Tender 10/ dated Reply to Pre-bid Queries
|
|
- Ross Preston Woods
- 5 years ago
- Views:
Transcription
1 Compliance Queries Suggested changes Reply Please specify if this is mandatory or Optional? 1 27/6.2 System should have capability to integrate with new/forthcoming network technologies such as it should have ready API for Software Defined Networking (SDN) / Application Centric Infrastructure (ACI) environment (Recommended) With the current technology trends and with growing adoption of SDN / NFV technologies; we recommend bank to consider the SDN integration and should Make it Mandatory. Also, this will ensure that all the proposed solution are comparable technically and commercially. We suggest to change this point from Recommended to Mandatory. 27/6.3 System should be compatible for integration with the existing Data Center Management and Orchestration devices/tools/systems. (optional) Please specify the current Management / Orchestration used by Bank. We suggest to have this clause as mandatory so that it will ensure all the proposed solution are comparable technically and commercially. We recommend to make this Mandatory. 2 Request you to change the clause as EAL 4 or more certification level /9.1 Device should be Common criteria certified at least EAL 3 or above 28/8.1 29/1 OEM should provide 50 Man Days direct Onsite support / assistance during installation at each location of the Bank. OEM is required provide 50 Man day support for implementation of the proposed security solution at each location separately. 1.4 Present license should be for 500 Mbps throughput and a minimum of 2 million 1.2 Device should have at least 8 x 1G copper Interfaces Should have at least 4 x 1G SFP fibre interfaces Request you to change the clause as EAL 4 or more certification level. to ensure the security device / software themselves are secured and robust to withstand any attacks. The Higher certification rating ensure the better level of Solution robustness. Current EAL level available from 1-7. EAL1: Functionally Tested; EAL2: Structurally Tested; EAL3: Methodically Tested and Checked; EAL4: Device should be Common criteria certified at least EAL 4 Methodically Designed, Tested and Reviewed. or above Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements.common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure. the numerical rating describing the depth and rigor of an evaluation. Each EAL corresponds to a package of security assurance requirements which covers the complete development of a product, with a given level of strictness. Please Clarify Bank is looking for a direct OEM resource at site to support or through SI. Please Clarify Bank is looking for a direct OEM resource at site to support or through SI. We request Bank to consider proposed DDoS device solution to be present in market for at least last 4-5 years. Additional Suggestion This is to ensure that the devices present in market have been present for some time and have customers using them rather then some new OEM coming up and suggesting their solution which might not be tested or proven. The ask for or simultaneous connections in a DDoS solution is absolutely not needed because this falls back on a stateful inspection and makes the DDoS appliance itself vulnuerable to state exhaustion attacks The ask for SFP is not industry standard and is very vendor specific. The fiber SFPs do not support built-in hardware bypass and creates a single point of failure in the DC Present license should be 500Mbps and the appliance must support stateless architecture Yes, Direct OEM Support. 50 Man days collectively for 2 locations Refer Qualification Criteria, Track Record of past installations The Appliance should be state aware. The appliance must support a mix of copper and fiber interfaces and these should support built-in Built-in or External copper and hardware bypass both on copper as well as on fiber. Fibre ports should support port level hardware bypass System should have High performance ASIC-based DoS-mitigation engine ensures that attack mitigation does not affect normal traffic processing and Maximum DDoS Flood Attack Prevention Rate up to 1 Million PPS 1.9 The device should support high availability. The 1Mpps of flood prevention rate is extremely low and the appliance will not be able to sustain in case of attack sizes going beyond this. These s are very low for an Enterprise level DC. The appliance must support maximum DDoS flood prevention rate of up to 8.5Mpps What kind of high availability is expected? Please elaborate the point, whether it's active /active or a cold standby etc. As per the standard Packet size and the bandwidth capacity of the link, attack rate upto 1 million PPS is the bank's requirement. the device should support both Active/Active and Cold Standby HA
