The URL can be used to link to this page

Home My WebLink AboutRes2022-049 SHI Contract for Sophos CITY OF SEWARD,ALASKA Sponsored by: Bower RESOLUTION 2022-049 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF SEWARD, ALASKA, AUTHORIZING THE CITY MANAGER TO ENTER INTO A CONTRACT WITH SHI FOR THE PURCHASE OF SOPHOS CENTRAL INTERCEPT X,SOPHOS CENTRAL XDR AND EDR,AND SOPHOS MTR ADVANCED SUBSCRIPTIONS, IN THE AMOUNT OF $59,842.30 AND APPROPRIATING FUNDS WHEREAS, with the constantly evolving cybersecurity threat landscape, the IT Department has been working to strengthen our network and data systems defenses. One of our initial steps in early 2020 was to implement a more modern endpoint protection solution to improve detection and remediation of modern cybersecurity threats; and WHEREAS, after testing several products from multiple vendors our team selected Sophos Intercept X to protect the City's desktops, laptops, and servers. At the time we were able to negotiate a multi-year license for that product that is valid through 2/28/2024; and WHEREAS, in light of recent global events, IT has deemed it necessary to move to the next step in improving our cybersecurity stance. In this phase our departmental goal is to move from being reactive to taking a more proactive approach to cyber incident detection and response. To work toward this goal,the IT department has worked with Sophos to secure discounted pricing to supplement our existing endpoint protection service with Sophos Advanced Managed Threat Response (MTR). This partnership would essentially add a dedicated security team to the IT Department, allowing City staff to focus on providing day to day support to City staff while prioritizing cybersecurity threat response; and WHEREAS,Sophos Advanced MTR gives the City IT department access to the expertise of the full team of Sophos cybersecurity professionals as well as the Sophos Security Operations Center(SOC). The Sophos SOC provides 24/7 monitoring of the endpoint protection dashboard, which monitors the installed Sophos security software,and alerts the City IT team when a potential breach is detected. In addition to providing this support the Sophos team will provide monthly incident and system reviews,recommendations to improve the security of City data systems,along with active threat hunting to identify issues and contain threats before they can spread; and WHEREAS,another major benefit of this service from Sophos is the inclusion of Incident Response and Recovery in our subscription. In the event the City falls victim to a cyberattack,the Sophos team will work as an extension of the City IT department to help neutralize and recover from the incident. This service alone would cost the City$37,000 per incident, but is included in the proposed Advanced MTR subscription. The current proposal from Sophos will provide the Advanced MTR service and extend coverage of our existing endpoint protection for an additional two years through 2/28/26 at a cost of$59,842.30. CITY OF SEWARD,ALASKA RESOLUTION 2022-049 NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF SEWARD,ALASKA that: Section 1. The City Manager is hereby authorized to enter in to a contract with SHI for the purchase Sophos Managed Threat Response, in substantially the form as attached hereto. Section 2. Funds in the amount of$59,8542.30 will be appropriated from the General Fund reserves account 01000-0000-3400 to the contracted services account 01000-1121 -7009. Section 3. This resolution shall take effect immediately upon adoption. PASSED AND APPROVED by the City Coun• of he ' of Seward, Alaska,this 29th day of March,2022. / HE I ►! I ' WARD,A • " • Christy Terry, ayor AYES: Wells, McClure, Casagranda, Calhoon, Osenga,Terry NOES: None ABSENT: DeMoss ABSTAIN: None ATTEST: �.•� 1" Brenda J. Ball I u, MMC City Clerk '"I I..'. (City Seit)y OF SF4�•. • ............ 