The URL can be used to link to this page

Home My WebLink AboutRes2022-049 SHI Contract for Sophos1 1 Sponsored by: Bower CITY OF SEWARD, ALASKA RESOLUTION 2022-049 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF SEWARD, ALASKA, AUTHORIZING THE CITY MANAGER TO ENTER INTO A CONTRACT WITH SHI FOR THE PURCHASE OF SOPHOS CENTRAL INTERCEPT X, SOPHOS CENTRAL XDR AND EDR, AND SOPHOS MTR ADVANCED SUBSCRIPTIONS, IN THE AMOUNT OF $59,842.30 AND APPROPRIATING FUNDS WHEREAS, with the constantly evolving cybersecurity threat landscape, the IT Department has been working to strengthen our network and data systems defenses. One of our initial steps in early 2020 was to implement a more modern endpoint protection solution to improve detection and remediation of modern cybersecurity threats; and WHEREAS, after testing several products from multiple vendors our team selected Sophos Intercept X to protect the City's desktops, laptops, and servers. At the time we were able to negotiate a multi -year license for that product that is valid through 2/28/2024; and WHEREAS, in light of recent global events, IT has deemed it necessary to move to the next step in improving our cybersecurity stance. In this phase our departmental goal is to move from being reactive to taking a more proactive approach to cyber incident detection and response. To work toward this goal, the IT department has worked with Sophos to secure discounted pricing to supplement our existing endpoint protection service with Sophos Advanced Managed Threat Response (MTR). This partnership would essentially add a dedicated security team to the IT Department, allowing City staff to focus on providing day to day support to City staff while prioritizing cybersecurity threat response; and WHEREAS, Sophos Advanced MTR gives the City IT department access to the expertise of the full team of Sophos cybersecurity professionals as well as the Sophos Security Operations Center (SOC). The Sophos SOC provides 24/7 monitoring of the endpoint protection dashboard, which monitors the installed Sophos security software, and alerts the City IT team when a potential breach is detected. In addition to providing this support the Sophos team will provide monthly incident and system reviews, recommendations to improve the security of City data systems, along with active threat hunting to identify issues and contain threats before they can spread; and WHEREAS, another major benefit of this service from Sophos is the inclusion of Incident Response and Recovery in our subscription. In the event the City falls victim to a cyberattack, the Sophos team will work as an extension of the City IT department to help neutralize and recover from the incident. This service alone would cost the City $37,000 per incident, but is included in the proposed Advanced MTR subscription. The current proposal from Sophos will provide the Advanced MTR service and extend coverage of our existing endpoint protection for an additional two years through 2/28/26 at a cost of $59,842.30. CITY OF SEWARD, ALASKA RESOLUTION 2022-049 NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF SEWARD, ALASKA that: Section I. The City Manager is hereby authorized to enter in to a contract with SHI for the purchase Sophos Managed Threat Response, in substantially the form as attached hereto. Section 2. Funds in the amount of $59,8542.30 will be appropriated from the General Fund reserves account 01000-0000-3400 to the contracted services account 01000-1121 -7009. Section 3. This resolution shall take effect immediately upon adoption. PASSED AND APPROVED by the City Coun► of he ' ' y of Seward, Alaska, this 29th day of March, 2022. Christy Terry, AYES: Wells, McClure, Casagranda, Calhoon, Osenga, Terry NOES: None ABSENT: DeMoss ABSTAIN: None ATTEST: Brenda J. Ball6u, MMC City Clerk City Council Agenda Statement Meeting Date: March 29, 2022 (Special Meeting) To: City Council Through: Janette Bower, City Manager From: Dustin Phillips, IT Director Agenda Item: Resolution 2022-049: Authorizing the City Manager to Enter into a Contract with SHI for the Purchase of Sophos Central Intercept X, Sophos Central XDR and EDR, and Sophos MTR Advanced Subscriptions in the Amount of $59,842.30 and Appropriating Funds Background and justification: With the constantly evolving cybersecurity threat landscape, the IT department has been working to strengthen our network and data systems defenses. One of our initial steps in early 2020 was to implement a more modern endpoint protection solution to improve detection and remediation of modern cybersecurity threats. After testing several products from multiple vendors our team selected Sophos Intercept X to protect the City's desktops, laptops, and servers. At the time we were able to negotiate a multi -year license for that product that is valid through 2/28/2024. In light of recent global events, IT has deemed it necessary to move to the next step in improving our cybersecurity stance. In this phase our departmental goal is to move from being reactive to taking a more proactive approach to cyber incident detection and response. To work toward this goal, the IT department has worked with Sophos to secure discounted pricing to supplement our existing endpoint protection service with Sophos Advanced Managed Threat Response (MTR). This partnership would essentially add a dedicated security team to the IT Department, allowing City staff to focus on providing day to day support to City staff while prioritizing cybersecurity threat response. Sophos Advanced MTR gives the City IT department access to the expertise of the full team of Sophos cybersecurity professionals as well as the Sophos Security Operations Center (SOC). The Sophos SOC provides 24/7 monitoring of the endpoint protection dashboard, which monitors the installed Sophos security software, and alerts the City IT team when a potential breach is detected. In addition to providing this support the Sophos team will provide monthly incident and system reviews, recommendations to improve the security of City data systems, along with active threat hunting to identify issues and contain threats before they can spread. Another major benefit of this service from Sophos is the inclusion of Incident Response and Recovery in our subscription. In the event the City falls victim to a cyberattack, the Sophos team will work as an extension of the City IT department to help neutralize and recover from the incident. This service alone would cost the City $37,000 per incident, but is included in the proposed Advanced MTR subscription. The current proposal from Sophos will provide the Advanced MTR service and extend coverage of our existing endpoint protection for an additional two years through 2/28/26 at a cost of $59,842.30. Funds in the amount of $59,8542.30 will be appropriated from the General Fund reserves account 01000-0000-3400 to the contracted services account 01000-1121-7009. X Comprehensive and Strategic Plan Consistency Information This legislation is consistent with (citation listed): Comprehensive Plan: Strategic Plan: Other: Certification of Funds Total amount of funds listed in this legislation: $ 59,842.30 Th's legislation (✓): Creates revenue in the amount of: Creates expenditure in amount of: Creates a savings in the amount of: Has no fiscal impact Funds are (✓): Budgeted Line item(s): Not budgeted Not applicable x x $ $ 59,842.30 $ 1000-1121-7009 Unassigned Fund Balance and Available Unrestricted Cash Balance Information Fund (✓): General Boat Harbor Motor Pool SMIC Parking Other Unassigned Fund Balance*: Available Unrestricted Cash Balance*: (1090) Attorney Review✓ x Yes Not applicable Electric Water $ $ Wastewater Healthcare 5,070,657.57 *unaudited numbers 9,780,472.70 Finance Signature: Administration Recommendation x Adopt Resolution Other: 5H1 City of Seward Dustin Phillips PO Box 167 410 Adams Street City Seward, AK 99664 United States Phone: (907) 224-4050 Fax: Email: dphillips@cityofseward.net All Prices are in US Dollar (USD) Product 1 Sophos Central Intercept X Advanced with EDR and MTR Advanced - Subscription license renewal (3 years) - 1 user - volume, GOV - 100-199 licenses - Win, Mac Sophos - Part#: MUAH3GTAA Coverage Term: 2/15/2022 — 2/14/2026 2 Sophos Central Intercept X Advanced with XDR and MTR Advanced - Subscription license renewal (1 year) - 1 user - volume, GOV - 100-199 licenses - Win, Mac Sophos - Part#: MUAH1GTAA Coverage Term: 2/15/2022 — 2/14/2026 3 Sophos Central Intercept X Advanced for Server with EDR and MTR Advanced - Subscription license renewal (3 years) - 1 server - volume, GOV - 25-49 licenses - Linux, Win Sophos - Part#: MVAF3GTAA Coverage Term: 2/15/2022 — 2/14/2026 4 Sophos Central Intercept X Advanced for Server with EDR and MTR Advanced - Subscription license renewal (1 year) - 1 server - volume, GOV - 25-49 licenses - Linux, Win Sophos - Part#: MVAF1GTAA Coverage Term: 2/15/2022 — 2/14/2026 5 Sophos SafeGuard - subscription license (1 year) Sophos - Part#: NSI U 1 CSAA Coverage Term: 2/15/2022 — 2/14/2023 6 Sophos MTR SF SW/Virtual Network Sensor - 12 Months Sophos - Part#: NSRU1CSAA Coverage Term: 2/15/2023 — 2/14/2026 7 PROFESSIONAL SVCS 4HR NSG MTRNETWORK SENSOR REMOTE Sophos - Part#: PM4ZTCCAA Pricing Proposal Quotation #: 21615436 Created On: 2/15/2022 Valid Until: 3/31/2022 Inside Account Executive Jon Bateky 290 Davidson Ave Somerset, NJ 08873 Phone: 732-584-8251 Fax: 732-564-3099 Email: jon_bateky@shi.com Qty Your Price Total 175 $160.24 $28,042.00 175 $80.12 $14,021.00 25 $206.78 $5,169.50 25 $103.45 $2,586.25 2 $1,094.12 $2,188.24 6 $1,094.12 $6,564.72 1 $1,270.59 $1,270.59 Subtotal $59,842.30 Shipping $0.00 *Tax $0.00 Total $59,842.30 *Tax is estimated. Invoice will include the full and final tax due. Additional Comments SHI SPIN: #143012572 SHI-GS SPIN (For Texas customers ONLY): #143028315 For E-rate SPI orders, applicant shall be responsible for payment of any outstanding or ineligible costs if USAC rejects reimbursement claim in whole or in part. Please note, if Emergency Connectivity Funds (ECF) will be used to pay for all or part of this quote, please let us know as we will need to ensure compliance with the funding program. Hardware items on this quote may be updated to reflect changes due to industry wide constraints and fluctuations. We are constantly striving to provide you with World Class Support! We'd love to hear about your quoting experience with this brief survey! WSCA Contract No. ADSP016-00005829 ALASKA STATE CONTRACT # N-2016-VAR-0001 Amendment No. Four (04) By executing a an order against this quote customer agrees that they will review and agree to the manufacturers terms of use. Any discrepancies between manufacturer licensing agreement and customer terms must still be agreed to or negotiated independently and directly with manufacturer. The Products offered under this proposal are resold in accordance with the SHI Online Customer Resale Terms and Conditions, unless a separate resale agreement exists between SHI and the Customer. SOPHOS v c negec Threat es3onse v TRD Sophos Managed Threat Response (MTR) provides 2LI/7 threat hunting, detection, and response capabilities delivered by an expert team as a J fully-mana•ed service. Highlights Advanced threat hunting, detection, and response capabilities delivered as a fully- managed service Collaborate with a 2L-I/7 response team that takes action to remotely contain and neutralize threats You decide and control what actions the MTR team takes and how incidents are managed Combines top -rated machine learning technology with a highly - trained team of experts Two tiers of service [Standard and Advanced] provide a comprehensive set of capabilities for organizations of all maturity levels Threat Notification Isn't the Solution - It's a Starting Point Few organizations have the right tools, people, and processes in-house to effectively manage their security program around -the -clock while proactively defending against new and emerging threats. Going beyond simply notifying you of attacks or suspicious behaviors, the Sophos MTR team takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats. With Sophos MTR, your organization is armed with a 2L-I/7 team of threat hunters and response experts who will: Proactively hunt for and validate potential threats and incidents Use all available information to determine the scope and severity of threats Apply the appropriate business context for valid threats Initiate actions to remotely disrupt, contain, and neutralize threats Provide actional advice for addressing the root cause of recurring incidents Machine -Accelerated Human Response Built on our Intercept X Advanced with EDR technology, Sophos MTR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. This fusion of Sophos' consistently top -rated endpoint protection and intelligent EDR, with a world -class team of security experts results in what we call "machine -accelerated human response" Complete Transparency and Control With Sophos MTR, you own the decisions and control how and when potential incidents are escalated, what response actions (if any) you want us to take, and who should be included in communications. Sophos MTR features three response modes so you can choose the best way for our MTR team to work alongside you during incidents: Notify: We notify you about the detection and provide detail to help you in prioritization and response. Collaborate: We work with your internal team or external point(s) of contact to respond to the detection. Authorize: We handle containment and neutralization actions and will inform you of the action(s) taken. Managed Threat Response [MTR] Sophos MTR Service Tiers Sophos MTR features two service tiers (Standard and Advanced) to provide a comprehensive set of capabilities for organizations of all sizes and maturity levels. Regardless of the service tier selected, organizations can take advantage of any of the three response modes [notify, collaborate, or authorize] to fit their unique needs. Sophos MTR: Standard 2y/7 Lead -Driven Threat Hunting Confirmed malicious artifacts or activity [strong signals] are automatically blocked or terminated, freeing up threat hunters to conduct lead -driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected. Security Health Check Keep your Sophos Central products --beginning with Intercept X Advanced with EDR--operating at peak performance with proactive examinations of your operating conditions and recommended configuration improvements. Activity Reporting Summaries of case activities enable prioritization and communication so your team knows what threats were detected and what response actions were taken within each reporting period. Adversarial Detections Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers. Sophos MTR: Advanced Includes all Standard features, plus the following. 2y/7 Leadless Threat Hunting Applying data science, threat intelligence, and the intuition of veteran threat hunters, we combine your company profile, high -value assets, and high -risk users to anticipate attacker behavior and identify new Indicators of Attack (IoA). Enhanced Telemetry Threat investigations are supplemented with telemetry from other Sophos Central products extending beyond the endpoint to provide a full picture of adversary activities. Proactive Posture Improvement Proactively improve your security posture and harden your defenses with prescriptive guidance for addressing configuration and architecture weaknesses that diminish your overall security capabilities. United Kingdom and Worldwide Sales Tel: +44 [0]8447 671131 Email: sales@sophos.com North American Sales Toll Free: 1-866-866-2802 Email: nasales@sophos.com Dedicated Threat Response Lead When an incident is confirmed, a dedicated threat response lead is provided to directly collaborate with your on - premises resources (internal team or external partner) until the active threat is neutralized. Direct Call -In Support Your team has direct call -in access to our security operations center (SOC). Our MTR Operations Team is available around -the -clock and backed by support teams spanning 26 locations worldwide. Asset Discovery From asset information covering OS versions, applications, and vulnerabilities to identifying managed and unmanaged assets, we provide valuable insights during impact assessments, threat hunts, and as part of proactive posture improvement recommendations. Australia and New Zealand Sales Tel: +612 9409 9100 Email: sales@sophos.com.au Asia Sales Tel: +65 62244168 Email: salesasia@sophos.com SOPHOS