RFP - Managed Cybersecurity Services

PROJECT OVERVIEW

Brunswick County is soliciting sealed proposals for Managed Cybersecurity Services.

Cybersecurity Services will augment the County’s existing IT Cybersecurity Staff. These services will provide daily administration, monitoring, reporting, and support for managed Security Information & Event Management (SIEM), Security Operation Center (SOC), Managed Detection & Response (MDR), Vulnerability Scanning, and Patching solutions. We invite qualified vendors to submit detailed proposals by April 7, 2025, at 5:00PM ET.

Download the complete RFP - Managed Security Services here

SCOPE OF WORK

Brunswick County has established the following desired objectives for this project. Any changes to the specifications or Scope of Work will be made in the form of an Addendum to this Request for Proposals and will be supplied to all known prospective vendors and posted on the Brunswick County website. Notwithstanding the foregoing, vendors will be responsible for ensuring that they have all addenda. Brunswick County may negotiate and refine the final Scope of Work with the selected vendor. Brunswick County reserves the right to negotiate additional services with the selected vendor at any time after the initial contract award. Services must be priced separately as Brunswick County may select one or more services to award and implement in its sole and absolute discretion.

Services

The vendor will provide a proposal for the following services:

SIEM

• Procure, provide, setup, support, tune, update, maintain, and fully manage a cloud-based Security Information & Event Management (SIEM) solution.

SIEM solution shall include, without limitation:

• Cloud-based, fully outsourced, SIEM solution including rule writing, report generation, alert generation, and incident workflow.
• A properly sized SIEM solution to support 90 days of “hot” log data and 275 additional days of “cold” storage.
• Must include ability for customer export of log data for additional cold storage requirements.
• Centralized authentication (e.g., SAML) with multi-factor support, event collection, parsing, storage, and retention.
• Correlation rule development, maintenance, and tuning.
• Threat intelligence feed integration, ingestion, parsing and policy configurations.
• Investigation of alerts, configuration of incident workflows, notifications, and solution orchestration.
• Reporting & metrics development.
• Ability for installation of software on customer endpoints.
• Real-time monitoring and maintenance of system health and performance.
• Ability to ingest log data from nearly any security or Information Technology.
• Ability to provide User and Entity Behavior Analytics (UEBA) to identify, triage, and alert on privileged account abuse, privilege escalation, data exfiltration, anomalous behavior, and credential compromise.
• Ability to perform analytics using AI (artificial intelligence) and/or ML (machine learning) to identify and triage, based on regression, classification, forecasting, clustering, and anomaly detection.

SIEM Setup and Operations:

• Full platform management of the cloud-based SIEM solution.
• Integration of all applicable data sources for Windows/syslog-based data sources.
• Ensure ingestion of appropriate Security Events.
• Integration of any applicable API.
• Installation, setup, tuning, and operation.
• Security architecture workshop – Initial and periodic.

SIEM Tuning and Baselining:

• Setup basic, pre-packaged SIEM alerts for the environment.
• Setup custom alerts applicable to the environment.
• Adjust rules and thresholds as applicable to the environment.

SOC

• Provide, manage, support, and operate a 24x7x365, US-based, Security Operation Center (SOC) to fully monitor and manage the SIEM solution.

Security response and Brunswick staff augmentation:

• Serve as an extension to Brunswick County Information Technology to provide threat analysis and triage, data collection and analysis of security events and cyber-attacks, review threat vectors, evaluate internal and external security breaches, determine scope of threats, suggest remediation tactics, remediate cyber threats, proactive threat-hunting, intrusion, and alarm analysis. Severe events will be escalated to Brunswick County Information Technology.
• Provide a timely response to all security events and threats.
  

Monitoring:

• Provide around-the-clock monitoring of networks, endpoints, applications, and security appliances to include incident detection and response, logs, alarms, events, and compliance reporting.

Investigation, incident management, and escalation:

• Provide 24x7x365 threat monitoring of the environment and include, at a minimum, any and all out-of-the-box security use cases in cloud (Azure) and on-premises environments.
• Provide cloud-based analytics and operations tools including real-time threat detection and response, risk management, monitoring and analysis, and threat intelligence.
• Investigate all initial security incidents identified, provide response to identified events, and track events to closure.
• Assess validity of security events, categorize, classify, eliminate, or reduce false-positives, and provide tailored, actionable alerts if events are to be escalated to Brunswick County Information Technology.
• Provide assessment and deeper insights into events, threats, vulnerabilities, and assess operational impact.
• Escalate as appropriate in accordance with the Service Level Agreements (“SLAs”).

• Provide periodic reports and metrics including event, incident, threat, and investigation metrics, Key Performance Indicators (KPIs) for assessment of technology effectiveness and efficiency, and recommendations for alert tuning and refinement.
• Provide annual organizational auditor response reports and support.
• Provide periodic security reviews of the environment to offer performance improvements of the SIEM platform and executive level overviews of the services performance.
• Provide regular guidance and recommendations to enhance the organization’s overall security posture.
• Provide incident tracking mechanism for security events which is also accessible by Brunswick County Information Technology.
• Provide security maturity periodic reporting for executive and Information Technology leadership.
• Provide regular compliance reporting including IRS 1075, HIPAA, CJIS, NIST, and PCI frameworks.

MDR

• Provide Managed Detection & Response (MDR) including monitoring of alerts, detecting Indicators of Compromise (IOCs) through the use of Brunswick County owned Endpoint Detection & Response (EDR)/Anti-virus.
• Provide Unified Attack Chain 24x7x365 continuous threat monitoring and Unified Kill Chain to detect, deny, disrupt, degrade, deceive, and contain threats in conjunction with Brunswick Information Technology staff. This should include strategies from the MITRE & ATT&CK methodologies.

Vulnerability Scanning & External Pen Testing

• Provide a vulnerability scanning solution for the purposes of regular internal scanning of endpoints. Provide regular reports to Brunswick County Information Technology on identified vulnerabilities and recommendations for remediation. Reports should be capable of detailing compliance with specific requirements such as IRS 1075, HIPAA, and PCI. Solution will identify known vulnerabilities in common endpoints such as workstations, servers, printers, switches, firewalls, access points and other networked equipment.
• External penetration testing will be performed on publicly available devices. Results will be provided to Brunswick County Information Technology on findings and recommendations for remediation.

Software Updates (Patching)

• Provide a software update (patching) solution to identify and distribute software updates to internal and external endpoints. Solution will list endpoint software versions and recommendations for updates. Updates will be applied after approval from Brunswick County Information Technology. Update installation will be automated where possible. Status of endpoint update installations and requirements will be available to Brunswick County Information Technology via regular reports and real-time reporting tools.

Templates and Documentation

• Provide through packages or hourly pricing, for documentation and policy development or review. Documentation may include templates for policy frameworks, knowledgebase articles, procedural documentation, or additional documentation as needed.

Vendors are expressly prohibited from contacting any Brunswick County official or employee regarding this Request for Proposals, except in the manner noted in this section. A violation of this provision is grounds for the immediate disqualification of the vendor.