Date: 03/03/2015
With reference to NIT No. DOIT/OCB/2015/57, dated 16/02/2015, the modifications specified below will supersede all references made to this regard in the following sections in the “Request for Proposal (RFP) - Procurement of UTM devices with Log Analyzer.”
QUALIFICATION/ ELIGIBILITY CRITERIA S.
No.
Basic Requirement
Revised Specific Requirements Documents Required 4 Technical
Capability The bidder must have successfully completed at least one project of Supply & Installation of UTM device or Networking Component (Router/ Switch/ Wi-Fi Solution/ Proxy Server or other active component) of value not less than the amount of Rs. 1.5 Crore during the period from 01/04/2012 to 31/12/2014.
OR
The bidder must have successfully completed/ at least two projects of Supply & Installation of UTM device or Networking Component (Router/ Switch/ Wi-Fi Solution/ Proxy Server or other active component) of value not less than the amount of Rs. 2 Crores in total during the period from 01/04/2012 to 31/12/2014. CA Certificate with CA’s Registration Number/ Seal bearing Copies of supply order/work order & its work completion certificate/invoice
Note: All the specifications below are minimum specifications and higher specifications shall be used wherever necessary/ required. Deviation on higher side shall only be considered and no extra weightage shall be awarded for such deviations. Also, the bidder is required to submit the technical compliance statement for each item.
Item No. 1 – UTM Device
Make & Model Offered - (To be filled by bidder)
Revised Specification
Compliance
Item Description Of Requirement (Yes/No)
Model
Offered Mention Model
Make
Offered Mention make
Threat Intelligence and Mitigation
1.
Proposed Solution must support the option to collaborate with other security vendors for intelligence feeds.
No Change
2.
Threat Cloud must support at least 280 million addresses or more to be analysed for bot discovery.
Threat Cloud must support at least 250 million addresses or more to be analysed for bot discovery.
3.
Threat Cloud must support malware database for at least 12 million malware signatures.
No Change
4.
Threat Cloud must support to have information of at least 1 million malicious websites.
No Change
5.
Solution must have the option of behind-the-scene support of worldwide network of sensors and must update attack information
bidder)
dynamically
6.
Security device and solution on premise should be able to receive up-to-the-minute intelligence from knowledgebase.
No Change
7.
Solution must have option to receive intelligence feeds (in addition to above specifications) from leading cyber security vendors that analyse targeted threats for specific industries, organizations who operate in specific geographical areas and specific attack types e.g. IID, CROWDSTRIKE, SenseCy, isightPARTNERS, PHISHLABS etc. who are specialized in delivering focused intelligence feeds.
Solution must have option to receive intelligence feeds (in addition to above specifications) from leading cyber security vendors that analyse targeted threats for specific industries, organizations who operate in specific geographical areas and specific attack types.
8.
Proposed Solution shall have the option translate these intelligence feeds in actionable on security controls/signatures which can be enforced on security features like IPS, AV, Anti-Bot, Web security
No Change
Compliance and Change Management
9.
Security management should provide Compliance monitoring framework so that it can monitor compliance status of these devices in the real time. It is expected, the network solution to provide real-time
Security management should provide Compliance monitoring framework so that it can monitor compliance status of these devices in the real time. It is expected, the network solution to provide
real-bidder)
and continuous assessment of all major regulations like ISO27001, COBIT,NIST, FIPS 200, GLBA, ISO27002, HIPAA security, PCI DSS, SOX etc.
time and continuous assessment of all major regulations.
10.
Should provide clear indications that highlight regulations with serious indications of potential breaches with respect to Access Policies, Intrusion ,Malwares, BOT, URL, Applications etc.
No Change
11.
Should Educates users to make good decisions by incorporating Compliance into daily activities
No Change
12.
Should also be able to enforce the compliance there by Providing clear and practical guidance on best way to deliver meaningful security practices
No Change
13.
Should Indicates automatically where improvements are needed and ongoing continuous assessment rather than manual intervention for meeting up compliance.
No Change
14.
The Compliance should enable effective management of actions and recommendations, and facilitating the prioritization and
bidder)
scheduling of action items.
15.
