Annexure E Technical Bid Format

Similar documents
Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

Trend Micro OfficeScan XG

Seqrite Endpoint Security

Client Server Security3

Dynamic Datacenter Security Solidex, November 2009


Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

OfficeScanTM 10 For Enterprise and Medium Business

for businesses with more than 25 seats

Securing the Modern Data Center with Trend Micro Deep Security

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Sophos Central Admin. help

Corrigendum regarding Tender Document for providing three year licenses, installation, configuration, deployment,

SIEM Solution Integration With Control Manager


for businesses with more than 25 seats

Stopping Advanced Persistent Threats In Cloud and DataCenters

Sophos Central Admin. help


CounterACT Check Point Threat Prevention Module

Simple and Powerful Security for PCI DSS

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Symantec Protection Suite Add-On for Hosted Security

TREND MICRO. InterScan VirusWall 6. FTP and POP3 Configuration Guide. Integrated virus and spam protection for your Internet gateway.

Sophos Central Admin. help

What s New in Version 3.5 Table of Contents

Trend Micro OfficeScan Client User Guide

Carbon Black PCI Compliance Mapping Checklist

For Businesses with more than 25 seats.

Cisco s Appliance-based Content Security: IronPort and Web Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

McAfee Cloud Workload Security Product Guide


ForeScout Extended Module for Carbon Black

Get BitDefender Security for File Servers 2 Years 5 PCs computer new software download ]

MOVE AntiVirus page-level reference

Cracked BitDefender Security for File Servers 2 Years 55 PCs pc repair software for free ]

PCI DSS Compliance. White Paper Parallels Remote Application Server

User s Guide. SingNet Desktop Security Copyright 2010 F-Secure Corporation. All rights reserved.

Unified Networks Administration & Monitoring System Specifications : YM - IT. YM Unified Networks Administration & Monitoring System

ISO27001 Preparing your business with Snare

Document Part No. PPEM25975/ Protected by U.S. Patent No. 5,951,698


INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Free Download BitDefender Client Security 1 Year 50 PCs softwares download ]

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3

Item Brand & specification Quantity Remarks Antivirus software user Licenses for windows. McAfee Complete Endpoint Protection Business Suite (CEB)


Sophos Enterprise Console help. Product version: 5.5

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Trend Micro and IBM Security QRadar SIEM

Sophos Enterprise Console

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Sophos Enterprise Console Help. Product version: 5.3

Mcafee epo. Number: MA0-100 Passing Score: 800 Time Limit: 120 min File Version: 1.0

ESET Secure Business. Simple and Straightforward

Network VirusWall TM Enforcer Administrator's Guide

Get BitDefender Client Security 2 Years 30 PCs software suite ]

SentinelOne Technical Brief

Symantec Endpoint Protection Getting Started Guide

Endpoint Protection. ESET Endpoint Antivirus with award winning ESET NOD32 technology delivers superior detection power for your business.

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

A Comprehensive CyberSecurity Policy

Trend Micro Deep Security

Intrusion Prevention Signature Failures Symantec Endpoint Protection

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

McAfee Network Security Platform 9.1

Chapter 5: Configuring ServerProtect

McAfee Network Security Platform 8.3

McAfee Endpoint Security Threat Prevention Product Guide - Windows

Zemana Endpoint Security Administration Guide. Version

User Guide. Version R93. English

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Managing SonicWall Gateway Anti Virus Service

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Antivirus Solution Guide. NetApp Clustered Data ONTAP 8.2.1

Reporting User's Guide

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation


Getting over Ransomware - Plan your Strategy for more Advanced Threats

Small Office Security 2. Mail Anti-Virus

Siemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1.

Seqrite Antivirus for Server

KEEP YOUR BUSINESS SECURE WITH ESET. Proven. Trusted.

AccessEnforcer Version 4.0 Features List

During security audits, over 15,000 vulnerability assessments are made, scanning the network IP by IP.

GFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual

Cracked BitDefender Client Security 2 Years 20 PCs lowest price software ]

Quick Heal Microsoft Exchange Protection

EXECUTIVE REPORT 20 / 12 / 2006

Symantec Endpoint Protection

AS Stallion. Security for Virtual Server Environments. Urmas Püss

Agile Security Solutions

File Reputation Filtering and File Analysis


Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

McAfee Public Cloud Server Security Suite

ForeScout Extended Module for Symantec Endpoint Protection

Moving Beyond Prevention: Proactive Security with Integrity Monitoring

Transcription:

Annexure E Technical Bid Format ANTIVIRUS SOLUTION FOR MAIL SERVER SECURITY AND SERVER SECURITY FOR DESKTOP,LAPTOP Sr. No Description Compliance (Y/N) Remark 01 Must offer comprehensive client/server security by protecting enterprise networks from viruses, trojans, Ransomwares, worms, hackers, and network viruses, plus spyware and mixed threat attacks. 02 Must be able to reduce the risk of virus/malware entering the network by blocking files with real-time compressed executable files. 03 Must include capabilities for detecting and removing root kits 04 Must provide Real-time spyware/grayware scanning for file system to prevent or stop spyware execution 05 Must have capabilities to restore spyware/grayware if the spyware/grayware is deemed safe 06 Must clean computers of file-based and network viruses plus virus and worm remnants (Trojans, registry entries, viral files) through a fully-automated process 07 Terminating all known virus processes and threads in memory 08 Repairing the registry 09 Deleting any drop files created by viruses 10 Removing any Microsoft Windows services created by viruses 11 Restoring all files damaged by viruses 12 Includes Cleanup for Spyware, Adware etc 13 Must be capable of cleaning 1

viruses/malware even without the availability of virus cleanup components. Using a detected file as basis, it should be able to determine if the detected file has a corresponding process/service in memory and a registry entry, and then remove them altogether 14 Must provide Outbreak Prevention to limit/deny access to specific shared folders, block ports, and deny write access to specified files and folders on selected clients in case there is an outbreak 15 Behavior Monitoring 16 Must have behavior monitoring to restrict system behavior, keeping security-related processes always up and running 17 Must provide Real-time lock down of client configuration allow or prevent users from changing settings or unloading/uninstalling the software 18 Users with the scheduled scan privileges can postpone, skip, and stop Scheduled Scan. 19 CPU usage performance control during scanning 20 Checks the CPU usage level configured on the Web console and the actual CPU consumption on the computer 21 Adjusts the scanning speed if: The CPU usage level is Medium or Low, Actual CPU consumption exceeds a certain threshold 22 Should have a manual outbreak prevention feature that allows administrators to configure port blocking, block shared folder, and deny writes to files and folders manually 23 Should have Integrated spyware 2

protection and cleanup 24 Should have the capability to assign a client the privilege to act as a update agent for rest of the agents in the network 25 Shall be able to perform different scan Actions based on the virus type (Trojan/ Worm, Joke, Hoax, Virus, other) 26 Safeguards endpoint mail boxes by scanning incoming POP3 email and Outlook folders for Threats 27 shall be able to scan only those file types which are potential virus carriers (based on true file type) 28 Should be able to detect files packed using real-time compression algorithms as executable files 29 Solution should be able to manage both SaaS and on premise solution from the single management console 30 Client machine acting as update agent which is delivering pattern updates to rest of the machines in the LAN, should have the capability to upgrade program upgrades also. No separate web server should be required 31 Should have a provision for setting up a local reputation server so that for verifying reputation of any file, endpoints should not contact Internet always. 32 shall be able to scan Object Linking and Embedding (OLE) File 33 Should have a feature of scan cache based on digital signatures or ondemand scan cache 34 Solution should help identify the vulnerabilities and help them fix the by providing signature or rules for Windows XP, Windows 7,8,8.1 and above. 3

35 Solution should be able to Blocks known and unknown vulnerability exploits before patches are deployed 36 Solution should have enhanced scan feature which can identify and block ransomware program that runs on endpoints by identifying common behaviors and blocking processes commonly associated with ransomware programs. 37 Solution should have HIPS, Statefull firewall, Virtual Patching managed centrally 38 Should have a feature similar to Firewall Outbreak Monitor which sends a customized alert message to specified recipients when log counts from personal firewall, and/or network virus logs exceed certain thresholds, signaling a possible attack. 39 Must be able to send a customized notification message to specified Add-On Integrated DLP 01 Solution Should Protect sensitive data from unauthorized access and leakage from endpoint with the help of Antivirus Agent only. And also have focused on protecting the users from the external threat of data stealing malware. 02 Solution should have the ability to Immediately protect data by enabling Data Loss Prevention option in the same antivirus Server and Client using the administration console, directory, and user groups 03 Solution should provide real time visibility and control to Monitor, block, and report on the movement of sensitive data, with a real-time view of 4

