II.2.2) Additional CPV code(s)
72250000
II.2.3) Place of performance
NUTS code:
UKI3
II.2.4) Description of the procurement
The Crown Prosecution Service (CPS) is issuing a Prior Information Notice (PIN) to inform prospective suppliers of its intention to procure a Security Information and Event Management (SIEM) tool.
CPS will go to market for a new SIEM system as part of its overall cybersecurity strategy.
As a minimum, the tool should provide the following functionality:
1. Log Collection and Aggregation: The SIEM should be capable of collecting and aggregating logs and data from various sources across the CPS, such as network devices, servers, applications, cloud infrastructure, and endpoints/end-user-devices.
2. Integration and Compatibility: The SIEM should integrate seamlessly with existing security tools and technologies, such as intrusion detection/prevention systems (IDS/IPS), firewalls, antivirus solutions, and threat intelligence feeds.
3. Real-time Monitoring: The SIEM should provide real-time monitoring capabilities to detect and alert on suspicious or malicious activities as they occur. This involves continuous analysis of incoming log data to identify anomalies and patterns indicative of security threats.
4. Event Correlation and Analysis: The system should be able to correlate and analyse events from multiple sources to identify complex attack patterns that may go unnoticed when analysing individual events in isolation.
5. Threat Detection and Alerts: The SIEM should have threat detection mechanisms that can identify known threats based on signatures and behaviours, as well as emerging threats using advanced analytics and machine learning techniques. It should generate timely and actionable alerts for security teams.
6. Incident Response: The SIEM should facilitate efficient incident response by providing workflow and case management capabilities. This allows security teams to track, investigate, and remediate security incidents effectively.
7. Automated Remediation: The SIEM should be capable of integrating with network services and infrastructure to automatically mitigate significant threats in real time.
8. Data Retention and Storage: A SIEM system must be capable of storing and managing large volumes of log data over extended periods to support historical analysis, compliance requirements, and forensic investigations. An indicative estimate is 50TB of data over a rolling year.
9. Scalability: The SIEM should be scalable to accommodate growing data volumes and an expanding IT infrastructure. It should be able to handle the increasing demands of log collection, analysis, and storage.
10. User and Entity Behaviour Analytics (UEBA): Advanced SIEM systems incorporate UEBA capabilities to establish baselines of normal behaviour for users and entities. Deviations from these baselines can trigger alerts for potential insider threats or compromised accounts.
11. Compliance and Reporting: The SIEM should assist organisations in meeting regulatory compliance requirements by offering predefined compliance reports and helping to demonstrate adherence to industry standards and regulations.
12. Advanced Analytics and Machine Learning: Employing machine learning and advanced analytics can enhance threat detection by identifying subtle patterns and anomalies that may indicate novel or sophisticated attacks.
At this stage, the CPS is seeking to engage with the supply market as part of an information-gathering exercise to understand how suppliers might approach the provision of the services outline above, particularly with regards to any developments in service delivery and innovation.
Suppliers who wish to express their interest in this potential opportunity should do so via the contact details contained within the notice and shall subsequently be invited to attend a virtual engagement session in which they may present their observations on how the requirements within this Prior Information Notice could be fulfilled.
This presentation may take any format and should cover the following areas:
• the latest developments / capabilities in SIEM technology
• a cost estimation - provide a comprehensive breakdown of potential cost associated with the service provision to the CPS. This should include: setup costs, ongoing service costs, any cost related to customisation, support, or upgrades as well as any other incidental costs that may be incurred during the service.