Compliance solution must provide on screen compliance alerts and predefined regulatory reports enable organizations to reduce the time and costs associated with maintaining compliance and audit preparation
No Change
16.
Compliance solution should have Out of the box recommendations, detailing actions required to improve security and compliance status
No Change
17.
The solution must Generate automated reports for compliance rating with top regulations
No Change
Change Management Specifications
18.
Bidder must propose full featured change management for security policy
No Change
19.
Change management solution must allow Administrator to work on their individual sessions.
No Change
20.
Change management solution must allow Administrator to work on their individual sessions.
No Change
21.
To track and analyse changes solution must support audit trail feature
bidder)
22.
New and modified objects must be highlighted in security policy dashboard and object list
No Change
23.
Session window must display changes with justifications
No Change
24.
solution must support out of the box summary report to summarize changes in specific session and must include details before and after comparison
No Change
25.
solution must support all changes to be captured in session and must allow administrator to submit session for approval
No Change
26.
Solution must allow managers to review changes in session and approve session. Managers must also be allowed suggest repair in change session.
No Change
27.
Change management solution must also show session status in session management window must support following session status 1). In Progress, 2). Waiting for Approval, 3). Not Approved, 4). Repaired, 5). Approved
Change management solution must also show session status in session management window
28.
Change management solution must be able to compare two sessions.
No Change
bidder)
enforcing changes without manager approval.
30.
Solution must provide configurable option to allow administrator enforce changes without approval by mean of emergency password
No Change
31.
Administrator must be able to see their own submitted sessions only. However Managers must be able to see all the administrator's sessions.
No Change
32.
Solution should allow administrator to enter note to manager while submitting change session for approval. Administrator must also be select to notify manager through email.
No Change
33.
Bidder can propose an integrated
compliance and change
management solution or as an additional component if required.
No Change
Firewall
34.
Network Security Firewall should support “Stateful” policy inspection technology. It should also have application intelligence for commonly used TCP/IP protocols like telnet, ftp etc.
No Change
35.
It should support the Firewall, IPSEC VPN & Bandwidth
bidder)
Management as integrated security functions
36.
Firewall and Integrated IPSEC VPN Applications should be ICSA Labs certified for ICSA 4.0, FIPS 140-2 certified and OPSEC Certified
Firewall and Integrated IPSEC VPN Applications should be ICSA Labs certified for ICSA 4.0, FIPS 140-2 certified
37.
The hardware platform & Firewall with integrated IPSEC VPN application has to be from the same OEM.
No Change
38.
Appliance should support for Active – Active connections. It should not depend upon any 3rd party product or appliance for the same. It should be provided in HA from day one
No Change
39.
Licensing should be a per device and not user/IP based (should support unlimited users)
No Change
40.
Firewall should support the multicast protocols as a multicast host, by participating in DVMRP, IGMP and PIM-DM / PIM-SM
No Change
41.
Proposed Firewall vendor must be Leader in Gartner Magic Quadrant for Enterprise Network Firewalls in last 4 years.
DELETE
42.
Firewall system should have a provision to handle the bandwidth management, if the same is
Firewall system should have a provision to handle the bandwidth management, if the same is
bidder)
required without additional cost It should offer the Bandwidth Management for every TCP, IPSEC, & VoIP protocols with attributes of Minimum Committed Bandwidth per protocol; Maximum Bandwidth per protocol; Priority for the queues
required without additional cost It should offer the Bandwidth Management for every TCP, IPSEC with attributes of Minimum Committed Bandwidth per protocol; Maximum Bandwidth per protocol; Priority for the queues
43.
It should support the VOIP traffic filtering
No Change
44.
Appliance should have Identity Awareness Capabilities
No Change
45.
Solution must failover without dropping any connection in active active mode.
No Change
46.
Firewall should have Hardware Sensor Monitoring capabilities.
No Change
47.
The platform should support VLAN tagging (IEEE 802.1q)
No Change
48.
The Firewall should support ISP link load balancing
No Change
49.
Firewall should support Link Aggregation functionality to group multiple ports as single port.
No Change
50.
Firewall should support Ethernet Bonding functionality for Full Mesh deployment architecture.
No Change
51.
Firewall must support atleast 2048 Vlans in normal or virtual mode.
bidder)
52.