4,.. .0600 • SEAL '_ • r: tst Aviv,,F OF . . •....I,,,.... City Council Agenda Statement Meeting Date: March 29, 2022 (Special Meeting) To: City Council Through: Janette Bower, City Manager From: Dustin Phillips, IT Director Agenda Item: Resolution 2022-049: Authorizing the City Manager to Enter into a Contract with SHI for the Purchase of Sophos Central Intercept X, Sophos Central XDR and EDR, and Sophos MTR Advanced Subscriptions in the Amount of $59,842.30 and Appropriating Funds Background and justification: With the constantly evolving cybersecurity threat landscape, the IT department has been working to strengthen our network and data systems defenses. One of our initial steps in early 2020 was to implement a more modern endpoint protection solution to improve detection and remediation of modern cybersecurity threats. After testing several products from multiple vendors our team selected Sophos Intercept X to protect the City's desktops, laptops, and servers. At the time we were able to negotiate a multi-year license for that product that is valid through 2/28/2024. In light of recent global events, IT has deemed it necessary to move to the next step in improving our cybersecurity stance. In this phase our departmental goal is to move from being reactive to taking a more proactive approach to cyber incident detection and response. To work toward this goal, the IT department has worked with Sophos to secure discounted pricing to supplement our existing endpoint protection service with Sophos Advanced Managed Threat Response (MTR). This partnership would essentially add a dedicated security team to the IT Department, allowing City staff to focus on providing day to day support to City staff while prioritizing cybersecurity threat response. Sophos Advanced MTR gives the City IT department access to the expertise of the full team of Sophos cybersecurity professionals as well as the Sophos Security Operations Center (SOC). The Sophos SOC provides 24/7 monitoring of the endpoint protection dashboard, which monitors the installed Sophos security software, and alerts the City IT team when a potential breach is detected. In addition to providing this support the Sophos team will provide monthly incident and system reviews, recommendations to improve the security of City data systems, along with active threat hunting to identify issues and contain threats before they can spread. Another major benefit of this service from Sophos is the inclusion of Incident Response and Recovery in our subscription. In the event the City falls victim to a cyberattack, the Sophos team will work as an extension of the City IT department to help neutralize and recover from the incident. This service alone would cost the City $37,000 per incident, but is included in the proposed Advanced MTR subscription. The current proposal from Sophos will provide the Advanced MTR service and extend coverage of our existing endpoint protection for an additional two years through 2/28/26 at a cost of $59,842.30. Funds in the amount of$59,8542.30 will be appropriated from the General Fund reserves account 01000-0000-3400 to the contracted services account 01000-1121-7009. Comprehensive and Strategic Plan Consistency Information This legislation is consistent with (citation listed): Comprehensive Plan: Strategic Plan: Other: Certification of Funds Total amount of funds listed in this legislation: $ 59,842.30 This legislation (✓): Creates revenue in the amount of: $ x Creates expenditure in amount of: $ 59,842.30 Creates a savings in the amount of: $ Has no fiscal impact Funds are (✓): Budgeted Line item(s): x Not budgeted 1000-1121-7009 Not applicable Unassigned Fund Balance and Available Unrestricted Cash Balance Information Fund (✓): X General SMIC Electric Wastewater Boat Harbor Parking F1 Wat F1 Healthcare Motor Pool Other Unassigned Fund Balance*: $ 5,070,657.57 *unaudited numbers Available Unrestricted Cash Balance*: $ 9,780,472.70 (1090) Finance Signature: Attorney Review,/ Administration Recommendation RxYes x Adopt Resolution Not applicable Other: Pricing Proposal Quotation#: 21615436 SF1 I Created On: 2/15/2022 Valid Until: 3/31/2022 City of Seward Inside Account Executive Dustin Phillips Jon Bateky PO Box 167 410 Adams Street City 290 Davidson Ave Seward, AK 99664 Somerset, NJ 08873 United States Phone:732-584-8251 Phone:(907)224-4050 Fax: 732-564-3099 Fax: Email: jon_bateky@shi.com Email: dphillips@cityofseward.net All Prices are in US Dollar(USD) Product Qty Your Price Total 1 Sophos Central Intercept X Advanced with EDR and MTR Advanced-Subscription 175 $160.24 $28,042.00 license renewal(3 years)-1 user-volume, GOV- 100-199 licenses-Win, Mac