2 Compliance Queries Suggested changes Reply Annexure A/page26 Annexure A/page System should support horizontal and vertical port scanning behavioral 3.17 System should Protect from Brute Force and dictionary attacks System should support prevention of anti-evasion mechanisms 3.29 System should support Intrusion Prevention from Known Attacks either on the appliance or through external appliance 4.6 System should support Outbound SSL Inspection for inspecting the outgoing encrypted traffic and should have capability to integrate with other security inspection solutions. Please elaborate this point. Does not have any relevance in the DDoS threat landscape These are intrusion techniques and not attack forms to compromise availability These are intrusion techniques and not attack forms to compromise availability This ask is very vendor specific and has no relevance in a DDoS architecture. In fact, if the IPS were to be integrated, it would put the DDoS architecture at risk. Please explain the necessity to inspect outbound SSL traffic, what is the resource that we are trying to protect and confirm it's availability Elaborated as follows Horizontal: Low and Slow attacks Vertical: Multi Vector attacks Removed. Removed. : The Solution should support Intrusion Prevention from Known Attacks. No change The Server/Node in the network should not be the part of attack campaign System should support Polymorphic Challenge-Response mechanism by default /without scripts 5.4 System should support DNS Challenge Response authentication : Passive Challenge, Active challenge Both by default /without scripts 6.2 System should have capability to integrate with new/forthcoming network technologies such as it should have ready API for Software Defined Networking (SDN) / Application Centric Infrastructure (ACI) environment integration. 6.3System should be compatible for integration with the existing Data Centre Management and Orchestration devices/tools/systems. (optional) 6.4 Proposed solution should have capability to integrate with existing security solutions (which are compatible only) with Bank in order to optimize the inspection performance. (Optional) 8.2 Bidder/OEM to provide support in real-time to the Bank who faces malware outbreak or emergency flood attack 8.5 Post Attack Forensics Analysis and Recommendations 8.6 Security Expert Service: After the customer notification the response SLA of the Security Expert should be within 10 min. And should be available to bank to handle attack situations 8.7 OEM should provide Quarterly Configuration Review and fine tuning of appliance should not be limited by duration / days of effort 8.8 OEM should provide monthly Security event report and should have option to customize as per Bank needs Please elaborate on this Different vendors adopt any one of the challenge mechanisms. Hence, it is requested to change this clause as suggested Extremely vendor specific The need for integration cannot be left open like this without defining the tools, instead focus on the protocols and keep them industry standard Please elaborate and define the systems Services can be provided through a certified partner customization needs to be defined and elaborated Please specify what kind of services. System should support DNS Challenge Response authentication : Passive Challenge or Active challenge The appliance must support notifications/integration via SNMP, SMTP, Syslog etc. This can be provided through a certified partner This service is typically available with cloud services and not applicable in an appliance deployment 8.7 OEM/bidder should provide Quarterly Configuration Review and fine tuning of appliance Refer information sources on Web for polymorphic challenge response mechanisms. Optional Direct Hotline with DDoS Security Experts is necessary for real-time attack mitigation. Certified Partner is also allowed. Details will be shared with successful bidder. 8.9 Direct Hot-Line Access: Bank should have direct Hot Line access to the Security team for the duration of the attack/campaign and should provide the Toll Free no. as Very vendor specific and not an industry standard. Support during an incident can be provided through TAC. part of RFP response Refer Serial No. 21
3 OEM should provide 50 Man Days direct Onsite support / assistance during installation at each location of the Bank. Compliance Queries Suggested changes Reply 8.10 OEM/Bidder should provide 50 Man Days OEM's do not directly work with customers but wok through their direct Onsite support / assistance during installation system integrators/vads and partners at each location of the Bank. 9.1 Device should be Common criteria certified at least EAL 3 or above Most of the industry DDoS appliances are at EAL2. In order not to be very vendor specific and to include other vendors, please see the recommended change Typically, 5 years of support is asked ( 3 + 2). Most of the industry Enterprise customers ask for a 5 year support post which a product refresh is discussed. Device should be Common criteria certified at least EAL 2 or above Kindly change the support clause to 5 years ( 3 years warranty + 2 years additional support) OEM should be involved in design and implementation of best practices of security. Annexure G1/page37 Post warranty, additional 3 years of support has been asked, making it 3 +3 The solution must be built on stateless analysis filtering engine. The solution must have built-in hardware bypass in all of its service (protection) interfaces, whether the media is Copper or The Hardware Security Module used for SSL/TLS inspection should support FIPS level 2 and level 3 certification. FIPS Additional points that should be