Solution must have search option in GUI to search configuration options like NTP, arp, Proxy etc. and should directly take administrator to configuration window of search result by just clicking at search results.
Solution must have search/filter option in GUI to find configuration options like NTP, arp, Proxy etc. and should directly take administrator to configuration window of search result by just clicking at search results.
53.
Appliance must support automatic search, downloading and install software hotfixes without any administrator efforts and must notify Administrator through mails on the status and progress of each step. System should automatically roll back upon failure.
Appliance must support searching of available software hotfixes/ patches, and must notify it to Administrator through mails. System should automatically roll back on event of failure of these software hotfixes/ patches.
54.
Solution must support at least two clustering protocols.
Solution must have at least two clustering protocols i.e. active-active and active-active-passive.
55.
Solution must support VRRP clustering protocol.
No Change
56.
Firewall Appliance must allow to configure password policy for local users to login to firewall and must support following: disallow Palindromes, disallow password reuse from last 10 passwords, set password expiry in number of days, must have option to warn user 7 days before password expiry, block access for 20 Mins after 3 failed
bidder)
login attempts.
57.
Solution must support multiple administrators to work on policies on session based, All the policies and objects on which Administrator 1 is working should be locked for all other administrator, however other administrator can work on other policy rules and objects in their respective sessions. Changes done by Administrator-1 should not be visible to other administrators till the time Administrator-1 publishes changes.
Solution must support multiple administrators to work on policies based on roles.
58.
Solution must allow administrator to choose to login in readonly or readwrite mode
No Change
59.
Solution must allow to open support tickets directly from firewall GUI.
Solution must allow to open support tickets directly from firewall.
60.
Firewall must support multiple role based administration, 1).Routing Administrator must have read write access to all routing protocols, interface configuration, DNS configurations,
No Change
Performance Requirements for Integrated Security Solution
61.
Proposed solution must be appliance based
bidder)
62.
Firewall Throughput must be equivalent or more than 70 Gbps
No Change
63.
Appliance should provide at least 17 Gbps of VPN AES 128 throughput or more
No Change
64.
The Firewall must provide at least 28 million concurrent connections or more
No Change
65.
The Firewall must provide at least 178 K new connections per second processing or more
No Change
66.
The platform must be supplied with at least 8 10/100/1000Mbps interfaces port and 4 Nos of 10G port populated (transceivers to be included) from day one. The appliance should have scalability to support additional 4 10G Ports.
No Change
67.
Appliance must support Light out management.
Delete
68.
Firewall appliance should have Console port and USB Ports
No Change
69.
Proposed firewall must support at least 250 virtual context firewall
No Change
70.
Solution must have hot swappable dual power supply
No Change
71.
Proposed IPS throughput with TCP and UDP traffic blend, with
bidder)
recommended IPS Policy, scanning all part of sessions in both directions must be at least 7 Gbps or more
72.
Firewall should have inbuilt storage of 2 x 500 GB HDD in RAID 1 configuration
Firewall should have inbuilt storage of minimum 1 x 500 GB HDD
Web API for 3rd party integration
73.
Solution must support web API for integration with home grown web application
DELETE
74.
Solution must support Json strings for web API requests
DELETE
75.
Solution must also allow json scripts directly from firewall dashboard console.
DELETE
76.
Solution must support configuring hosts, networks, services, access rules, VPN rule, NATing, Time through web API
Solution must support configuring hosts, networks, services, access rules, VPN rule, NATing, Time through web API/GUI
77.
Solution must provide web api to configuration of IPS, Anti-Virus, Anti-Bot, Sandbox profile and policy from 3rd party web application.
No Change
Architecture Features
78.
It should support the IPSec VPN for both Site-Site & Remote Access VPN
No Change
bidder)
virtual tunnel interfaces to provision Route-Based IPSec VPN
80.
It should support the system authentication with TACACS+, RADIUS
It should support the system authentication with TACACS+, RADIUS, AD, LDAP etc.
81.
Firewall Appliance should have a feature of holding multiple OS images to support resilience & easy rollbacks during the version upgrades
No Change
Network Protocols/Standards Support Requirements
82.
It should support at least 200 protocols
It should support all common protocols
83.
Firewall Modules should support the deployment in Routed as well as Transparent Mode
No Change
84.