Sophos-Part#: MUAH3GTAA Coverage Term:2/15/2022—2/14/2026 2 Sophos Central Intercept X Advanced with XDR and MTR Advanced-Subscription 175 $80.12 $14,021.00 license renewal (1 year)- 1 user-volume, GOV-100-199 licenses-Win, Mac Sophos-Part#: MUAH1GTAA Coverage Term:2/15/2022—2/14/2026 3 Sophos Central Intercept X Advanced for Server with EDR and MTR Advanced- 25 $206.78 $5,169.50 Subscription license renewal (3 years)- 1 server-volume, GOV-25-49 licenses- Linux,Win Sophos-Part#: MVAF3GTAA Coverage Term:2/15/2022—2/14/2026 4 Sophos Central Intercept X Advanced for Server with EDR and MTR Advanced- 25 $103.45 $2,586.25 Subscription license renewal (1 year)-1 server-volume, GOV-25-49 licenses- Linux,Win Sophos-Part#: MVAF1GTAA Coverage Term:2/15/2022—2/14/2026 5 Sophos SafeGuard-subscription license(1 year) 2 $1,094.12 $2,188.24 Sophos-Part#: NSIU1CSAA Coverage Term:2/15/2022—2/14/2023 6 Sophos MTR SF SW/Virtual Network Sensor-12 Months 6 $1,094.12 $6,564.72 Sophos-Part#: NSRU1 CSAA Coverage Term:2/15/2023—2/14/2026 7 PROFESSIONAL SVCS 4HR NSG MTRNETWORK SENSOR REMOTE 1 $1,270.59 $1,270.59 Sophos-Part#: PM4ZTCCAA Subtotal $59,842.30 Shipping $0.00 *Tax $0.00 Total $59,842.30 *Tax is estimated. Invoice will include the full and final tax due. Additional Comments SHI SPIN:#143012572 SHI-GS SPIN(For Texas customers ONLY):#143028315 For E-rate SPI orders, applicant shall be responsible for payment of any outstanding or ineligible costs if USAC rejects reimbursement claim in whole or in part. Please note, if Emergency Connectivity Funds(ECF)will be used to pay for all or part of this quote, please let us know as we will need to ensure compliance with the funding program. Hardware items on this quote may be updated to reflect changes due to industry wide constraints and fluctuations. We are constantly striving to provide you with World Class Support! We'd love to hear about your quoting experience with this brief survey! WSCA Contract No.ADSP016-00005829 ALASKA STATE CONTRACT#N-2016-VAR-0001 Amendment No. Four(04) By executing a an order against this quote customer agrees that they will review and agree to the manufacturers terms of use. Any discrepancies between manufacturer licensing agreement and customer terms must still be agreed to or negotiated independently and directly with manufacturer. The Products offered under this proposal are resold in accordance with the SHI Online Customer Resale Terms and Conditions, unless a separate resale agreement exists between SHI and the Customer. SOPHOS Managed Threat Response (MTR) ResponseExpert-Led Threat Sophos Managed Threat Response (MTR] provides 2L]17 threat hunting, detection, and se capabilities delivered by an expert team as a . .. ., service. Highlights Threat Notification Isn't the Solution - It's a Starting Point Advanced threat hunting, Few organizations have the right tools,people,and processes in-house to effectively detection,and response manage their security program around-the-clock while proactively defending against capabilities delivered as a new and emerging threats. Going beyond simply notifying you of attacks or suspicious fully- managed service behaviors,the Sophos MTR team takes targeted actions on your behalf to neutralize Collaborate with a 2LI17 even the most sophisticated and complex threats. response team that takes With Sophos MTR,your organization is armed with a 2U/7 team of threat hunters and action to remotely Contain response experts who will: and neutralize threats Proactively hunt for and validate potential threats and incidents You decide and control Use all available information to determine the scope and severity of threats what actions the MTR team Apply the appropriate business context for valid threats takes and how incidents Initiate actions to remotely disrupt,contain,and neutralize threats are managed Provide actional advice for addressing the root cause of recurring incidents Combines top-rated Machine-Accelerated Human Response machine learning Built on our Intercept Advanced with EDP technology,Sophos MTR fuses machine technology with a highly- learning technology and expert analysis for improved threat hunting and detection, trained team of experts deeper investigation of alerts,and targeted actions to eliminate threats with speed Two