Page 1 of 12
FIRN INTERNET SECURITY BUNDLE SERVICES
AND
NEW ADVANCED SECURITY OPTIONAL SERVICES
(New Services and Prices Available July 1, 2014.CSAB Orders can be placed as early as March 1, 2014)
FIRN Secure Internet Bundle* Monthly Pricing - Table 1.0
Ethernet Bandwidth E ErraatteeEElliiggiibblleeCCoosstt–– P Prriioorriittyy11 D DMMSS A AddmmiinnFFeeee T ToottaallFFoorr B Baassiicc I Inntteerrnneett&& S Seeccuurriittyy N Noonn--EErraatteeEElliiggiibbllee
Bundled Cost - Core + Access + CPE +
Basic Firewall Security
Additional Cost for Advanced Security
and Content Filtering and URL blocking
10 Mbps $1,121.07 $78.47 $1,199.54 $273.45 50 Mbps $2,053.83 $143.77 $2,197.60 $273.45 100 Mbps $2,605.37 $182.38 $2,787.75 $273.45 200 Mbps $3,622.63 $253.58 $3,876.21 $546.89 300 Mbps $4,632.43 $324.27 $4,956.70 $820.34 400 Mbps $5,162.24 $361.36 $5,523.60 $1,093.78 500 Mbps $5,636.83 $394.58 $6,031.41 $1,367.22 600 Mbps $6,106.70 $427.47 $6,534.17 $1,640.66 700 Mbps $6,372.29 $446.06 $6,818.35 $1,914.11 800 Mbps $6,562.81 $459.40 $7,022.21 $2,187.55 900 Mbps $6,739.15 $471.74 $7,210.89 $2,461.00 1000 Mbps $6,914.97 $484.05 $7,399.02 $2,734.44 2000 Mbps $10,877.40 $761.42 $11,638.82 $4,101.66 5000 Mbps $15,597.94 $1,091.86 $16,689.80 $6,152.49 10000 Mbps $22,688.85 $1,588.22 $24,277.07 $9,228.73
*Not available in all FIRN service areas. Engineering evaluation required to determine availability. DMS will generate a service availability inquiry once a CSAB order is received or upon customer request.
FIRN Secure Internet Bundled Services:
Secure Internet Services: Secure Internet Services for end users are Services combined
with a cloud-based basic firewall protection, using a uniform approach and tools, against unauthorized use and access.
Page 2 of 12 xx FIRN Secure Internet includes:
a) Internet Access
b) Local Transport Facilities c) Premise Router
d) Cloud Based Basic Firewall Service
x The cloud-based basic firewall provides the following security functions for all
virtual contexts:
a) The Sandbox Analyzer to identify and analyze targeted and unknown files for
malicious behaviors. It shall generate and automatically deliver protection for newly discovered malware via signature updates. Signature update delivery shall include integrated logging/reporting.
b) Geo Blocking to prevent network based access to internal resources by blocking
based on geographic location.
c) Application Blocking to identify and block unwanted applications without regard
to the port they are using for communication.
d) Security Information and Event Management (SIEM): Secure Internet Services
will include detailed information provided by the MyFloridaNet QRadar tool. DMS and each Secure Internet Services end user will receive two QRadar login accounts allowing them accurate, correlating information regarding network flows (500:1 sampling), session data, packet captures, reputation white/black listing and endpoint system vulnerability results providing the maximum amount of detail to traffic traversing their network connection. This access shall give Secure Internet Services end users visibility into their Internet connection activity, virtual activity, user activity and application activity, giving them intelligence into their FIRN Secure Internet connection.
x The cloud-based firewall will provide the following optional more advanced
security functions for all virtual contexts subscribing to the Advanced Security and Content Filtering service at the pricing listed in the second column of Table 1.0.
a) NextGeneration IPS & IDS: By proactively applying deep packet and application
inspection of network activity at the border of the FIRN and the internally protected zones, service will provide better analysis and overall security for each FIRN Organization. Automated correlation and Intrusion Analysis by this service will provide notifications of suspected unauthorized network activity and has the ability to prevent the activity from ever reaching the end user’s internal network. This feature is part of the advanced cloud-based firewall deployment.
b) Malware & Anti-Virus detection: This service feature provides real time
anti-virus and anti-malware protection. End users will have the ability to automatically take action on malicious files currently in transport across the network. This feature will block unwanted malware and viruses at our edge devices before they consume Internet bandwidth or threaten the local network and ultimately desktop endpoint systems users depend on to access the Internet. This feature is part of the advanced cloud-based firewall deployment.
c) Next Generation Content Filtering/URL Blocking is enabled upon request. This
Page 3 of 12 illegal, and dangerous web content. It will have the ability to block multiple categories of objectionable web content, providing the necessary combination of control and flexibility to protect important resources. The service will deliver sophisticated reporting and visually descriptive monitoring through dashboards, graphs, charts, and data search functionality. This feature is part of the advanced cloud-based firewall deployment.
xx FIRN Help Desk
a) FIRN Secure Internet includes access to our standard FIRN helpdesk to provide
assistance directly to FIRN end users to answer questions related to all FIRN Secure Internet service tools and services.
b) The helpdesk will work directly with the end user to provide advice on remediation
methods and industry best practices as they relate to services FIRN provides as part of our Secure Internet offering.
c) The helpdesk will be staffed live and/or offer immediate call back within thirty
(30) minutes 24x7x365.
d) The Secure Internet Service staff will perform daily “eyes on glass” real-time
monitoring and analysis of security events. Monitoring and analysis shall span multiple sources including but not limited to events from the security tools (SIEM), MFN network tools, NetFlow logs, firewall logs, and router logs.
x
New Secure Internet and Advanced Security & Content
Filtering
Secure Internet services shall be offered based on the rates provided in Table 1.0 below. All current FIRN Internet Services shall remain with the exception of the following changes:
1) Pricing for Secure Internet Services is flat rate (included in Table 1.0) in the AT&T,
CenturyLink and Verizon LATA areas. This new pricing shall be an addition to the flat rate and mileage band pricing originally available under the FIRN contract. The new flat rates in Table 1 may not apply outside of these areas. Any connections outside of the AT&T, Century Link, and Verizon LATAs shall be priced as an individual case basis (ICB). ICB pricing shall never be more than the original flat rate pricing available under the original FIRN contract.
2) A FIRN managed CPE router is included in the standard service. However, the FIRN
end-user may choose to manage the FIRN CPE router or provide and manage their owned CPE router as long as it is certified by the FIRN Service Provider. The option to manage the CPE router is at no additional cost to the end user.
3) The FIRN Secure Internet service bundle introduces performance measures via Service
Level Agreements for Install, Moves, Adds, Changes and Outages with the following Table 2.0
Page 4 of 12 Service Performance Measures
Table 2.0
SLA Performance Target Liquidated
Damages
Measurement Install, Moves, Adds,
Changes (“IMAC”) 64kbps to T1 = 60 days >T1 to 45Mbps = 80 business days >45Mbps = 180 business days 10% MRC of Service* if performance is not met.
Measured and calculated per incident based on the
operational tools provided. FIRN will not
be liable where facilities do not exist for access types (excluding Ethernet) greater than 12 Mbps. Site Outage & Service
Troubles – Restore Within twenty-four (24) hours Monday – Friday. 5% MRC of the entire service if outage > 24 hours
Measured using the trouble ticketing system. SLA clock will start when the trouble has been reported in the ticketing system. The SLA clock will stop when the site has been restored and verified with the end user. For all service troubles, FIRN must open trouble tickets
pro-actively and immediately when the outage has been discovered. The time between the actual outage and the opened trouble ticket was opened will be counted towards SLA restoral time. For example: if an outage occurred at 1:00PM and the trouble ticket was opened at 1:30PM, 30 minutes of this time will be counted towards the SLA restoral time.
*MRC of Service = MRC of (Core Port + CPE + Access) for each site
Note: Secure Internet service shall be available and pricing effective July 1st, 2014.
xx
FIRN Advanced Security Offerings (ASO):
A. ASO can be purchased by end users as an Advanced Security Bundle (ASB) (see B.).
Some of these ASB as well as other Advanced Security Offerings may also be purchased separately (See I-J.).
B. Advanced Security Bundle (ASB): ASB includes, for each end user selected location
Page 5 of 12
1) Fully Managed Device for On-site Intrusion Prevention System (IPS) Device and
Service.
2) Fully Managed Device for On-site Premise Firewall Event Logging Management,
Analysis and Notification of end user District Area Network (DAN) Firewall.
3) Fully Managed Device for On-site end user Device Event Logging Management and
Analysis for up to 15 devices per end user location.
4) Fully Managed Counter Threat Appliance (CTA) to assimilate logging information from
all end user selected sources passing on significant events for further analysis.
5) Fully Managed Cloud Based Security Information and Event Management (SIEM)
Correlation via forwarded information from the CTA.
6) End User Portal for detailed information regarding their Security incidents and security posture.
C. Intrusion Prevention System (IPS): IPS helps eliminate malicious inbound and outbound
traffic 24x7x365, without device or signature management, and without increasing in-house headcount. IPS service lets the end user comply with data loss regulations to protect against threats to sensitive data by centralizing the analysis of all devices including firewall logs and provides comprehensive reporting via the FIRN’s end user portal to demonstrate the effectiveness of the end user’s security controls. The IPS device can be attached to the End User network to provide Intrusion Detection with the onus then on the end user to implement appropriate corrective action. Alternatively, the IPS can be placed in-line of Internet traffic, in which case the FIRN service provider shall implement recommended security response to the intrusion. IPS includes:
1) Configuration and implementation. 2) Administration and tuning.
3) 24x7x365 Real-time security event and device health monitoring. 4) Upgrade, change, and patch management.
5) Thousands of unique countermeasures. 6) Daily audits of existing rules.
7) Advanced analysis and blocking techniques, including advanced statistical analysis,
suspicious activity correlation and expert security analysis of patterns.
8) Twice weekly countermeasure updates. 9) Intelligence-enhanced threat protection. 10) On-demand security and compliance reporting.
D. Firewall Event Logging: Monitoring of any supported end user premise firewall listed
below and support for next generation and HA Firewall pairs at no additional charge. Log information shall be incorporated into the provided SIEM and any SIEM indications of a problem are analyzed by security professionals in near real time and end user are notified
Page 6 of 12 of any significant firewall events complete with recommended firewall configuration changes. End users desiring a full proactively managed firewall solution can combine this offering with existing FIRN contract firewall management options. Supported firewall devices are:
1) Cisco
2) Juniper Networks 3) Palo Alto Networks 4) Dell SonicWALL 5) Check Point 6) Fortinet
E. End User Device Event Logging: The 15 devices can be any mixture of any supported
devices (servers, routers, etc.) capable of sending log information to the provided logging device. The logging information shall be fed into the SIEM similar to the Firewall log information and proactively responded to the same way, resulting in notification of the end user of any suspicious activity complete with recommended actions.
F. Counter Threat Appliance (CTA): The CTA resides on the end user’s network and shall
be responsible for maintaining connections to all sources an end user needs monitored and managed. The CTA shall collect logs from these sources and handles parsing, normalization, de-duplication and filtering of collected events. Security events of interest are sent from the CTA to the FIRN’s Security Operations Centers (SOC) via a secured connection, where they are prioritized and, if needed, reviewed by the FIRN’s service provider certified Security Analysts to determine if any malicious or suspicious activity is occurring. Additionally, the CTA is a secure point from which FIRN’s Security Analysts can provide device management. Through the secured connection, the CTA shall have the capability to enable communications and administrative activities for vendor managed devices.
G. End User Portal and Reports: The End User Portal shall provide the intelligence and
analytics needed to easily understand the risks, demonstrate compliance and make better security decisions. The Portal shall give end users full visibility into their security and compliance posture with advanced reporting functionality integrated across all proffered Advanced Security Offerings. The End User Portal shall include a mobile application ensuring security data is always at the end user’s fingertips.
Page 7 of 12
ASB Monthly Pricing Table 2.0
Bandwidth Monthly Recurring
10 Mbps
$3,651.9150 Mbps
$3,651.91100 Mbps
$3,651.91200 Mbps
$3,977.19300 Mbps
$4,428.73400 Mbps
$4,428.73500 Mbps
$4,428.73600 Mbps
$4,712.28700 Mbps
$4,712.28800 Mbps
$4,712.28900 Mbps
$4,712.281,000 Mbps
$4,712.282,000Mbps*
$9,424.565,000Mbps*
$23,561.4010,000Mbps*
$47,122.80 *Where availablexx
Standalone Advanced Security Options.
End user may purchase any of the products and services described below.
1) IPS Monitoring is as described in C. 3) above. Pricing for those wishing to buy as a
standalone product is as follows:
IPS Monitoring Monthly Pricing - Table 3.0
Internet Bandwidth Monthly Recurring
0 Mbps to 100 Mbps $936.25 101 Mbps to 1000 Mbps $1,471.25 1001 Mbps to 2000 Mbps $1,658.50
2) IPS Management was included and described in the bundled offering. Pricing for those
Page 8 of 12
IPS Management Monthly Pricing - Table 4.0
Internet Bandwidth Monthly Recurring
0 Mbps to 100 Mbps $1,671.34 101 Mbps to 500 Mbps $2,228.81 501 Mbps to 1000 Mbps $3,477.50 1001 Mbps to 2000 Mbps $4,796.81 2001 Mbps to 4000 Mbps $6,464.94 4001 Mbps to 10000 Mbps $9,674.94
3) End User Device Event Monitoring was included and described in for up to 15 devices in
the bundled offering. For those wishing to buy monitoring for additional devices or as a standalone offering pricing is as follows:
Device Monitoring Monthly Pricing - Table 5.0
Device Count Monthly Recurring
1 $133.75
15 $1,605.00
200 $12,216.19
500 $23,451.19
4) Vulnerability Management service identifies exposures and weak spots in end user
environments by performing highly accurate external scanning and internal scanning across the network. Vulnerability Management shall enable vulnerability scanning without the hardware, software and maintenance requirements of scanning products. Vulnerability results shall be integrated into FIRN’s other Managed Security Services, allowing threats against vulnerable and non-vulnerable systems to be assessed and prioritized accordingly.
The Vulnerability Management technology shall be fully managed and maintained by the FIRN’s dedicated vulnerability management team, eliminating administration and maintenance burdens so end users can better focus on protecting assets and reducing risks. Vulnerability Management includes:
a) Highly accurate internal and external vulnerability scanning. b) Support for physical, cloud and virtual infrastructure. c) Dedicated vulnerability management team to provide expert
guidance and support.
Page 9 of 12
e) 24x7x365 expert support by certified security analysts.
Vulnerability Management service Monthly Pricing - Table 6.0
Network or
Server Device Count Monthly Recurring
128 $642.00
512 $1,337.50
1024 $12,751.19
Application Count Monthly Recurring
10 $820.69
25 $1,337.50
160 $3,477.50
5) Log Retention Services shall be a fully-managed service that provides support for a wide
range of sources, allowing capture and aggregation of the millions of logs generated every day by critical information assets such as servers, routers, firewalls, databases, applications and other systems. The Log Retention Services shall support hundreds of devices per appliance. Log Retention Services Include:
a) Log Retention device with 13TB of compressed storage (3.8TB uncompressed). b) Capturing and storing end user-specified system logs from the IT devices, systems
and other network assets to the Log Retention Appliance.
c) Implementing software upgrades and security patches to Log Retention Appliance
Monitor the information security, system health and performance of Log Retention Appliances 24x7x365.
d) Provide end user client access to the Logs.
e) Configure any Log Retention Appliance native alerting functionality to provide
alerting to notify end user of any such end user Devices no longer transmitting Logs to the Log Retention Appliances.
f) Act as the initial point of contact for end user support.