endpoint status 04 Monitor, block, and report on the movement of sensitive data, with a realtime view of endpoint status 05 Should Monitor, report, or block all network channels such as email clients, FTP, HTTP, HTTPS, instant messaging, SMB and webmail in terms of Data Loss. Monitor only the transmissions outside the local area network or monitor all transmissions 06 Should also have application channel monitor which will help monitor, report, or block all system and application channels such as data recorders (CD/DVD), peer-to-peer applications, printers, removable storage, synchronization software and even the Microsoft Windows clipboard 07 Should have pre-defined templates for common compliance requirements such as HIPAA, PCI-DSS, US PII, SB-1386, GLBA 08 Should provide option to filter the content with low-impact filtering based on keywords, metadata and regular expressions. Build customized regex (regular expressions) to monitor and block specific data 09 Should provide option to customized regex (regular expressions) to monitor and block specific data 10 Must be able to send notifications whenever it detects a security risk on any client or during a security risk outbreak, via E-mail, Pager, SNMP trap or Windows NT Event log Mail Server Security 01 The Proposed solution should be deployable in SPAN/TAP, BCC and MTA 5

mode 02 The Proposed solution should be able to detect and analyze URLs which embedded in MS office and PDF attachments 03 The Proposed solution detect and analyze the URL direct link which point to a file on the mail body 04 The Proposed solution should be able to detect and analyzed the URL's in mail subject. 05 The proposed solution detect and analyze the URL in the email subject 06 The Proposed solution should have capabilities to perform scans using Reputation and Heuristic technologies to detect unknown threats and document exploits 07 The Proposed Solution should be able to detect known bad URL before sandboxing 08 The Proposed solution should be able to detect targeted Malwares 09 The Proposed solution should support memory dump scanning 10 The sandbox should be able to detect Disabling of security software agents 11 The sandbox should be able to detect connection to malicious network destinations 12 The sandbox should be able to detect behaviors like self-replication; infection of other files 13 The sandbox should be able to detect Dropping or downloading of executable files by documents 14 The sandbox should be able to detect modification of startup and other important system settings 15 The sandbox should be able to detect connection to unknown network 6

destinations; opening of ports 16 The sandbox should be able to detect unsigned executable files 17 The sandbox should be able to detect self-deletion of the malware 18 The proposed solution should be able to detects, downloads and analyzes files directly linked in the email message body. 19 The Proposed solution should be able to detect true file types. 20 The Proposed solution should have capabilities to detect Ramsomware using Decoy files on sandboxes 21 The Proposed solution should not have any limitation which require all attachments to be sent to sandbox, only suspicious attachments should be sent to sandbox for analysis 22 The Proposed solution should have an option for timeout/ release of an email, if the file analysis on the sandbox if over 20 mins. 23 The Proposed solution should support importing of custom passwords for archive files 24 The Proposed solution should support at least 100 predefined passwords for scanning archive files 25 The Proposed solution should support Windows 7, 8, 8.1 and above sandbox images 26 The Proposed solution should support Windows 2003, 2008, 2012 and above server sandbox images 27 The Proposed solution should allow at least three types of sandbox images 28 The Proposed solution should have support for analysis of executable files (EXE) 29 The solution should be able to Block 7

mail message and store a copy in the Quarantine area. 30 The Proposed solution should support multi-syslog servers 31 The Proposed solution should support CEF/LEEF/TMEF syslog format for ArcSight/Q-Radar integration 32 The Proposed solution should be able to Deliver the email message to the recipient after replacing the suspicious attachments with a text file and tag the email message subject with a string to notify the recipient 33 The Proposed solution should be able to pass and tag the email message 34 The Proposed solution should have option to make policy exceptions for safe senders, recipients, and X-header content, files and URL's 35 The Proposed Solution should be able to define risk levels after investigation of email messages 36 The solution should have option to specifying message tags 37 The Proposed solution should allow administrators to be able to see the HTML format reporting on console and download PDF report 38 The Proposed solution should be able to send real time email alert per detection 39 The Proposed solution should be able notify administrator for Message Delivery Queue, CPU Usage, Sandbox Queue, Disk Space, Detection Surge and Processing Surge 40 The Proposed solution should allow Admin be able to inquire how many detections come from malicious password-protected files 41 The Proposed solution show archive password of malicious archive file, and 8

Admin/AV vendor be able to decompress this malicious archive and analyze the content 42 The Proposed solution should have options to define global recipients/contacts setting for alert/report 43 The Proposed solution should have customizable dashboards for Attack Sources, High-Risk Messages, Detected Messages, Top Attack Sources, Quarantined Messages, Top Attachment Names, Top Attachment Types, Top Callback Hosts from sandbox, Top Email Subjects, Processed Messages by Risk, Processing Volume, Delivery Queue, Hardware Status, sandbox Queue, Suspicious Objects from Sandbox, Email Messages with Advanced Threats, 44 The Proposed solution should be able to send emails to at least 9 different email servers. 45 Proposed Solutions should not induce latency for all email attachments, only suspicious attachments which are being sent to sandbox for analysis is acceptable. 46 Should be support Linux Zebra mail Server Server Security 01 Solution should support Firewalling 02 Solution should support Deep Packet Inspection (HIPS/HIDS) 03 Solution should support Anti Malware 04 Solution should support Integrity monitoring 05 Solution should be light and it should not slowdown the other processes of servers at any time (Scanning, Real time 9

