firewall)?
Response: Staff and student Active directory domains. Intra-VLAN access is permitted. Not controlled by security devices.
Question 59
Posted: 10/11/2022
Question: Does Lee College need to monitor the student network with SOC/SEIM solution?
Response: Yes
Question 60
Posted: 10/11/2022
Question: Does Lee College prefer to purchase a SEIM or have SEIM capabilities as a part of the SOC services?
Response: We are currently in discussions regarding SIEM prior to the ISCO services.
Question 61
Posted: 10/11/2022
Question: 1. Lee College Total number of users? Faculty, Staff, Students?
Response: 18,000
Question 62
Posted: 10/11/2022
Question: 3. Total number of firewalls: a. Make and model (if possible)
Response: 5 firewalls One HA pair, One stand alone and two only traffic shaping
Question 63
Posted: 10/11/2022
Question: 2. Total number of physical and virtual servers. a. By operating system i. Windows ii. Linux iii. Hypervisor (VMWare, MS HyperV, etc…)
Response: Three- Hyper-V clusters. Two - VMware host. 2500 Win, 200 Mac, no Linux Desktosp, servers 230 56 physical and 99 virtual servers
Question 64
Posted: 10/11/2022
Question: 4. Security technologies or hardware: a. Web filtering b. NAC
Response: Repeat question - Answer is same as #70.
Question 65
Posted: 10/11/2022
Question: 6. What Microsoft O365 license does the college have (i.e.: E3, E5, etc…)
Response: Azure Active Directory P1, A1, A2, A3, E2
Question 66
Posted: 10/11/2022
Question: 7. Does Lee College have Microsoft Sentinel?
Response: NO
Question 67
Posted: 10/11/2022
Question: 4. Security technologies or hardware that Lee College has in its environment: ex: a. Web filtering b. NAC
Response: Palo Alto Firewall, Cryptostopper, Kemp WAF, Netwrix, Malwarebytes, etc.
Posted: 9/28/2022
Question: How many total devices to monitor are covered in this contract?
Response: Monitor all critical devices according to industry standards best practices.
Posted: 9/28/2022
Question: How many end-points do Lee College have i.e. desktops, laptops, etc?
Response: Currently, a combined total of 2,500 for Lee College Main Campus (Baytown, TX), Liberty Education Center (Liberty, TX), McNair Education Center (Baytown, TX) and Huntsville Education Center (Huntsville, TX)
Posted: 9/28/2022
Question: How many network devices do Lee College have including switches, routers, etc?
Response: 85 - 95
Posted: 9/28/2022
Question: What do Lee College use for EDR solution?
Response: Watchpoint, Malwarebytes, Barracuda
Posted: 9/28/2022
Question: What do Lee College use for email i.e. O365, Google, etc?
Response: O365
Posted: 9/28/2022
Question: What is the size of Lee College's IT security team?
Response: A single position which is currently open pending replacement of full-time security analyst.
Posted: 9/28/2022
Question: Will Chief Information Security Officer (CISO) at Lee College will serve as the contract administrator for this contract?
Response: CIO/CISO
Posted: 9/28/2022
Question: Are all Lee College's devices needing to be monitored, located centrally or geographically distributed?
Response: Centrally and Geographically distributed.
Posted: 9/28/2022
Question: What cloud services require monitoring under this contract?
Response: O365, Azure, Blackboard Learn SaaS
Posted: 9/28/2022
Question: Is Lee College currently using a SOC solution? If yes, please provide the details.
Response: No overall SOC solution.
Posted: 9/28/2022
Question: Is there any budget aligned with this project?
Response: Yes
Posted: 9/28/2022
Question: What is the timeline to Go-Live for this project?
Response: December, 2022
Posted: 9/28/2022
Question: What is the makeup of the evaluation committee at Lee College?