Log Retention Services Monthly Pricing - Table 7.0
(13TB Compressed Capacity)
End User Device Count Monthly Recurring
25 $2,380.75
Page 10 of 12
500 $3,298.81
Additional 13/3 8TB
Capacity $1,337.50
xx
Security Incident Response and Consulting:
1) The Incident Response and Digital Forensics practice shall help provide rapid
containment and eradication of threats, minimizing the duration and impact of a security breach. Leveraging elite cyber threat intelligence and global visibility, FIRN shall help end users prepare for, respond to and recover from even the most complex and large-scale security incidents. The rate is based upon a response tailored to the particular event and is on a per-end user basis.
Incident Response Service Monthly Pricing - Table 8.0
Minimum 50 hours Hourly Rated
1 $449.40*
*Includes travel and expenses, discounts may be available for additional hours needed during same on-site visit
The FIRN’s Security and Risk Consulting (SRC) group shall help customers solve security and compliance challenges. FIRN shall provide services listed below:
Regulatory and Compliance
x GLBA (Gramm-Leach-Bliley Act) Gap Analysis x HIPAA (Health Insurance Portability and Accountability
Act) Gap Analysis
x FISMA (Federal Information Security Management Act)/NIST (National Institute of Standards and Technology) Gap Analysis
x PCI (Payment Card Industry) Gap Analysis x QSA (Qualified Security Assessor) On-Demand x ISO (International Organization for Standardization)
2700x Gap Analysis x General Controls Audit
x Information Security Assessment x Security Architecture Review x Governance Review
x Facility Clearance Readiness Review x E-Discovery (Electronic Discovery)
x Security and Compliance Attestation Reporting x Third-Party Diligence and Vendor Management x IT (Information Technology) Risk Assessment
Testing and Analysis
x Vulnerability Assessments x Penetration Testing x Web Application Assessments x Network Security Assessment x Physical Security Assessment x Wireless Network Testing x Social Engineering x War Dialing x Data Discovery and
Classification
Page 11 of 12 Note:
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop, implement, and maintain a comprehensive written information security program that protects the privacy and integrity of end user records.
The Health Insurance Portability and Accountability Act of 1996 (HIPPA) includes: the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
Payment Card Industry (PCI) Gap Analysis are designed to combat identity theft and to better secure credit card data. Credit card associations created the Payment Card Industry (PCI) Data Security Standard (DSS) and expect organizations that process, store or transmit cardholder data to comply with these standards.
ISO (International Organization for Standardization) 2700x is a series of specifications which include Information Security Management Systems whose focus is based on evaluating process rather than content. These standards contain a Code of Practice consisting of a comprehensive set of information security control objectives and a menu of best practice security controls.
Security Risk Consulting Service Monthly Pricing - Table 8.0
Minimum 50 hours Hourly Rated
1 $385.20*
* Includes travel and expenses
2) All CSAB orders shall include a statement-of-work to be reviewed and approved by
DMS and end user. The statement-of-work template shall be defined in the operational and user guide.
xx
Service Level Objectives:
Security Risk Consulting Service Service Level Objectives - Table 9.0
SLO Type Description Action
Security Monitoring (applicable to ASB and Standalone options)
End user shall receive a response (according to the escalation procedures defined in the End User Portal or in the manner
pre-1/30th of monthly fee for Service for the
Page 12 of 12 selected in writing by End user, either
through the help desk ticketing system, email, or by telephone) to security incidents within fifteen (15) minutes of the
determination by the Service Provider that given malicious activity constitutes a security incident. This is measured by the difference between the time stamp on the incident ticket created by the SOC personnel or technology and the time stamp of the correspondence documenting the initial escalation. A “security incident” is defined as an incident ticket that comprises an event (log) or group of events (logs) that is deemed high severity by the SOC. The most up-to-date version can always be found in the Real-Time Events section of the End User Portal). Automatically created incident tickets (via correlation technology) and event(s) or log(s) deemed low severity will not be escalated, but will be available for reporting through the End user portal.
affected device
Active Health Monitoring (for all FIRN provided devices)
Active health checks identifying the following conditions are subject to the following SLAs:
Device Unreachable – 30 minute response (via phone, ticket, or email) from
identification of the device being unreachable. This is measured by
the difference between the time stamp on the device unreachable ticket created by the SOC personnel or technology and the time stamp of the correspondence documenting the initial escalation.
1/30th of monthly fee for Service for the affected device