etc.). 06 Solution should support Log inspection 07 Solution should support CPU-based licensing model for virtualized environments 08 Solution should also support Serverbased licensing for installation on physical/standalone servers. 09 Firewall should have the capability to define different rules to different network interfaces. 10 Firewall rules should filter traffic based on source and destination IP address, port, MAC address, etc. and should detect reconnaissance activities such as port scans. 11 Solution should provide policy inheritance exception capabilities. 12 Solution should have the ability to lock down a computer (prevent all communication) except with management server. 13 Firewall should integrate with Hypervisors like Vmware ESXi without the need to install agents on the guest VMs 14 Solution should have Security Profiles allows Firewall rules to be configured for groups of systems, or individual systems. For example, all Windows 2003, 2008, 2012 and above servers use the same operating system rules which are configured in a single Security Profile which is used by several servers. 15 The solution should protect against Distributed DoS attacks 16 HIPS should integrate with Hypervisors like Vmware ESXi and NSX without the need to install agents on the guest VMs 17 Host based IDS/IPS should support virtual patching both known and 10

unknown vulnerabilities until the next scheduled maintenance window. 18 Virtual Patching should be achieved by using a high-performance HIPS engine to intelligently examine the content of network traffic entering and leaving hosts. 19 Should provide automatic recommendations against existing vulnerabilities, Dynamically tuning IDS/IPS sensors (Eg. Selecting rules, configuring policies, updating policies, etc...) and provide automatic recommendation of removing assigned policies if a vulnerability no longer exists - For Example - If a patch is deployed 20 Detailed events data to provide valuable information, including the source of the attack, the time, and what the potential intruder was attempting to exploit, should be logged 21 Solution should be capable of blocking and detecting of IPv6 attacks. 22 Solution should offer protection for virtual or physical, or a combination of both the environment 23 The solution OEM should deliver virtual patching updates within 24hours of an application vendor announcing a vulnerability in their system 24 The solution should have Application Control rules provide increased visibility into, or control over, the applications that are accessing the network. These rules will be used to identify malicious software accessing the network and provide insight into suspicious activities such as allowed protocols over unexpected ports (FTP traffic on a mail server, HTTP traffic on an unexpected 11

server, or SSH traffic over SSL, etc.) which can be an indicator of malware or a compromise. 25 Solution should provide policy inheritance exception capabilities. 26 Product should support CVE cross referencing when applicable 27 Solution should have Security Profiles allows rules to be configured for groups of systems, or individual systems. For example, all Windows 2003 servers use the same operating system rules which are configured in a single Security Profile which is used by several servers 28 Agent less Antivirus should support both Real Time and Schedule scan 29 Solution should have flexibility to configure different real time and schedule scan times for diff guest VMs 30 Solution should also support restoration of quarantined files. 31 Solution should support hypervisor level caching and de-duplication during Anti- Malware Scanning for improved performance 32 Integrity Monitoring module should be capable of monitoring critical operating system and application elements (files, directories, and registry keys) to detect suspicious behavior, such as modifications, or changes in ownership or permissions. 33 Solution should have extensive file property checking whereby files and directories are monitored for changes to contents or attributes (ownership, permissions, size, etc). 34 Solution should be able to track addition, modification, or deletion of Windows registry keys and values, access control lists, or web site files are 12

further examples of what can be monitored. 35 Solution should have single console to Manage desktop AV, Servers, Mail and Web Gateway software solution Solution should have the capability to generate User based Alerts and Reports in case of following events 01 Virus outbreak alert 02 Special virus alert (10) 03 Virus found - first and second actions unsuccessful 04 Virus found - first action successful 05 Virus found - second action successful 06 Network virus alert 07 Suspicious vulnerability attack detected 08 Virus Detection Reports Viruses Detected Most Commonly Detected Viruses (10, 25, 50, 100) 09 Antivirus Client Information Reports Detailed/Basic Summary 10 Comparative Reports Spyware/Grayware, Grouped by (Day, Week, Month) Viruses, Grouped by (Day, Week, Month) 11 Antivirus Server Deployment Reports Detailed Summary Basic Summary Detailed Failure Rate Summary 12 Network VirusWall Reports Policy Violation report: Policy violations, Grouped by (Day, Week, Month) Service Violation report: Service violations, Grouped by (Day, Week, Month) Most common clients in violation: Clients with the most violations, (10, 25, 50, 100) 13

14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback