Managed Security Service Provider

Purpose of this Request: The United Nations Joint Staff Pension Fund (UNJSPF) operates through two offices: Pension Administration (PA) and the Office of Investment Management (OIM). For more information about UNJSPF, please visit https://www.unjspf.org/about-us/about-the-fund/. Both UNJPSF OIM and PA are certified under ISO 27001 and ISO 22301. Each office manages its own ICT infrastructure, networks, and systems to support its respective mandate. While these environments are distinct, certain cybersecurity services - such as threat intelligence, reputation monitoring, and proactive threat hunting - can be delivered through unified solutions to promote efficiency and consistency. UNJSPF invites Expressions of Interest (EOIs) from qualified Managed Security Services Providers (MSSP). A “managed security services provider” (“MSSP”) is defined as a third-party cybersecurity company that provides outsourced monitoring and management of security devices and systems for its customers utilizing the latest technologies and best practice procedures. The MSSP should be with an industry leading Security as a Service (“SECaaS) solution which provides 24/7 managed security services (“MSS”) that include, but is not limited to, the following services: (i) managed detection and response; (ii) vulnerability detection and prioritization; (iii) managed intrusion prevention and detection; (iv) threat hunt/monitoring; (v) MSSP provided industry leading SIEM solution; (vi) incident response team; (vii) program management; (viii) information security assessments; (ix) external penetration testing; (x) internal penetration testing; (xi) deep dark web searches; and (xii) firewall audit with configuration recommendations (xiii) Forensic analysis. The proposer must be a managed security services provider with at least 7 years of experience. Must have expertise in one of the highly excepted Information Security Frameworks such as ISO 27001, NIST Cybersecurity Framework (CSF) or COBIT. Must have 5 years’ experience in the Financial / Bank sector Must have a partnership with an industry leading SIEM solution vendor for at least two years. Specific Requirements/Information The MSSP must be a leading contender that is highly rated in the cybersecurity industry with at least seven years of proven experience, five of those providing Managed Detect and Response Services for the Financial/Banking sector. The MSSP must be able to provide SOC1/SOC2 certifications upon notice. The MSSP will provide an industry leading SIEM solution. The SIEM should be recommended by a leading global research and advisory firm that provides insights, advice, and tools to help organizations make informed decisions in cybersecurity. The MSSP must have a proven team of experienced security professionals who are certified in the latest threat detection and response technologies. In addition, the MSSP will be expected to provide continuous reports on the status of the Managed Detect AND RESPONSE SERVICES. The support Staff lead should hold a CISSP or equivalent certification. The MSSP must have the ability to use the latest threat detection and response technologies, including Security Information and Event Management (“SIEM”), Endpoint Detection & Response (“EDR”) / Managed Detect and Response (“MDR”), and threat intelligence platforms with a well-defined process for detecting and responding to security threats and vulnerabilities. Security Incident Response shoud be P1 = 30 Minutes, P2 = 1 Hour, P3 = 8 Hours The Security as a Service, a Managed Security Services solution, must include the following services: •Tier-1 - 24/7 Event management and security alerts notification. •Tier-2 Security event analysis, support for security incident response, continual improvement of procedures and use cases. •On demand support services to provide remote assistance during office hours. •Identify, isolate, and perform forensic analysis to understand any possible impact from cybersecurity attacks or vulnerabilities. •MDR with the ability to quickly triage, investigate, alert, and respond to incidents. •Intrusion prevention and detection. •Centralized security event logging integration with a MSSP managed industry leading SIEM. •Integrate SIEM and Vulnerability scanning results with ITSM solution (e.g. Service Now, OTRS). •Endpoint monitoring detection for multiple device types including physical / virtual Windows/Linux servers, network appliances and devices, PCs, Laptops, and tablets. •Cyber Incident Response Team (“CIRT”) who can support the incident response lifecycle along with OIM AND PA. •Continuous notifications to OIM AND PA concerning latest and ongoing Cybersecurity threats and vulnerabilities. •Threat modelling framework used such as OWASP top 10/ MITRE ATT&CK Framework. •Real-time threat intelligence especially with zero-day or emerging threats. •Up-to-date protection for zero-day or emerging threats within its system(s). •User-friendly dashboard to monitor endpoint threats across multiple data centers and virtual private clouds environments. •Ability and capacity to contain threats on OIM’s and PA’s behalf. •Ability to isolate and block known threats. •Ability to stop attackers earlier in the ‘cyber kill chain’ to prevent lateral spread. •Ability to conduct proactive and reactive threat hunting across all OIM’s and PA’s environments. •Interaction with OIM’s and PA’s Information Technology team on a continuous basis through the duration of the engagement by means of status reports, meetings, and email notifications. •Vulnerability assessment using OIM’s and PA’s solutions (e.g. Tenable.io, Nessus, Acunetix). •Penetration testing of OIM’s and PA’s public facing web applications with reports and debriefing upon completion. •Penetration testing of OIM’s and PA’s internal networks including Wi-Fi, with reports and debriefing upon completion. •Automated firewall reviews with reports and debriefing upon completion. •Network security monitoring and reporting. •Periodic Deep Dark Web scanning to determine any unauthorized usage of OIM’s and PA’s information or data with deliverable reports and debriefing upon completion. •Periodic Information Security Assessments (“ISA”) on OIM’s and PA’s Information Technology’s infrastructures to include providing ISA ratings for each category in deliverable reports and debriefing upon completion. •Ability to perform periodic incident response exercises with a deliverable report and debriefing upon completion of the exercises. •Periodic status meetings. •Other related vendor service offerings as directed by OIM AND PA. •Security solution monitoring of OIM’s and PA’s cloud platforms such as: MS365, Azure, AWS, Okta, ServiceNow, Oracle Fusion, MuleSoft, CyberArk, Cisco Umbrella, Meraki dashboard, Cisco FTD, and SecurityScorecard.com. •Perform Tabletop exercise services. •Social Engineering campaigns (Phishing) / cybersecurity awareness training. •Have working knowledge of Intune’s EDR solution. •Have working knowledge of Tripwire File Integrity Monitoring. •Familiar with Sophos AV, MS Defender, and CrowdStrike solutions.