Date: 5th May 2020
RE -ADVERTISEMENT
RFP – SUPPLY, INSTALLATION AND COMMISSIONING OF SECURITY INFORMATION
AND EVENT MANAGEMENT (SIEM)
1.0 BACKGROUND
The Company for Habitat and Housing in Africa, SHELTER-AFRIQUE, is a PanAfrican finance institution created to uniquely support the development of
affordable housing and sustainable urban development in Africa.
Shareholders include 44 African countries, the African Development Bank, and
The Africa Re-Insurance Corporation. The organization has its headquarters in
Nairobi, Kenya and two regional offices; Abuja, Nigeria and Abidjan, Ivory
Coast.
For more information on the company please visit: www.shelterafrique.org
The organization is requesting proposals to supply, installation and
commissioning of security information and event management (SIEM) tool in its
Head Office located in Upper Hill, Longonot Road, Nairobi Kenya.
2.0 OBJECTIVES
Shelter Afrique is seeking a qualified supplier who can supply, install, commission
and maintain security information and event management (SIEM) tool that
meet the following objectives:
a) Discover and collect event data from all infrastructure devices and
servers;
b) Correlate event/logs data and effective detection of complex cyberattacks and security incidents;
c) Reporting and alerting;
d) Ability to analyze data;
e) Preserve native logs and maintain central repository of log data;
f) Provides network monitoring technologies such as IDS
g) Asset discovery and inventory;
h) Topology visualization and user identity and location tracking;
i) Cloud monitoring;
j) Vulnerability assessment and monitoring;
k) Endpoint detection and response.
Page 1 of 14
3.0 SCOPE OF WORK
The scope will be:
i.
ii.
iii.
iv.
v.
Supply, installation and commissioning of security information and
event management (SIEM) tool as per requirements specification
provided in section 4.0;
Supply and Installation of security information and event management
(SIEM) tool Licenses and related software utilities / add-ons ;
Training of key staff;
Documentation;
Post Implementation Support Services and Annual maintenance
agreement inclusive of charges.
4.0 SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) TOOL TECHNICAL
REQUIREMENTS
SIEM should meet the following requirements:
i) Log collection
ii) Log aggregation and normalization
iii) Log archival
iv) Alert generation
v) Log and Event correlation
vi) File integrity monitoring
vii) User activity monitoring
viii) Log forensics, Analysis and Auditing
ix) Compliance reporting
x) Dashboard and Reports
xi) Incident management
xii) Database activity monitoring features
xiii) Vulnerability assessment and management
xiv) Integration with the devices and applications
xv) Proof of concept testing of the SIEM solution
Page 2 of 14
4.1
Detailed Technical Specifications
Bidders shall use the following options to indicate the “DEGREE OF SUPPORT OF COMPLIANCE” their solution
provides for each of requirement given in table 1 below:
a. FS - (Fully Supported) the application fully supports the requirement without any modifications.
b. PS - (Partially Supported) the application supports the requirement with use of a system or workflow
workaround.
c. NS - (Not Supported) the system is not capable of supporting the requirement and cannot be modified to
accommodate the requirement.
Table 1: Detailed technical specifications
#
Requirements
1.0
General requirements
1.1
Describe your overall proposed solution in Technical
approach and methodology section provided in section
7.1.4.
1.2
The solution should be capable of handling all the
existing and proposed devices. The SIEM should be able
to collect logs from the Servers, Storage/devices,
applications, databases, cloud solutions etc. It should be
able to collect the logs from devices from geographically
dispersed locations.
FS
PS NS
Comments
Page 3 of 14
#
Requirements
1.3
Provide advanced threat monitoring capabilities that
leverages the rules engines of the SIEM platforms, in
combination with the specialized expertise to make
continuous improvements in use cases;
1.4
Solution should provide advanced threat detection that
combines context-specific data with analytics and
machine learning to look for suspicious patterns,
behaviours and anomalies across a wider range of both
historical and real-time data;
2.0
Log collection
2.1
Proposed solution should be able to collect logs from
networks devices and servers.
