Anti-Malware Solution
Sources Sought:
Advanced Threat Detection Tool and Threat Intelligence Exchange Tool
The Social Security Administration (SSA) is conducting a market survey/sources sought to help determine the availability and technical capability of qualified businesses capable of providing the requirement below. This market survey/sources sought announcement is not a request for proposals, and the Government is not committed to issue a solicitation or award a contract pursuant to this announcement or based on responses to this announcement. The information from this market research is only for planning purposes, and will assist the Government in its acquisition strategy. As such, the Government will not entertain questions concerning this synopsis, and will not pay any costs incurred in the preparation of information for responding to this market survey or the Government's use of the information. Proprietary information must be clearly identified as proprietary information.
The North American Industry Classification System (NAICS) code is 511210 and the size standard is $38.5M.
The Social Security Administration (SSA) currently has the following McAfee products deployed:
• McAfee VirusScan Enterprise (VSE)
• McAfee Drive Encryption (DE)
• McAfee File and Removable Media Protection (FRP)
• McAfee Data Loss Prevention Endpoint (DLPe)
• McAfee Network Data Loss Prevention (DLP)
• McAfee Web Gateway (MWG)
To enhance SSA's current McAfee anti-malware solution, SSA has a requirement to decrease the amount of time it takes to identify and remediate advanced malware that might not be detected when only using a signature-based malware detection method. SSA requires advanced and intelligent threat detection tools that must be equal to or comparable to McAfee Threat Intelligence Exchange (TIE) and Advance Threat Defense (ATD). To continue to protect SSA's network from zero-day threats this advanced anti-malware tool must meet the following minimum requirements:
• Must integrate with SSA's existing security infrastructure, McAfee ePolicy Orchestrator (ePO).
• Must integrate with SSA's existing endpoint anti-malware products, McAfee VirusScan Enterprise (VSE) and McAfee Endpoint Security (ENS).
• Must integrate with SSA's existing web proxy software McAfee WebGateway (MWG).
• Integration with McAfee products must not require a third party product.
• Infrastructure must provide redundancy through load balancing or clustering.
• Must support up to 170,000 endpoints with a unified infrastructure.
• Must be compliant with FIPS processing standards.
• Must provide ability to integrate with McAfee Global Threat Intelligence (GTI).
• Must provide ability to integrate with third party cloud based file reputation repositories such as VirusTotal.
• Must provide ability for the administrator to add new threat reputations as well as override existing threat reputations provided by McAfee GTI.
• Must allow threat reputation data to be shared in real time with MWG proxies as well as endpoints running VSE or ENS via Data Exchange Layer (DXL). Must allow VSE, ENS, and MWG the ability to block or delete malicious files based on the supplied threat reputation data.
• Must include self-protection mechanisms to prevent users from disabling the software.
• Must provide ability to whitelist files and executables based on file hash to prevent additional scanning and analysis.
• Must provide an on premise hosted appliance based solution that can automatically analyze files for malicious behavior using both static and dynamic analysis. The appliance(s) must also:
o Must accept both automatic and manual upload of potentially malicious files for analysis.
o Must provide ability to detonate/analyze malicious payloads in a virtual sandbox. Must provide detailed reports on payload detonation for review by an administrator or analyst.
o Must provide support for analyzing Microsoft Windows and Android based malware.
o Must be able to be configured to automatically share threat intelligence data on analyzed files with VSE, ENS or MWG in order to facilitate automatic blocking or deletion of files that are determined to be malicious.
o Must have ability to audit actions taken within the appliance solution.
o Must provide the ability to back up and restore the appliance configuration.
Interested vendors shall submit capability statements that demonstrate their expertise in the above-described areas in sufficient detail, including any other specific and relevant information, so the Government can determine the firm's experience and capability to provide the requirements. Failure to demonstrate the capability of providing the requirement in response to this market survey may affect the Government's review of the industry's ability to perform or provide these requirements. Capability statements must be submitted via email at Katherine.Medeiros@ssa.gov by 1:00 EST on 12/22/2017. SSA will not honor or acknowledge requests for copies of a solicitation. Oral communications are not acceptable. The Government will not accept or return phone calls related to this Market Survey.
Katherine B. Medeiros, Phone 4109651067, Email katherine.medeiros@ssa.gov