considered The appliances must have dual power supplies for redundancy. The Solution must support the ability to enhance overall protection by integrating local protection with cloud-based DDoS services. Signaling to multiple servers within a cloud service provider should be supported. The system must support the ability to blacklist a host, country, domain, URL 13/9 The turnover of the company in the previous two financial years ( and ) We would request bank to amend clause as : - "The turnover of the company in the previous two financial years ( and should be more than Rs. 20 crores per year ) should be more than Rs. 50 crores per year." 13/9 In addition, it is required that the bidder should have executed one or more single order We would request bank to amend the clause as : - "In addition, it is required that the bidder should have executed one or of Rs.50 Lakhs or more in the immediate previous two years in India ( and more single order of Rs.1 crore Lakhs or more in the immediate previous two years in India ( and )." 16). 17/7a 18/7c 40 25/Annexure A /Annexure A /Annexure A /Annexure A /Annexure A The Bidder shall be responsible for delivery and installation of the DDoS protection We would request bank to amend clause as : - "The Bidder shall be responsible for delivery and installation of the DDoS appliances ordered at all the sites and for making them fully functional at no additional protection appliances ordered at all the sites and for making them fully functional at no additional charge within 6 weeks from charge within 4 weeks from the date of Delivery Instructions. The Bank reserves to itself the date of Delivery Instructions. The Bank reserves to itself the right to place release orders in phases depending upon the the right to place release orders in phases depending upon the project requirements. project requirements. The Bidder shall be responsible for immediate delivery of the DDoS protection appliances on receipt of The Bidder shall be responsible for immediate delivery of the DDoS protection appliances such release orders." on receipt of such release orders. The Bank will not arrange for any Road Permit/Sales Tax clearance for delivery of DDoS protection appliances to different locations and the Bidder is required to make its own arrangements for delivery of DDoS protection appliances to the locations as per the list of locations/sites provided from time to time by the Bank. However, the Bank will provide letters/certificate/authority to the Bidder, if required. In States where Road Permits are compulsory, delivery, installation must be completed within 5 weeks from the date of Delivery Instructions. Device should have at least 8 x 1G copper Interfaces Should have at least 4 x 1G SFP fibre interfaces System should have scalable inspection throughput of 500 Mbps scalable to 3 Gbps without additional hardware. Present license should be for 500 Mbps throughput and a minimum of 2 million System latency should be less than <80 microseconds and should be clearly documented in the data sheet. System should have High performance ASIC-based DoS-mitigation engine ensures that attack mitigation does not affect normal traffic processing and Maximum DDoS Flood Attack Prevention Rate up to 1 Million PPS We would request bank to amend clause as : - "The Bank will not arrange for any Road Permit/Sales Tax clearance for delivery of DDoS protection appliances to different locations and the Bidder is required to make its own arrangements for delivery of DDoS protection appliances to the locations as per the list of locations/sites provided from time to time by the Bank. However, the Bank will provide letters/certificate/authority to the Bidder, if required. In States where Road Permits are compulsory, delivery, installation must be completed within 7 weeks from the date of Delivery Instructions." The DDoS mitigation device should ideally have 10G fiber SFP+ ports to mitigate volumetric attacks. Maximise price/performance by utilizing the peak hardware capacity of the appliance especially for DDoS mitigation. The SSL CPS/TPS performance s are very low considering the scenarios of volumetric attacks. The lower capacity could exhaust the connection tables in no time. OEM specific. The DataSheet formats of OEMs could vary and is not standardized. The compliance could be provided in OEM letterhead instead. Also, OEMs who are not capable of performing SSL inspection on the same appliance might deploy separate SSL offload appliances which could further increase the latency. Hence the latency should ideally be for the overall solution and not specific to a single solution component. The PPS rating is very low considering the scalability to 3Gbps+ and 64B packet size, the system must be capable of supporting at least 6 million PPS. Device should have at least 4 x 1G Copper / Fiber SFP ports and at least 2 x 10G Fiber SFP+ ports System must be capable of scaling inspection throughput to 10 Gbps without additional hardware. Present license should be for at least 10Gbps throughput and a minimum of 20 million concurrent sessions Overall solution latency should be less than <80 microseconds. System should have High performance ASIC-based DoS-mitigation engine ensures that attack mitigation does not affect normal traffic processing and Maximum DDoS Flood Attack Prevention Rate up to 6 Million PPS Refer Serial No. 9