The Firewall must provide state engine support for all common protocols of the TCP/IP stack
No Change
85.
The Firewall must provide NAT functionality, including dynamic and static NAT translations
No Change
86.
All internet based applications should be supported for filtering like Telnet, FTP, SMTP, http, DNS, ICMP, DHCP, ARP, RPC, SNMP, Lotus Notes, Ms-Exchange etc
No Change
87.
Local access to the Firewall modules should support
bidder)
authentication protocols – RADIUS & TACACS+
88.
IPSec VPN should support the Authentication Header Protocols – MD5 & SHA
No Change
89.
IPSec ISAKMP methods should support Diffie-Hellman Group 1 & 2, MD5 & SHA Hash, RSA & Manual Key Exchange Authentication, 3DES/AES-256 Encryption of the Key Exchange Material and algorithms like RSA-1024 / 1536
No Change
90.
IPSec encryption should be supported with 3DES, AES-128 & AES-256 standards
No Change
91.
IPSEc should have the functionality of PFS and NAT-T
No Change
92.
Firewall should support authentication proxy for Remote VPN, HTTP/HTTPS Applications Access, and various other applications
No Change
93.
Firewall should support the authentication protocols RADIUS, LDAP, TACACS, and PKI methods
No Change
94.
Firewall should support PKI Authentication with PCKS#7 & PCKS#10 standards
bidder)
95.
It should support BGP, OSPF, RIPv1 &2, Multicast Tunnels, DVMRP protocols
No Change
96.
Dynamic policy enforcement on VPN Clients
No Change
Firewall Filtering Requirements
97.
It should support the filtering of TCP/IP based applications with standard TCP/UDP ports or deployed with customs ports
No Change
98.
The Firewall must provide state engine support for all common protocols of the TCP/IP stack
No Change
99.
The Firewall must provide filtering capability that includes parameters like source addresses, destination addresses, source and destination port numbers, protocol type
No Change
100.
The Firewall should be able to filter traffic even if the packets are fragmented.
No Change
101.
All internet based applications should be supported for filtering like Telnet, FTP, SMTP, http, DNS, ICMP, DHCP, ARP, RPC, SNMP, Lotus Notes, Ms-Exchange etc.
No Change
102.
It should support the VOIP Applications Security by supporting to filter SIP, H.323, MGCP and
bidder)
Skinny flows.
103.
It should be able to block Instant Messaging like Yahoo, MSN, ICQ, Skype (SSL and HTTP tunnelled)
No Change
104.
It should enable blocking of Peer-Peer applications, like Kazaa, Gnutella, Bit Torrent, IRC (over HTTP)
No Change
105.
The Firewall should support authentication protocols like LDAP, RADIUS and have support for Firewall passwords, smart cards, & token-based products like SecurID, LDAP-stored passwords, RADIUS or TACACS+ authentication servers, and X.509 digital certificates.
No Change
106.
The Firewallshould support database related filtering and should have support for Oracle, MS-SQL, and Oracle SQL-Net.
No Change
107.
The Firewall should support advanced NAT capabilities, supporting all applications and services-including H.323 and SIP based applications
No Change
108.
Should support CLI & GUI based access to the Firewall modules
No Change
109.
Local access to Firewall modules should support role based access
bidder)
110.
QoS Support [Guaranteed bandwidth, Maximum bandwidth, Priority bandwidth utilization, QOS weighted priorities, QOS guarantees, QOS limits and QOS VPN]
No Change
111.
Firewall Should support Identity Access for Granular user, group and machine based visibility and policy enforcement
No Change
112.
Firewall should support the Identity based logging
No Change
113.
Solution must provide functionality to automatically save current state of configuration each time when any configuration changes in Security policy is enforced, and should have option to revert back to previous state stored state. It must be capable of storing atleast
No Change
114.
Security Appliance must be able to accumulate multiple Operating System Images to boot from. While reverting OS to other preconfigured Image, configuration must not be lost.
No Change
Integrated IPS Feature Set
115.
The IPS should be constantly updated with new defences against
bidder)
emerging threats.
116.
IPS updates should have an option of Automatic downloads and scheduled updates so that it can be scheduled for specific days and time
No Change
117.
Should have Sandbox for new protections.
No Change
118.
The IPS should scan all parts of the session in both directions
No Change
119.
Should have flexibility to define newly downloaded protections will be set in Detect or Prevent mode.
No Change
120.
Activation of new protections based on parameters like Performance impact, Confidence index, Threat severity etc.
No Change
121.
IPS Engine should support Vulnerability and Exploit signatures, Protocol validation, Anomaly detection, Behaviour-based detection, Multi-element correlation.
No Change
122.
IPS profile can be defined to Deactivate protections with Severity, Confidence-level, Performance impact, Protocol Anomalies.
No Change
123.
IPS Profile should have an option to select or re-select specific signatures that can be deactivated
bidder)
124.
IPS must provide option to
deactivate all signature which have high impact on performance with a single click configurable option.
IPS must provide option to
deactivate all signature which have high impact on performance with a single click/command configurable option.
125.
Intrusion Prevention should have an option to add exceptions for network and services.
No Change
126.
Solution Must support to deactivate
IPS automatically if Resource
Utilization (CPU and Memory)
reaches 90% and automatically activate IPS if same resource utilization comes down to 30%. Solution must also provide option to configure or modify these limits.
Solution Must support to deactivate IPS automatically/ manually if Resource Utilization (CPU and Memory) reaches 90% and automatically activate IPS if same resource utilization comes down to 30%. Solution must also provide option to configure or modify these limits.
127.
IPS must have option to predefine action as detect and prevent for new signature downloaded in signature updates.
No Change
128.
IPS Policy to Block the traffic by country should have an option to configure in incoming direction, Outgoing direction or both.
No Change
129.
IPS events/protection exclusion rules can be created and view packet data directly from log entries with RAW Packets and if required can be sent to Wireshark for the
bidder)
analysis.
130.
Application Intelligence should have controls for Instant Messenger, Peer-to-Peer, Malware Traffic etc.
No Change
131.
Instant Messenger should have options to Block File Transfer, Block Audio, Block Video, Application Sharing and Remote Assistance
No Change
132.
IPS should have an option to create your own signatures with an open signature language.
No Change
133.
IPS should provide detailed information on each protection, including: Vulnerability and threat descriptions, Threat severity, Performance impact, Release date, Industry Reference, Confidence level etc
No Change
134.
IPS should have the functionality of Geo Protection to Block the traffic country wise in incoming direction, outgoing direction or both. IPS also should alert through Mail if any IPS traffic/event detected from Specific Country.
No Change
135.
IPS should be able to detect and prevent imbedded threats with in SSL traffic.
No Change
bidder)
party signature import such as Snort
137.
IPS shall be able to provide complete user visibility in the logs.
No Change
IPS Management, Reporting, Logging and Analysis
138.
IPS management should be able to manage all functions specified above from central console
No Change
139.
IPS central management, reporting, logging and analyser solution has to be in appliance foot print
No Change
140.
IPS management should provide option to add exceptions on the fly from event log dashboard.
No Change
141.
Reporting solution should provide out of the box and customized reporting
No Change
142.
Reporting solution should provide graphical summary reports
No Change
143.
Any changes or commands issued by an authenticated user should be logged to a database.
No Change
144.
The Management (Management, reporting, analysis) System must provide a means of viewing, filtering and managing the log data.
No Change
145.
Management System should provide Event analysis, correlation and reporting for IPS.
bidder)
146.
Management System should Quickly identify critical security events using dashboard, charts and maps
No Change
Web Security Solution
147.
The solution should provide in line proxy, on box malware inspection, content filtering, SSL inspection, protocol filtering functionalities
No Change
148.
Application control database should contain more than 6000 applications.
Application control database should contain more than 3000 applications.
149.
The solution should protect users from downloading virus / malwares embedded files by stopping viruses / malwares at the gateway itself. Should at least provide Real-Time security scanning.
No Change
150.
Should stop incoming malicious files with updated signatures & prevent access to malware infected websites & unblocks the sites when the threats have been removed.
No Change
151.
Solution must have a URL categorization that exceeds 100+ million URLs filtering database. Should have pre-defined URL categories. The solution should have the capabilities to block, permit, allow & log, protocols other
bidder)
than HTTP, HTTPs, FTP. Also list the protocols that supports.
