Department of Foreign Affairs and Trade

Technical Security Product Evaluations and Selections


Important dates

Opportunity ID
1295
Published
Thursday 10 May 2018
Deadline for asking questions
Monday 14 May 2018 at 6PM (in Canberra)
Closing date for applications
Thursday 17 May 2018 at 6PM (in Canberra)

Overview

Write a summary of your brief

DFAT would like a vendor to undertake a market and technical evaluation and provide recommendations of openly available information for determining best of bried security tool capabilities.

What is the latest start date?
21/05/2018
How long is the contract?

Conclude 30 June 2018

Where can the work take place?
Offsite
Who will the specialist work for?
Department of Foreign Affairs and Trade
Budget range

$100,000 to $150, 000 AUD ex GST

About the work

Why is the work being done?

No single safeguard can protect against all possible attack scenarios, never mind that it’s unlikely to be able to deploy all available defence technologies, for obvious reasons. Hard choices must be made to prioritise the highest security yielding outcomes.

Investment in the commercial sector has accelerated, with contemporary advancements in user and entity behaviour analytics, active content disarming, transparent sandboxing/tar-pits and context inspection.

These innovations could be leveraged by the Department to support advanced monitoring of information flows and sensitive information assets.

Commercially, gateway services, secure email, secure data and data loss prevention, in recent times, has progressed significantly in response to changing malicious attack scenarios.

This is a key area of priority for DFAT.

The deployment of security specific services on gateways, points of inter-trust/disparate-trust/differing-trust networks, and points in the network for data exchange/cross domain, are driven by the following high level requirements:

• User Audit & Monitoring;

• Data Loss Prevention (DLP); and

• Digital hygiene (The detection and prevention of malware infection and propagation).

Deployment of Secure Gateway Services, secure email and firewalls necessitates that DFAT make technical selections to determine an appropriate technology stack which is right-sized to meet the our requirements.

Specifically, technologies must be able to operate within a disconnected environment, supported by offline patching/updates, easily integrate into existing IT Security monitoring and audit capabilities without significant additional FTE.

Effective processes, as well as adequate deployment and operations staffing, are also considerations.

Security Focused Technical Selections Required

Within a compressed timeframe, a range of technical product selections must be undertaken as part of the overall project.

This proposal seeks to invest in the commercial sector to leverage openly available information in generating technical selection reports.

These reports are a critical input into the High Level and Detailed Level Design process of Infrastructure projects, and shall be leveraged in the detailed design stages to inform purchasing decisions.

The proposal has a challenging timeframe - report delivery 30 June 2018

What's the key problem you need to solve?

(1) Secure Email Gateways (SEGs)

It is envisioned that SEGs could run standalone, multi-tiered hierarchy, or as an enterprise SEG between organisations at the same or disparate levels of trust.

Functional requirements of interest include:

i. Integrated Data Loss Prevention (DLP);

ii. Network sandboxing;

iii. Content disarm and reconstruction (CDR);

iv. email labelling;

v. email payload encryption for ECI enforcement;

vi. email auditing;

vii. advanced threat detection;

viii. post-delivery protection;

ix. context inspection, display name spoof, cousin domain and anomaly detection for advanced insider threat defence;

x. Policy driven configuration; and

xi. Minimal support and sustainment FTE impact.

(2) Network Edge/Border Firewall Security

Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multi-tiered DMZs, traditional "big firewall" data centre placements and the option to include virtual versions for the data centre.

Product and solution roadmaps should be able to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments, and potential future ability to support Google Cloud.

These products should be accompanied by highly scalable (and granular) management and reporting consoles, and a range of offerings to support the network edge, the data centre, branch offices, and deployments within virtualized servers and the public cloud.

All vendors in this market should support fine-grained application and user control some Software Defined Networking (SDN) support SDN roadmaps.

Identity based firewalling – object based discriminating and distinguishing factors for the enforcement of flow control.

Integrated Deep Packet Inspection (DPI) intrusion prevention, application identification and fine-grained user-based policy enforcement (the ability to enforce policy on large numbers of applications)

The ability to, without wholesale user impact and system performance, decrypt SSL and TLS web traffic with a rapid offline exceptions update process.

Support and continued roadmap development into virtualized firewall offerings is important, as is clean integration into SDN, SDWAN, east-west segmentation and object-based micro-segmentation with automated constructs for firewall policy orchestration in dynamic environments.

(3) Enterprise Data Loss Prevention

Solutions can provide remediation for data loss based on both content inspection and contextual analysis of data:

• At rest on-premises, or in cloud applications and cloud storage;

• In motion over the network; and

• In use on a managed endpoint device.

Enterprise DLP products can execute responses — ranging from simple notification to active blocking based on policy and rules defined to address the risk of inadvertent or accidental leaks, or exposure of sensitive data outside authorized channels.

Enterprise DLP products incorporate sophisticated detection techniques to help organizations address their most critical data protection requirements. Products are packaged in agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery. Leading characteristics of enterprise DLP products include a centralized management console, support for advanced policy definition, event management workflow and reporting. Enterprise DLP functions as a comprehensive system to discover sensitive data within an organization and mitigate the risk of its loss at the endpoints, in storage and over the network.

Describe the users and their needs

DFAT would like to know which security enforcement tool/product/capability is compliant with the discriminating High Level Requirements in addition to the non-funcitonal requirements so senior solution architectects within the department can make detailed design recommendations.

What work has already been done?

None to date.

Who will the work be done with?

None from DFAT, rather this is an evaluation for the available security enforcement tools/products/capabilities, from openly available information, best practices and performance/load testing.

Any additional relevant information?

Discriminating High Level Requirements:

Notwithstanding generic functional requirements that all secure gateway, secure email, network flow enforcement and DLP solutions should address, the following non-functional requirements need to be addressed.

These include:

• The product must not be dependent on cloud-based services for threat intelligence feeds, over-the-air updating/patching or phone-home;

• FTE sustainment – The tool should be as sustainable as possible within existing IT Security FTE resources (i.e. not requiring significant FTE increase);

• Extant compatibility & integration - The solutions should not conflict with other audit tools and provide an easy integration path;

• SIEM integration – The tool must integrate with existing SIEM technology investments; and

• Continued support for disconnected networks - The vendor’s future product roadmap must maintain a focus on the continued support of air-gapped environments

Deliverable:

Technical Assessment and Product Evaluation Report for each security function

Tasks:

i. Requirements Definition

ii. Requirements Validation

iii. Market Research

iv. Open Source technical validation

v. Vendor and product Shortlisting

vi. Paper-based Technical assessment

vii. Final Report"

What phase is the work in?
Discovery

Work setup

Where will the work take place?

Australia

What are the working arrangements?

Remote over the phone and email. Face-to-face not necessary, however is able to be accomodated if needed.

Is security clearance required?

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate sellers’ technical competence.

Essential skills and experience
  • Past Performance
  • Cyber Security Literacy
Nice-to-have skills and experience

How sellers will be evaluated

How many shortlisted sellers will you evaluate?
5
Proposal criteria
  • Technical solution
  • Approach and methodology
Cultural fit criteria
If a conflict of interest arises as a consequence of the evaluation it is incumbent on the seller to notify DFAT (i.e. partnership and reseller agreements).
Payment approach
Fixed price
Assessment methods
  • Written proposal
  • Work history
  • Reference
Evaluation weighting

Technical competence
70%

Cultural fit
0%

Price
30%

Seller questions

No questions have been asked or answered yet.

Interested in this opportunity?