Response: I.T./Staff/Faculty
Posted: 9/29/2022
Question: Can we get the inventory count for: · Servers · Workstations/laptops · Firewalls / Total number of network devices · MDM for phones/Tablets · Any idea on daily log file ingest size? - Other App's they want to monitor - Total employee count - Total number of IP’s - Total asset inventory count
Response: The department answered as follows, but also requests more clarity on the information you are requesting. Servers · Hyper-converged 56 physical/99 virtual Workstations/laptops - 2,000 - 2,500 Firewalls - 5 Total number of network devices MDM for phones/Tablets: Clarify Any idea on daily log file ingest size? Clarify Other App's they want to monitor: Malwarebytes Total employee count? 861 Total number of IP’s: Clarify external IP's or internal IP's. 11,000 Total asset inventory count: Clarify
Posted: 9/29/2022
Question:
Response: N/A No question was submitted.
Posted: 9/29/2022
Question: What are you using for vulnerability scanning and management? Are you looking to change?
Response: Annual Third-party vulnerability scanning and management. We will accept recommendations.
Posted: 9/29/2022
Question: Retention policy for log files
Response: 12 months.
Posted: 9/29/2022
Question: How long does Lee College need us to retain the log files? Standard is 12 months.
Response: The standard 12 months.
Posted: 9/30/2022
Question: Do you use an MDM to manage phones and tables? Such as Intune? How large are the log files are?
Response: We do not manage mobile phones and tablets and therefore no log files exist for mobile phones.
Posted: 10/4/2022
Question: On RFP page 5, it mentioned a #2 publication. However, we couldn't locate it online. Will the #2 RFP be released in Vendor Registry or could you provide us the link to it?
Response: The references regarding publications on page 5 are the dates in which the Legal notice is advertised to the public in our local newspaper.
Posted: 10/6/2022
Question: Can we please get a list of vendors that already exist in the environment this will help gauge LOE for installation and configuration of SIEM tools.
Response: A comprehensive list is not available.
Posted: 10/6/2022
Question: 1. It is mentioned that the products “managed detection and response (MDR), endpoint detection and response (EDR), Web Application Firewall (WAF) services, Next Generation Firewall services against malware and phishing, security information and event management (SIEM) as well as cloud detection and response capabilities. Which if these products already exist within the environment, need replacing and or should be part of the proposal for purchasing? 2. For any products that we are to propose from question 1 does Lee College prefer any vendors?
Response: 1. EDR, WAF and Next Generation Firewall services currently exist in the environment and Barracuda Spam Filter. 2. No preference.
Posted: 10/6/2022
Question: Is there currently an incumbent company or previous incumbent, who completed a similar contract performing these services? If so - are they eligible to bid on this project and can you please provide the incumbent contract number, dollar value, and period of performance?
Response: There are no current or past incumbent companies.
Posted: 10/6/2022
Question: How much (%) of the infrastructure is in cloud?
Response: Approximately 50%
Posted: 10/6/2022
Question: In the IT department/environment, how many employees work?
Response: The Lee College IT department consists of 20 employees.
Posted: 10/6/2022
Question: Do you manage your own data Center, or do you utilize any 3rd-party/colocation facilities?
Response: On premise Data Center is managed on site.