4 45 25/Annexure A Compliance Queries Suggested changes Reply The SSL CPS/TPS performance s are very low considering the SSL attack prevention Module/appliance System SSL attack prevention Module/appliance System should Mitigate encrypted attacks and scenarios of volumetric attacks. Maximise price/performance by utilizing should Mitigate encrypted attacks and should should have 3000 SSL CPS on day 1 and upgradable to 5000 SSL CPS with 2048 bit Key the peak hardware capacity of the appliance especially for DDoS support at least 20,000 SSL CPS/TPS with 2048 bit mitigation. Key from day 1 Fail-open or bypass is highly insecure as all traffic would hit servers directly and could bring down the services in the event of an attack. It is The proposed solution must have HA to ensure that not a good practice to fail open security devices.the fail-open there are no SPOF. architecture could be implemented using network bypass switch if HA is not provisioned /Annexure A System should Fail-Open or should bypass the traffic in case of Hardware failure 47 25/Annexure A //Annexure A System should support, In-Line, SPAN Port, Out-of-Path deployment modes by default without any extra license cost. Solution should be transparent to control protocol like MPLS and Q tagged VLAN environment. Also it should transparent to L2TP, GRE, IPinIP traffic. Inline is the best and most secure mode of protection where separate connections are initiated by the DDoS appliance post inspection ensuring the client requests does not hit the servers directly /Annexure A System should provide behavioral-dos protection using real-time signatures OEM specific. Real-time signatures have very high false positives /Annexure A System should Protect from Brute Force and dictionary attacks /Annexure A /Annexure A /Annexure A /Annexure A /Annexure A System should support Intrusion Prevention from Known Attacks either on the appliance or through external appliance System should have on device SSL/ out-of-path inspection from same OEM as of DDoS solution provider Proposed Solution should Protect against SSL & TLS-encrypted Attacks with an separate SSL Decryption module on device / out of Path Proposed solution should Protect against SSL & TLS-encrypted information leaks with a separate SSL Decryption module on device / out of Path Proposed Solution should provide protection for known attack tools that attack vulnerabilities in the SSL layer itself with a separate SSL Decryption module on device / out of Path CAPTCHA is an effective way of mitigating DDoS and the DDoS appliance must be capable of initiating CAPTCHA out of the box. Also, CSID helps with Bot identification and mitigation using Java Script challenge. DDOS and IPS are two different technologies and should not be combined in this RFP. Sending a DDoS attack through an IPS is a good way to take down the network. IPS in itself is a comprehensive security solution and if IPS is desired by the bank, we request bank to release a detailed RFP and not just one single requirement. This requirement is favouring particular OEM. Instead the device must be capable of integrating with best of breed security devices by providing high performance SSL visibility and service chaining based on security context /Annexure A System should have capability to integrate with SIEM solution What is the current SIEM deployed in the bank? 57 27/Annexure A System should be compatible for integration with the existing Data Centre Management and Orchestration devices/tools/systems. (optional) System should support the recommended In-Line deployment mode by default without any extra license cost. Other modes of deployment could be optional. OEM specific. What is the exact use case for this requirement? To be removed as it may not be a valid use case considering the possible solution deployment scenarios. What are existing Data Centre Management and Orchestration devices / tools / systems in the bank? System must be capable of providing DoS protection using data plane programmability / scripts. The solution should be transparent to all protocols. System should Protect from Brute Force and dictionary attacks and must be capable of initiating CAPTCHA challenge out of the box. The solution also must support Client Side Integrity Defenses to identify legitimate browsers and block bot attacks. System should support high performance SSL offload / visibility and ICAP service chaining with best of breed Intrusion Prevention and other security devices based on security context. System should support SS inspection on the same DDoS appliance. Proposed Solution should Protect against SSL & TLSencrypted Attacks on the same DDoS appliance. Proposed solution should Protect against SSL & TLSencrypted information leaks on the same DDoS appliance. Proposed Solution should provide protection for known attack tools that attack vulnerabilities in the SSL layer itself on the same DDoS appliance System should support High Speed Logging and integrate with leading SIEM solutions. Refer Serial No. 14 Current SIEM solution is ArcSight. Optional. The details shall be shared with successful bidder.