2.2
Is the solution
2.2.1
Able to search for events/logs in real-time?
2.2.2
Able to analyze for events/logs in real-time?
2.2.3
Able to log security event history?
2.2.4
Compatible with Windows OS? If yes which version?
2.2.5
Compatible with Linux OS? If yes which version?
2.2.6
Compatible with Cisco network devices?
FS
PS NS
Comments
Page 4 of 14
#
Requirements
3.0
Log aggregation and normalization
3.1
Logs collected from all the devices should be
aggregated as per the user configured parameters. Logs
from multiple disparate sources should be normalized in a
common format for event analysis and correlation.
4.0
Log archival
4.1
Logs collected from all the devices should be stored in a
non tamperable format on the archival device in the
compressed form. Once logs are written to the archival
device (disk/database or any other ) nobody including
database/system administrator should be able to modify
or delete the stored raw logs.
5.0
Log and Event correlation
5.1
Solution should be able to aggregate and analyze
log/event data from across the network applications,
systems, and devices. Collected logs should be
correlated according to various predefined criteria for
generation of alerts, reports and identification of the
incident. The correlation rules should be predefined and
also user configurable.
5.2
Solution should be able to store data outside of the log
FS
PS NS
Comments
Page 5 of 14
#
Requirements
FS
PS NS
Comments
management solution.
5.3
Solution should be able to retrieve or restore old events or
logs from various sources.
6.0
Alert generation
6.1
Solution should be capable to generate alerts, register
and send the same through email.
7.0
Dashboard and Reports
7.1
Solution should provide web based facility to view
security events and security posture of the Organisation.
7.2
Solution should have drill down capability to view deep
inside the attack and analyse the attack pattern.
7.3
Should be able
notifications?
7.4
Dashboard should support export of data to multiple
formats including CSV, XML, Excel, PDF, word formats.
8.0
Incident management
8.1
Solution should have incident management capabilities
such as security workflows and logging to manage
to
configure
custom
alerts
and
Page 6 of 14
#
Requirements
FS
PS NS
Comments
detected incidents.
9.0
Database activity monitoring features
9.1
Solution should provide database activity monitoring
capability for all the DBA and maintenance related
access as well as transaction related access by various
applications including SQL queries.
10.0
Vulnerability assessment and management
10.1
The solution should be capable to monitor the
infrastructure assets vulnerability
along
with
the
location
of
such
vulnerability and suggest the
mitigation steps.
10.2
The solution should provide details on the history of a
vulnerability against each asset, help identify when the
asset first became available, and if an action reintroduced the vulnerability.
11.0
Integration with the devices and applications
11.1
The vendor will work closely with ICT team to ensure the
available devices and applications are integrated with
the SIEM tool. It is expected that connectors for all the
standard applications and devices will be readily
Page 7 of 14
#
Requirements
FS
PS NS
Comments
available or be developed by the vendor if required.
12.0
Training
12.1
Selected vendor will provide the detailed induction
training to system users and administrator.
12.2
Describe the system training to be delivered during
project implementation, including delivery methods,
instructor qualifications, among others.
13.0
Proof of concept
Shelter Afrique may at its discretion ask the Bidders to
demonstrate(Proof of Concept) the proposed solution to
the organisation.
14.0
Hardware requirements
Vendor is expected to provide hardware and software
requirements for the solution separately.
Page 8 of 14
4.2 Current Infrastructure
Table 2: Current environment
1
2
Environment
Operating system
Devices
3
4
Databases
Web services
5
Software applications
6
Security environment
Description
Microsoft Windows clients and servers, Linux
Network switches, routers, firewall, access points,
WLAN controllers, printers, mobile devices.
Oracle RDMS, Microsoft SQL Server, Mysql
Apache, Microsoft Internet Information Services
(IIS)
Office applications, Office365, ERP, Active
Directory, DLP.
End-point security/Anti-virus software, proxy
server
Additional information can be provided on request.
4.3 Warranty
The successful bidder shall provide 12 months warranty for the software and
ensure it is free from any sort of defects and shall perform as per expectations.