tiers of service and precision.This fusion of Sophos'consistently top-rated endpoint protection and (Standard and Advanced) intelligent EDP,with a world-class team of security experts results in what we call provide a comprehensive "machine-accelerated human response" set of capabilities for Complete Transparency and Control organizations of all maturity levels With Sophos MTR,you own the decisions and control how and when potential incidents are escalated,what response actions(if any)you want us to take,and who should be included in communications.Sophos MTR features three response modes so you can choose the best way for our MTR team to work alongside you during incidents: Notify:We notify you about the detection and provide detail to help you in prioritization and response. Collaborate:We work with your internal team or external point(s)of contact to respond to the detection. Authorize:We handle containment and neutralization actions and will inform you of the action(s)taken. Managed Threat Response (MTR) Sophos MTR Service Tiers Sophos MTR features two service tiers(Standard and Advanced)to provide a comprehensive set of capabilities for organizations of all sizes and maturity levels.Regardless of the service tier selected,organizations can take advantage of any of the three response modes(notify,collaborate,or authorize)to fit their unique needs. • • • • . • 2y/7 Lead-Driven Threat Hunting Activity Reporting Confirmed malicious artifacts or activity(strong signals) Summaries of case activities enable prioritization and are automatically blocked or terminated,freeing up threat communication so your team knows what threats were hunters to conduct lead-driven threat hunts.This type of detected and what response actions were taken within threat hunt involves the aggregation and investigation of each reporting period. causal and adjacent events(weak signals)to discover new Adversarial Detections Indicators of Attack(IoA)and Indicators of Compromise Most successful attacks rely on the execution of a process (IoC)that previously could not be detected. that can appear legitimate to monitoring tools.Using Security Health Check proprietary investigation techniques,our team determines Keep your Sophos Central products--beginning with the difference between legitimate behavior and the tactics, Intercept X Advanced with EDP--operating at peak techniques,and procedures(TTPs)used by attackers. performance with proactive examinations of your operating conditions and recommended configuration improvements. Sophos MTR: Advanced Includes oil Stondord feotures,plus the following: 2y/7 Leadless Threat Hunting Dedicated Threat Response Lead Applying data science,threat intelligence,and the intuition When an incident is confirmed,a dedicated threat response of veteran threat hunters,we combine your company lead is provided to directly collaborate with your on- profile,high-value assets,and high-risk users to anticipate premises resources(internal team or external partner)until attacker behavior and identify new Indicators of Attack the active threat is neutralized. (IoA). Direct Call-In Support Enhanced Telemetry Your team has direct call-in access to our security Threat investigations are supplemented with telemetry operations center(SOC). Our MTR Operations Team is from other Sophos Central products extending beyond the available around-the-clock and backed by support teams endpoint to provide a full picture of adversary activities. spanning 26 locations worldwide. Proactive Posture Improvement Asset Discovery Proactively improve your security posture and harden From asset information covering OS versions,applications, your defenses with prescriptive guidance for addressing and vulnerabilities to identifying managed and unmanaged configuration and architecture weaknesses that diminish assets,we provide valuable insights during impact your overall security capabilities. assessments,threat hunts,and as part of proactive posture improvement recommendations. United Kingdom and Worldwide Sales North American Sales Australia and New Zealand Sales Asia Sales Tel:+44(0]8447 671131 Toll Free:1-866-866-2802 Tel:+61 2 9409 9100 Tel:+65 62244168 Email:sales@sophos.com Email:nasales@sophos.com Email:sales@sophos.com.au Email:salesasia@sophos.com SOPHOS