5 58 28/Annexure A Quoted OEM should have India TAC for local support 59 28/Annexure A Device should be Common criteria certified at least EAL 3 or above 60 Compliance Queries Suggested changes Reply System should have scalable inspection throughput of 500 Mbps scalable to 3Gbps without additional hardware. OEM specific. All leading OEMs provide SLA driven follow the sun model TAC assistance to ensure 24x7x365 coverage. ISO 9001:2008 ensures process standardization across all TACs to ensure high quality support. Quoted OEM should have 24x7x365 TAC support and must be ISO 9001:2008 certified Can this be changed to EAL2+ to accommodate all vendors in the DDOS Device should be Common criteria certified at least space as the EAL 3 certification process takes time? EAL 2 or above As per point 1.4, Bank wants present license to support 500 Mbps with 2 Million Concurrent Session, as banks plan to have scalable solution upto 3 Gbps Concurrent connection also needs to increase to accommodate increased traffic. It is recommended to increase the concurrent connection support also to 12 M To have a predictable costing license cost to upgrade from 500 Mbps to 3 Gbps should also be considered in financial evolution Refer Serial No Present license should be for 500 Mbps throughput and a minimum of 2 million As 10 Gbps is becoming standard for core networks, we recommend to increase performance to 10 Gbps throughput & 10 Gbps interface with 16 Million concurrent connections as this will also mitigate DDOS attacks originating from inside to outside and protect gateway devices 62 System should Fail-Open or should bypass the traffic in case of Hardware failure As DDOS Solution is an very critical solution & bank consider devices to be deployed are in HA. We highly recommended to not use Fail-Open or hardware bypass as incase of DDOS appliance hardware failure bank will be open to DDOS attack & DDOS traffic will pass through Network, Application & entire network will be open to DDOS attack. As solution is considered in HA incase device fails secondary device will takeover the traffic an bank will always be protected from DDOS attack. 63 System should support Multiple Segment protection minimum of 4 Segments. Segmentation is an IPS terminology. As DDOS device is to be deployed on perimeter level to protect the network from Internet network to protect Network, Application, Servers from Multi vector DDOS attack. All traffic coming inside the network from perimeter router i.e. from Internet would be passed through DDOS device. 64 Device should be Common criteria certified at least EAL 3 or above Segmentation should not be considered in DDOS Solution offering. To make the compliance more generic we recommend to change the clause to include EAL or equivalent 65 Qualification Criteria Point Number 8: The Oem/Bidder should provide proof of having sold 4 DDoS protection appliances which have been installed and working in any of the PSU/Bank/Financial Institution for the immediate previous two years ( and ) We hereby requests the bank to modify the clause as mentioned below: The OEM/Bidder should provide proof of having sold 4 DDoS protection appliances which have been installed and working in any of the PSU/Bank/Financial Institution/Enterprise Level Organization in the years ( to ) 66 Delivery and Implementation We hereby requests the bank to help us with 7 weeks for delivery and 3 weeks for implementation.
Corrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationSub : ADDENDUM/CORRIGENDUM for Request for Proposal for Providing Managed Networking Solutions using SDWAN Technology for ESIC Offices across India
EMPLOYEES STATE INSURANCE CORPORATION ESIC Hqrs. Extension office, Express Building, BSZ Marg, Ground Floor, New Delhi-02 VOIP No. 10011008/10011048 PH: 011-23701356, email: ac_icthq@esic.nic.in F. No.