152.
The solution should have more than millions + malware signature.
No Change
153.
The solution should also have the scalability to scan & secure SSL encrypted traffic passing through gateway. Should perform inspection to detect & block malicious content downloaded through SSL.
No Change
154.
Solution must be able to create a filtering rule with multiple categories.
No Change
155.
Solution must be able to create a filtering for single sites being support by multiple categories.
No Change
156.
The solution must have an easy to use, searchable interface for applications & URLs.
No Change
157.
The solution should be able to explicitly limit bandwidth for bi direction traffic i.e. upload & download.
No Change
158.
The solution should at least provide a mechanism to limit application usage based on bandwidth consumption.
No Change
159.
The solution should provide real-time monitoring capabilities to analyze user browsing patterns.
bidder)
Also should be updated using a worldwide network.
160.
Solution should provide antivirus & malware protection.(gateway level)
No Change
161.
Solution should support download of available patches or fixes.
Solution should support download of available patches/ fixes.
162. Solution should be able to define specific message for specific user.
Solution should be able to define specific message for specific user/group of users
163.
Solution should be capable of making rules based on minimum following parameters: source (Host, Network, User Group), Destination (Host, Network, User, Groups, applications / URLs, categories, individual, Risk factor etc.), Time (Specific customized hours, Work hours, Weekend, every day, Actions (Allow, Block, Ask, Inform, Limit)
No Change
164.
The solution should at least categorize applications & URLs by Risk Factor & also be able to block those by risk factor.
No Change
165.
The solution should be able to display message to user based on defined action in the rule. The message should be customizable to the events.
No Change
bidder)
mechanism to inform or ask users in real time to educate them or confirm actions based on security policy.
167.
The solutions should have a management console to manage policies & reporting.
No Change
168.
Solution should have reporting structure which provides graphical information on Top users by bandwidth, session’s usage. Also dashboard which provides graphical information on Top visited categories of Website, APP, URL.
No Change
169.
Solution should support real-time reports, historical and trend reports, investigative reports
No Change
170.
Solution should have complete forensic dashboard for the web threats like spyware, malicious links, etc.
Solution should have complete dashboard for the web threats like spyware, malicious links, etc.
171.
Solution must provide a black & white list mechanism to allow the administrator to deny or permit specific URL’s regardless of the categories.
No Change
172.
The solutions should provide reports based on hits, bandwidth and browse time.
No Change
bidder)
structure and easy to manage by an administrator.
174.
Solution must have users and groups granularity with security rules. Solution should be able to integrate with Active Directory/LDAP Server. Also Administrator should be able to create rules based on AD categorization of users and group.
No Change
175.
Application control & URLF security policy must be able to be defined by user identities, user, group etc. The database must be updated by a cloud based service. The solution must have unified application control & URLF security rules.
No Change
176.
The solution should provide granular social level control, granular youtube and video controls.
No Change
177.
The solution should provide native system health monitoring alerting & troubleshooting capabilities.
No Change
178.
The solution should support configuring automatic backup of system configuration.
No Change
AntiBot and AntiVirus
179.
Solution should be able to detect & Prevent bot outbreaks and APT attacks
bidder)
180.
Solution should be able to detect & Prevent the Bot communication with C&C
No Change
181.
Solution should have an Multi-tier engine to ie detect & Prevent Comand and Control IP/URL and DNS
No Change
182.
Solution should be able to detect & Prevent Unique communication patterns used by BOTs i.e. Information about Botnet family
No Change
183.
Solution should be able to detect & Prevent attack types ie, such as spam sending click fraud or self-distribution, that are associated with Bots
No Change
184.
Solution should be able to block traffic between infected Host and Remote Operator and not to legitimate destination
No Change
185.
Solution should be able to provide with Forensic tools which give details like Infected Users/Device, Malware type, Malware action etc.
Solution should be able to provide with tools which give details like Infected Users/Device, Malware type, Malware action etc.
186.
Solution should give information related to Performance impact and confidence level of protections while creating profiles
Solution should give information related to Performance impact or severity level of protections while creating profiles
bidder)
HTTP,HTTPS etc
188.
Solution should have an option of packet capture for further analysis of the incident
No Change
189.