Posted: 10/6/2022
Question: Can you provide the number of the security devices and other log sources to be monitored per the categories listed below? Just need the Device Qty for each. Endpoint • Number of endpoints? • Count of Windows/Mac/Linux Desktops/servers (rough)? Network • Number of ingress/Egress Points • Type of media connectivity • Average and Max Mbps at each Ingress/Egress point • High Level network diagram, if available Email • How many mailboxes? • Are you currently using Office 365? If so are you using EOP/ATP? Current and projected number of users. • How many network users (at a workstation most of the day)? • How many users are not on the network most of the day, but authenticate with a domain controller (such as remote workers, maintenance staff, etc)? Servers/Desktops • Windows Servers - HIGH EPS (~50 eps) • Windows Servers - Low EPS (~2 eps) • Windows Workstations (5 / 1k users) • Windows AD Servers • Linux Servers • DNS (enter # per 1000 users) Network Infrastructure (# of devices) • Routers • Switches (netflow not supported) • Wireless LAN • Network Load-Balancers • WAN Accelerator • Other Network Devices Security Infrastructure • Firewall - Internet (Enter # in 1000's of users) • Network Firewalls (Partner / extranets) • Network Firewalls (DMZ) • Network IPS/IDS • Network VPN - Enter # in 100's of users • Email AntiSpam - Enter # in 100's of users • Network Web Proxy (enter # in 100's of users) • Other Security Devices Applications (Device count assumed with numbers above) • Web Servers (IIS, Apache, Tomcat) • Database (MSSQL, Oracle, Sybase - indicate # of instances) • Email Servers (Enter # in 1000's of users) • AntiVirus Server (Enter # in 1000's of users) • Other Applications (Email, DB, AV, etc)
Response: Please see other questions and their responses for this information.
Posted: 10/6/2022
Question: Is there a funding/financial/budget range estimated that can help us to provide a quotation for this project?
Response: A funding/financial/budget range estimate is currently not available.
Posted: 10/6/2022
Question: Does the City want network activity monitored, or at least log monitoring?
Response: The college wants network activity monitoring. We currently are using PRTG.
Posted: 10/6/2022
Question: What data is being considered for ingestion into any SIEM solution that the city is considering?
Response: We are considering a SIEM solution, but we do not have one at this time.
Posted: 10/6/2022
Question: Can the collage break down its current # of endpoints by Operating System and specify whether they are using an existing EDR on them? Is it Microsoft Defender for the Endpoint (MDE)? If so, does the collage have the full license which vendor can use?
Response: Majority Operating System is Windows OS and a few MACs. We use both Microsoft Defender and Malwarebytes for EDR.
Posted: 10/7/2022
Question: Would technologies/services in this proposal (EDR, MDR, WAF) be a replacement or managing what's already in place? Or a hybrid depending on the proposal?
Response: Supporting existing services and new services as part of the ISOC.
Posted: 10/7/2022
Question: Is there a preference for this solution coming all from one vendor or from a vendor partnership?
Response: No preference.
Posted: 10/7/2022
Question: What WAF and Next Gen Firewall providers are currently in place?
Response: See #70 for answer.
Posted: 10/10/2022
Question: How many log sources do you have: What is the current SIEM in place? How many Firewalls? What vendors?
Response: we are reviewing SIEM options at this time, redundant firewalls, vendors previously answered.
Posted: 10/10/2022
Question: Any Intrusion Detection System (IDS)/ Intrusion Detection Prevention (IPS)?
Response: Yes.
Posted: 10/10/2022
Question: Any Web Application Firewalls (WAF)?
Response: Yes.
Posted: 10/10/2022
Question: How many Servers: Windows? Linux? SQL?
Response: Previously answered. See other.
Posted: 10/10/2022
Question: How many Flow Sources like routers/switches?
Response: Previously answered. See other.
Posted: 10/10/2022
Question: Any Wireless Access Points (WAP)?
Response: Yes.
Posted: 10/10/2022
Question: What Endpoint Detection & Response (EDR) solution is in place? How many endpoints are protected?
Response: Previously answered. See other.
Posted: 10/10/2022
Question: What Email security solution is in place?
Response: Previously answered
Posted: 10/10/2022
Question: Any File Integrity Monitoring (FIM)/Cloud Access Security Broker (CASB)? Cloud environments?
Response: No.
Posted: 10/10/2022
Question: What Multi Factor Authentication (MFA) is in place?
Response: OneLogin
Posted: 10/10/2022
Question: What Vulnerability Management solution is in place?
Response: 3rd party Vulnerability annual testing
Posted: 10/10/2022
Question: Are you subscribed to any Threat Intelligence services, and if so which ones?
Response: Yes.
Posted: 10/10/2022
Question: Is there any automation required like automated Firewall Security Policy blocking?
Response: Yes.
Posted: 10/10/2022
Question: Many sites are there? One main, and how many hub/satellite sites? What size connections do the sites have to each other? Will an All in One (AiO) solution or Distributed Deployment (DD) be required?
Response: 1 main campus and 3 educational centers. All sites have connections to the main campus.
Posted: 10/10/2022
Question: Are they subject to any compliance standards?
Response: Yes, state and federal compliance. TAC202, HIPPA, FERPA, etc.
Posted: 10/10/2022
Question: What are their main security concerns within their environment? Are there any specific use cases they have in mind?
Response: Security Operations Center. We have no specific use cases in mind.
Posted: 10/11/2022
Question: Can we get the inventory count for: Servers · Workstations/laptops be monitored · Firewalls and Total number of network devices · Daily log file ingestion size?
Response: Workstation counts provided earlier. See #66.
Posted: 10/11/2022
Question: Other App's you all want to monitor?
Response: Under evaluation
Posted: 10/11/2022
Question: otal employee count (RFP mentions 2800 approx employees, we need exact number) Total number of IP’s?
Response: Total number of employees is approximately 850 to 900. As far as IPs private or public or ones to be monitored.
Posted: 10/11/2022
Question: s Azure the only cloud platform being utilized? How many O365 accounts?
Response: No. 10,000 to 15,000 – In addition, several 3rd party cloud applications.
Posted: 10/11/2022
Question: What is your expected Retention policy for log files Will we need to have someone on Prem? Do you need an IR team? in case of an incident?
Response: Remote Team must be deployed re: incidents, etc.
Posted: 10/11/2022
Question: Under "Minimum Requirements for All Insurers" (page 18 and 19 of RFP), do items 6 and 7 apply to this RFP?
Response: Those requirements are usually just for construction projects.
Posted: 10/11/2022
Question: 1. What is the total number of employees that access the network?
Response: Around 800 to 900.
Posted: 10/11/2022
Question: Does the Lee College segment the student network from employee/production network? If Yes, Is intra-VLAN access permitted? If Yes, Is intra-VLAN access controlled by security devices (e.g., Firewall)?
Response: Staff and student Active directory domains. Intra-VLAN access is permitted. Not controlled by security devices.
Posted: 10/11/2022
Question: Does Lee College need to monitor the student network with SOC/SEIM solution?
Response: Yes
Posted: 10/11/2022
Question: Does Lee College prefer to purchase a SEIM or have SEIM capabilities as a part of the SOC services?
Response: We are currently in discussions regarding SIEM prior to the ISCO services.
Posted: 10/11/2022
Question: 1. Lee College Total number of users? Faculty, Staff, Students?
Response: 18,000
Posted: 10/11/2022
Question: 3. Total number of firewalls: a. Make and model (if possible)
Response: 5 firewalls One HA pair, One stand alone and two only traffic shaping
Posted: 10/11/2022
Question: 2. Total number of physical and virtual servers. a. By operating system i. Windows ii. Linux iii. Hypervisor (VMWare, MS HyperV, etc…)
Response: Three- Hyper-V clusters. Two - VMware host. 2500 Win, 200 Mac, no Linux Desktosp, servers 230 56 physical and 99 virtual servers
Posted: 10/11/2022
Question: 4. Security technologies or hardware: a. Web filtering b. NAC
Response: Repeat question - Answer is same as #70.
Posted: 10/11/2022
Question: 6. What Microsoft O365 license does the college have (i.e.: E3, E5, etc…)
Response: Azure Active Directory P1, A1, A2, A3, E2
Posted: 10/11/2022
Question: 7. Does Lee College have Microsoft Sentinel?
Response: NO
Posted: 10/11/2022
Question: 4. Security technologies or hardware that Lee College has in its environment: ex: a. Web filtering b. NAC
Response: Palo Alto Firewall, Cryptostopper, Kemp WAF, Netwrix, Malwarebytes, etc.