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationFregata. DDoS Mitigation Solution. Technical Specifications & Datasheet 1G-5G
Fregata DDoS Mitigation Solution Technical Specifications & Datasheet 1G-5G Amidst fierce competition, your business cannot afford to slow down With HaltDos, you don t have to sacrifice productivity and
More informationRequest for Proposal (RFP) for setting up a Security Operations Centre (SOC), SIEM and Security Tools Implementation
BANK OF INDIA HEAD OFFICE INFOSEC CELL RFP for setting up a SOC, SIEM and Security Tools Implementation 16.12.2015 CORRIGENDUM 8 Request for Proposal (RFP) for setting up a Security Operations Centre (SOC),
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationDDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH
DDoS Protector Block Denial of Service attacks within seconds Simon Yu Senior Security Consultant CISSP-ISSAP, MBCS, CEH 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012
More informationSurat Smart City Development Ltd. Surat Municipal Corporation 1
Surat Smart City Development Ltd. Surat Municipal Corporation 1 Surat Smart City Development Limited (SSCDL) ADDENDUM AND CORRIGENDUM-1 Name of the work: - [SSCDL-Network-01-2018] The Bidders are requested
More information:- IDBI /PCELL/ RFP/
Sr. No RFP Page No Section / Clause/Para No Existing clause 1 6 Control Sheet Schedule for receipt of Bids: - 31 st March 2017 at 1600 Hrs. 2 6 Control Sheet Schedule for Opening of Technical Bids: 31
More informationA10 DDOS PROTECTION CLOUD
DATA SHEET A10 DDOS PROTECTION CLOUD A10 Networks provides full spectrum DDoS defenses. This includes multi-vector protection from attacks of any type to ensure the availability of enterprise business
More informationCisco SAN Analytics and SAN Telemetry Streaming
Cisco SAN Analytics and SAN Telemetry Streaming A deeper look at enterprise storage infrastructure The enterprise storage industry is going through a historic transformation. On one end, deep adoption
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationPalo Alto Networks PCNSE7 Exam
Volume: 96 Questions Question: 1 Which three function are found on the dataplane of a PA-5050? (Choose three) A. Protocol Decoder B. Dynamic routing C. Management D. Network Processing E. Signature Match
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationDDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud
SSL Orchestrator DDoS Hybrid Defender All-in-one solution designed to deliver increased visibility into encrypted traffic Comprehensive DDoS protection, tightly-integrated on-premises and cloud Converts
More informationAppliance Comparison Chart
Security Gateway Appliances 300 300 500 500 5400 5600 5800 5900 Branch Office Small Enterprise Mid-Size Enterprise Real-World Production Conditions Security 60 50 340 45 600 950 750 400 Firewall (Gbps)..
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More informationCORRIGENDUM. REQUEST FOR PROPOSAL FOR Supply, Installation and Maintenance of Appliance based SMS Gateway Solution DATE:
CORRIGENDUM REQUEST FOR PROPOSAL FOR Supply, Installation and Maintenance of Appliance based SMS Gateway Solution DATE: 02.12.2017 Ref: SBI/GITC/Platform Engineering-II/2017/2018/445 dated: 22/11/2017
More informationHP S1500 SSL Appliance. Product overview. Key features. Data sheet
HP S1500 SSL Appliance Data sheet Product overview The HP S1500 SSL Appliance provides hardware-accelerated Secure Sockets Layer (SSL) offloading and bridging to enable high-performance intrusion prevention
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationvendors valid for this tender? Does this include relevant certifications as well?
ADDITIONAL CONSOLIDATED LIST OF CLARIFICATION RAISED AND RESPONSES- TENDER NO. ICTA/NCB/01/2017-2018 SUPPLY, DELIVERY, INSTALLATION AND COMMISSIONING OF GOVERNMENT DATA CENTER UPGRADE S/NO. Requirement
More informationIntegrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution
Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution (Layer 3/4 and Layer 7) Delivering best-in-class network and web application security to the modern enterprise
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationWHITE PAPER Hybrid Approach to DDoS Mitigation
WHITE PAPER Hybrid Approach to DDoS Mitigation FIRST LINE OF DEFENSE Executive Summary As organizations consider options for DDoS mitigation, it is important to realize that the optimal solution is a hybrid
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationWar Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert
War Stories from the Cloud Going Behind the Web Security Headlines Emmanuel Mace Security Expert The leading cloud platform for enabling secure, high-performing user experiences on any device, anywhere.
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationSymantec Network Security 7100 Series
Symantec Network Security 7100 Series Proactive intrusion prevention device protects against known and unknown attacks to secure critical networks transition can be accomplished transparent to any network
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationAppliance Comparison Chart
Security Gateway Appliances 00 00 500 500 5400 5600 5800 5900 Branch Office Small Enterprise Mid-Size Enterprise Real-World Production Conditions Security 60 50 40 45 600 950 750 400 Firewall (Gbps)..