Solution Should Uncover threats hidden in SSL links and communications
No Change
190.
The AV should Scan files that are passing on CIFS protocol
No Change
191.
The vendor malware update mechanism should include reputation, network signatures and suspicious email activity detection
No Change
192.
Does the vendor collaborate with security organizations adding to their threat indicator database?
No Change
193.
The AV and Anti-Bot solution should be a multi-tier inspection and not be limited to file types
No Change
194.
The AV should Scan files that are passing on CIFS protocol
No Change
195.
Solution should have option to inspect, Bypass and Block based on file types e.g. chm, shar, vsd, msi, vbs, wsf etc.
No Change
196.
solution should have option to inspect/scan files coming from external, DMZ and All interfaces
bidder)
197.
Solution should be able to detect & Prevent bot outbreaks and APT attacks
DELETE (due to duplication)
198.
Solution should be able to detect & Prevent the Bot communication with C&C
DELETE (due to duplication)
199.
Solution should have an Multi-tier engine to i.e. detect & Prevent Command and Control IP/URL and DNS
DELETE (due to duplication)
200.
Solution should be able to detect & Prevent Unique communication patterns used by BOTs ie Information about Botnet family
DELETE (due to duplication)
201.
Solution should be able to detect & Prevent attack types ie, such as spam sending click fraud or self-distribution, that are associated with Bots
DELETE (due to duplication)
202.
Solution should be able to block traffic between infected Host and Remote Operator and not to legitimate destination
DELETE (due to duplication)
203.
Solution should be able to provide with Forensic tools which give details like Infected Users/Device, Malware type, Malware action etc
DELETE (due to duplication)
204.
Solution should give information related to Performance impact and
bidder)
confidence level of protections while creating profiles
205.
Antivirus protection protocols for HTTP,HTTPS etc
DELETE (due to duplication)
206.
Solution should have an option of packet capture for further analysis of the incident
DELETE (due to duplication)
207.
Solution Should Uncover threats hidden in SSL links and communications
DELETE (due to duplication)
208.
The AV should Scan files that are passing on CIFS protocol
DELETE (due to duplication)
209.
The vendor malware update mechanism should include reputation, network signatures and suspicious email activity detection
DELETE (due to duplication)
210.
Does the vendor collaborate with security organizations adding to their threat indicator database?
DELETE (due to duplication)
211.
The AV and Anti-Bot solution should be a multi-tier inspection and not be limited to file types
DELETE (due to duplication)
212.
The AV should Scan files that are passing on CIFS protocol
DELETE (due to duplication)
213.
Solution should have option to inspect, Bypass and Block based on file types e.g. chm, shar, vsd, msi, vbs, wsf etc.
bidder)
214.
solution should have option to inspect/scan files coming from external, DMZ and All interfaces
DELETE (due to duplication)
Item No. 2 – Log Analyzer
Make & Model Offered - (To be filled by bidder) Revised Specification Complianc e
Item Description Of Requirement (Yes/No)
Model
Offered Mention Model
Make
Offered Mention make
Firewall Management, Logging and Analysis
1.
Centralised Firewall management should be able to manage all functions specified in firewall specification from central console
No Change
2.
Firewall central management, reporting, logging and analyser solution has to be in appliance foot print
No Change
3.
Central Firewall Management should be able to manage at least 10 firewalls.
No Change
4.
Central Firewall Management must support creating firewall rules, policy for multiple firewalls from central console.
No Change
5.
Central Firewall Management should have local inbuilt storage of atleat 2 TB from Day 1.
No Change
e of Band Management.
7.
In case of separate appliance for Management and reporting both the appliance should meet the above mentioned requirement
No Change
8.
Firewall should be able to provide central logging , Analysis and granular reporting
No Change
9.
Reporting solution should provide out of the box and customized reporting
No Change
10.
Reporting solution should provide graphical summary reports
No Change
11.
Any changes or commands issued by an authenticated user should be logged to a database.
No Change
12.
Management system should also provide the real time health status of all the firewall modules on the dashboard for CPU & memory utilization Active connections, total # of concurrent connections and the connections/second counter.
No Change
13.
Management (Management , reporting, analysis) System Support for role based administration of firewall
No Change
14.
