P25PO19738 - P25PO19738 - MANAGED SECURITY SERVICE PROVIDER

This Request for Proposals (the “RFP”) is an invitation by the Toronto Transit Commission (“TTC”) to prospective proponents to submit proposals for Managed Security Service Provider Solution (“Solution”), as further described in Section A of Part 4, RFP Particulars (the “Deliverables”).
As part of its overall cyber security strategy, the TTC intends to procure a Managed Security Services Provider (the "MSSP") to deliver comprehensive security operational and monitoring services of the TTC's network environment and all its assets to prevent, detect, respond, mitigate and recover from cyber security threats and events. The MSSP is expected to provide a cost effective, innovative flexible turnkey solution with minimal assistance from the TTC.
The proposed solution will meet the following criteria including but not limited to:

• 24 hours per day, 7 days per week, 365 days per year (24x7x365) Security Operation Centre (SOC) to monitor TTC’s network, triage, analyze, alert and prioritize security events;
• Optimized, centralized and innovative SIEM Solution to collect, analyze, correlate, prioritize, report, retain and archive security events in real-time from a wide variety of sources, including vulnerability scan results, for the early detection of targeted attacks and data breaches. The SIEM solution should utilize customized effective use cases resulting in minimal false positives and also offer capabilities to support security incident investigations, forensics and regulatory compliance;
• 24 hours per day, 7 days per week, 365 days per year (24x7x365) comprehensive Security Incident Response service to manage and mitigate security breaches or cyberattacks. Services should include detection, analysis, evidence collection, containment, eradication, remediation, recovery, reporting, forensics investigative capabilities and on-site incident management;
• Provides proactive protection for applications at Layer 7 for TTC's public-facing, as well as internally used web applications and APIs against a variety of common attacks, including automated attacks (bots), injection attacks, application-layer denial of service (DoS), etc.;
• Vulnerability Management Solution to enable regular vulnerability assessments and assets discovery of the TTC’s environments. The Solution should offer scanning, identification, classification and prioritization of vulnerabilities for all TTC's assets and should be integrated within the SIEM Solution;
• Identify and detail vectors an attack used to infiltrate an endpoint, defend against ransomware and other emerging threats with multilayered protection that uses signatureless technologies like advanced machine learning, behavior analysis and exploit prevention;
• Provide Managed Firewall Services and ongoing Maintenance and Support Services