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationRequest for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )
Appendix 1 1st Tier Firewall The Solution shall be rack-mountable into standard 19-inch (482.6-mm) EIA rack. The firewall shall minimally support the following technologies and features: (a) Stateful inspection;
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017
ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS December 1, 2017 Table of Contents Oracle Managed Security Database Encryption Service for Oracle IaaS... 3 Oracle Managed Security Database
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationDDoS Detection&Mitigation: Radware Solution
DDoS Detection&Mitigation: Radware Solution Igor Urosevic Head of Technical Department SEE CCIE #26391 Ingram Micro Inc. 1 Agenda DDoS attack overview Main point of failures Key challenges today DDoS protection
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationReply to queries raised for Procurement of Bulk Services
1 2 3 4 3-3.2 (Eligibility Criteria for Bulk Email Services (OPEX Model) 3-3.3 (Eligibility Criteria for Bulk Email Services (OPEX Model) 4-4.2.3 (Scope of work for Bulk 4-4.2.4 (Scope of work for Bulk
More informationNovember 1, 2018, RP Provision of Managed Security Services on an Annual Contract ADDENDUM #2
November 1, 2018, RP029-18 Provision of Managed Security Services on an Annual Contract ADDENDUM #2 Please see the below summation of the technical questions and answers that have been received regarding
More informationNetwork Security Platform Overview
Quick Tour Revision B McAfee Network Security Platform 8.1 Network Security Platform Overview McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and
More informationNETWORK SECURITY STORMSHIELD. Unified Threat Management Solutions and Next- Generation Firewalls
NETWORK SECURITY STORMSHIELD NETWORK SECURITY Unified Threat Management Solutions and Next- Generation Firewalls Our Mission Make the digital world a sustainable and trustworthy environment while ensuring
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationWEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM
SECURITY ANALYTICS WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM BLAZING PERFORMANCE, HIGH AVAILABILITY AND ROBUST SECURITY FOR YOUR CRITICAL WEB APPLICATIONS OVERVIEW Webscale is a converged multi-cloud
More informationSERVICE DESCRIPTION MANAGED FIREWALL/VPN
Contents Service Overview.... 3 Key Features... 3 Service Features... 3 Responsibilities... 5 Additional Services.... 5 Implementation... 6 Validation... 6 Implementation Process.... 6 Customer Kick-Off...
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Alaa Abdulnabi. CISSP, CIRM RSA Pre-Sales Manager, TEAM Region 1 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web
More informationHuawei NIP2000/5000 Intrusion Prevention System
Huawei 2000/5000 Intrusion Prevention System Huawei series is designed for large- and medium-sized enterprises, industries, and carriers to defend against network threats and ensure proper operations of
More informationWHITE PAPER. Applying Software-Defined Security to the Branch Office
Applying Software-Defined Security to the Branch Office Branch Security Overview Increasingly, the branch or remote office is becoming a common entry point for cyber-attacks into the enterprise. Industry
More informationDECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT
DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT SUMMARY Industry Federal Government Use Case Prevent potentially obfuscated successful cyberattacks against federal agencies using
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationData Sheet. DPtech IPS2000 Series Intrusion Prevention System. Overview. Series IPS2000-MC-N. Features
Data Sheet DPtech IPS2000 Series DPtech IPS2000 Series Intrusion Prevention System Overview With the rapid development of network, application layer attacks emerge endlessly, such as worms, Trojan horses,
More informationMcAfee Network Security Platform
McAfee Network Security Platform A uniquely intelligent approach to network security McAfee Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated
More informationWhy IPS Devices and Firewalls Fail to Stop DDoS Threats
Arbor White Paper Why IPS Devices and Firewalls Fail to Stop DDoS Threats How to Protect Your Data Center s Availability About Arbor Networks Arbor Networks, Inc. is a leading provider of network security
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationUNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Provide cybersecurity and data protection for organizations,
More informationEFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE
SOLUTION BRIEF EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE Building effective, affordable and scalable DDoS defense, then monetizing investments with value added scrubbing
More informationMcAfee Network Security Platform
McAfee Network Security Platform 9.2 (Quick Tour) McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects and prevents
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationReal-time Communications Security and SDN
Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationUnderstanding Layer 2 Encryption
Understanding Layer 2 Encryption TECHNICAL WHITEPAPER Benefits of Layer 2 Encryption Lowest cost of ownership Better bandwith efficiency (up to 50%) Minimal ongoing maintenance routing updates transparent
More informationCopyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer
Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies
More informationINTELLAFLEX. Packet Aggregation Switching Solutions
INTELLAFLEX Packet Aggregation Switching Solutions APCON s scalable, high availability, network monitoring solutions increase tool efficiency for complete visibility of enterprise network traffic. Enterprise-Class
More informationEnterasys K-Series. Benefits. Product Overview. There is nothing more important than our customers. DATASHEET. Operational Efficiency.