The Management (Management, reporting, analysis) System must provide a means of viewing, filtering and managing the log data.
e
15.
Logs must contain information about the policies rule that triggered the log. Should support google like search of logs within seconds
No Change
16.
Must provide a minimum basic statistics about the health of the firewall and the amount of traffic traversing the firewall.
No Change
17.
Management should have Visual Tracking of Changes in Policy, Detailed Summary Report of Changes carried out, Audit trails, Graphical comparison of Rule Base Changes and Session Management and Change approval process.
No Change
18.
Log Server must allow configuring log file size to be stored on appliance.
No Change
19.
Log Server must allow to see historic logs and it should be possible to backup and restore historic log files.
No Change
20. Must support SNMP v1, V2 & V3 No Change
21.
Log Server must support purging of log files.
No Change
22.
Management Server must allow to save multiple policy packages or versions.
No Change
23.
Management Server must show Packet per seconds, throughput and concurrent connections on firewall in graphical dashboard
e
24.
Management Server must also support backup and restore process and there should be option to store backup on Management Server itself.
No Change
25.
management server must support role based Administration
No Change
26.
Centralized management and reporting and appliance should have capability of minimum 2 TB.
No Change
27.
Management system must provide to add exception on the fly from log window itself.
No Change
28.
Centralized management and reporting appliance should be able to support 5000 logs per second
No Change
29.
Solution must provide rule hit count against each firewall rule is created.
Management Dashboard must give
information how many rules are not being used in access Policy.
No Change
30.
Any changes or commands issued by an authenticated user should be logged to a database.
No Change
31.
The Management (Management,
reporting, analysis) System must provide a means of viewing, filtering and managing the log data.
No Change
e Event analysis, correlation and reporting
for firewall and IPS
Security Event Management
33.
Centralised Security Event Management should be in appliance foot print and should be able to collect logs from all security devices mentioned in RFP i.e. Firewall, IPS and web security.
Centralised Security Event Management should be able to collect logs from all security devices mentioned in RFP i.e. Firewall, IPS and web security.
34.
Centralised Event correlation and visibility Dashboard for Threat Management Framework should integrate with all the security solution asked in RFP Firewall, IPS & Web Security.
No Change
35.
Communication between the Firewall, IPS, Web Security and Security Event management framework must be encrypted
No Change
36.
Security management should provide Compliance monitoring framework so that it can monitor compliance status of these devices in the real time. It is expected, the network solution to provide real-time and continuous assessment of all major regulations like ISO27001, COBIT,NIST, best practices
No Change
37.
Should provide clear indications that highlight regulations with serious indications of potential breaches with
e respect to firewall, intrusions, Malwares
etc.
38.
Should Educates users to make good decisions by incorporating Compliance into daily activities
No Change
39.
Should also be able to enforce the compliance there by Providing clear and practical guidance on best way to deliver meaningful security practices
No Change
40.
Should Indicates automatically where improvements are needed and ongoing continuous assessment rather than manual intervention for meeting up compliance.
No Change
41.
The Compliance should enable effective management of actions and recommendations, and facilitating the prioritization and scheduling of action items.
No Change
42.
Compliance solution must provide on screen compliance alerts and predefined regulatory reports enable organizations to reduce the time and costs associated with maintaining compliance and audit preparation
No Change
43.
Compliance solution should have Out of the box recommendations, detailing actions required to improve security and compliance status
e
44.
The solution must Generate automated reports for compliance rating with top regulations
No Change
45.
Security Management Framework should be able to provide alert s and detect minimum following critical security violations vis correlating logs from the given in scope security devices
No Change
46. Successful attack / malicious code No Change
47.
Application level attack/ SQL Injection etc.
No Change
48.
Unauthorized remote access & access Violation
No Change
49. Malware /virus Outbreak No Change
50. Suspicious Communication No Change
51. High risk user activity /reporting No Change
52.
Centralised Security Management Framework should be able to monitor and drill down to all security alerts from central console
No Change
Note: All the supplied Hardware/ Software should be Interoperable, IPv6 ready and in compliance with the policies/ guidelines issued by DeITY, GoI in this regard. Also, the bidder is to quote/ propose only one make/ model against the respective item.