DATASHEET Enterasys K-Series Product Overview The Enterasys K-Series is the most cost-effective, flow-based switching solution in the industry. Providing exceptional levels of automation, visibility and
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationOutwit Cyber Criminals with Comprehensive Malware and Exploit Protection.
Singtel Business Product Brochure Managed Advanced Threat Prevention Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection. As cyber criminals outwit businesses by employing ever-new
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationPulse Secure Application Delivery
DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,
More informationCisco s Appliance-based Content Security: IronPort and Web Security
Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved.
More informationNext-Generation Firewall Series Datasheet
RUIJIE NETWORKS COMPANY LIMITED www.ruijienetworks.com Ruijie 1600 Next-Generation Firewall Series Datasheet Ruijie 1600 Firewall Series is a collection of nextgeneration firewall offering security, routing
More informationPass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS
Pass4sure.500-285.42q Number: 500-285 Passing Score: 800 Time Limit: 120 min File Version: 6.1 Cisco 500-285 Securing Cisco Networks with Sourcefire IPS I'm quite happy to announce that I passed 500-285
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationMcAfee Network Security Platform
McAfee Network Security Platform A uniquely intelligent approach to network security McAfee Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationCisco FirePOWER 8000 Series Appliances
Data Sheet Cisco FirePOWER 8000 Series Appliances Product Overview Finding a network security appliance with exactly the right throughput, interface options, and threat protection for all the different
More informationF5 Synthesis Information Session. April, 2014
F5 Synthesis Information Session April, 2014 Agenda Welcome and Introduction to Customer Technology Challenges Software Defined Application Services Reference Architectures for Today s Customer Challenges
More informationSimplify Your Network Security with All-In-One Unified Threat Management
Singtel Business Product Factsheet Brochure Managed Defense Unified Services Management Simplify Your Network Security with All-In-One Unified Management Singtel Managed Unified Management (UTM) Services,
More informationEnterprise D/DoS Mitigation Solution offering
Enterprise D/DoS Mitigation Solution offering About the Domain TCS Enterprise Security and Risk Management (ESRM) offers full services play in security with integrated security solutions. ESRM s solution
More informationSmartWall Threat Defense System - NTD1100
SmartWall Threat Defense System - NTD1100 Key Benefits Robust, real-time security coverage Real-time Layer 3-7 mitigation against volumetric attacks for both IPv4 and IPv6 traffic. Industry- leading density,
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationThe Institute of Cost Accountants of India. Tender for supply and installation of 1 Nos 1U Rack Hardware mountable firewall at Delhi.
The Institute of Cost Accountants of India Tender for supply and installation of 1 Nos 1U Rack Hardware mountable firewall at Delhi Tender Document Table of Contents Chapter Description Page No. 1 Notice
More informationSONICWALL SECURITY HEALTH CHECK SERVICE
SonicWall Partner Service Overview SONICWALL SECURITY HEALTH CHECK SERVICE Ensure your SonicWall Investment is fully optimized to protect your network Overview The SonicWall Security Health Check Service
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationDriving Network Visibility
Flowmon Price List EUR Driving Network Visibility Flowmon Hardware Appliances... 2 Flowmon Virtual Appliances... 3 Flowmon Cloud... 3 Flowmon ADS Anomaly Detection System... 4 Flowmon DDoS Defender...
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More information