5.0 DELIVERABLES
The following are expected deliverables:
1. Fully functional SEIM system as per requirements provided in the RFP and
during requirement gathering phase.
2. Implement the SIEM tool to collect logs from the identified devices /
applications / databases.
3. Training of key users;
4. System documentation.
6.0 EVALUATION PROCESS AND SELECTION CRITERIA
Responses to this RFP will be evaluated and scored based on the following:
Page 9 of 14








Experience of the provider of alteast two years carrying out similar
projects;
Certified product partner. Attach proof;
Similar jobs done previously. Provide reference sites;
Technical approach and methodology proposed;
Organization and staffing;
Quality and clarity of the proposal presentation;
Compliance with regulatory authorities
Financial proposal.
7.0 PRESENTATION OF PROPOSALS
In order to facilitate the analysis of responses to this RFP, firms are required to
prepare their proposals in accordance with the instructions outlined in this
section.
Proposals should be clear, comprehensive and concise in description of the
firm’s capabilities to meet the requirements provided in the RFP.
The proposal should strictly adhere to the format provided below.
7.1 Technical proposal format
Table 3: Technical proposal format
Section
Title
1.0
Company registration and statutory requirements
2.0
Introduction or company profile
3.0
Company Experience
4.0
Technical approach and methodology
5.0
Organization and staffing
5.0
Resumes of key staff to be deployed
6.0
Response to Table 1: Detailed technical specifications
The following sections provide a detailed information on proposal format.
Page 10 of 14
7.1.1 Company registration and statutory requirements
Please provide the following information.
Table 4: Mandatory information
Requirement
Response
i)
How long has company been in business?
ii)
How long has been the company been in business
carrying out similar projects?
iii)
State the number of employees in the company
(where applicable)
iv)
Submit copies of Certificate of incorporation, Tax
compliance certificate, and any professional
affiliations.
v)
Submit financial statement for the last two years.
vi)
Equipment manufacturers’ authorization
approved partner certificate.
letter
or
7.1.2 Introduction
This section should include a brief description on the company profile covering
products and services offered. It should also include brief narrative on the
company’s proposal and it’s suitability for this project.
7.1.3 Company Experience
Using the format given below, provide information on each assignment you
have conducted relevant to the requirements provided in this RFP.
The company MUST have been in business for atleast two years carrying out
similar projects.
The section should strictly adhere to the format provided below.
Page 11 of 14
Assignment Name:
Approximate value of services (USD.):
Name of client (or Sector if no Country of assignment:
disclosure for confidentiality):
Address:
Professional staff provided by your firm
and their roles:
Duration of assignment:
Name of Associated Consultants, if Roles of associated consultants:
any:
Narrative Description of the project:
Description of actual services provided by your firm:
Contact Person
Name:
Phone:
Email:
Confirm whether you have any reservations in Shelter Afrique contacting the
entity with your authorization.
7.1.4 Technical approach and methodology
Provide a detailed explanation on technical approach and methodology to be
deployed in order to achieve the assignment objectives and expected output.
This should include proposed solution design and project plan giving clear
timelines and resources required.
Page 12 of 14
7.1.5 Organization and staffing
In this section, provide your current company structure and propose the project
team structure clearly stating their roles.
7.1.6 Resumes of key staff to be deployed
Provide resumes and copies of certificates of key personnel to be deployed in
this project.
7.1.7 Response to Table 1: Detailed technical specifications
Bidder’s response to table 1 in section 4.1 Detailed Technical Specifications
should appear in this section.
7.2 Financial proposal format
It should be well itemized as per the scope of work and bill of quantities.
Financial proposal should be presented separately from technical proposal.
Note that payment will be made based on project milestones. Therefore, the
proposal should align with project plan.
8.0 CLARIFICATION OF REQUEST FOR PROPOSAL
Company may seek clarification on this RFP only up to 1 day to end of
submission date. This should be requested in writing to email given in section 9.0.
Shelter Afrique will respond by an email or a letter.
9.0 SUBMISSION OF BIDS
Proposals should be sent by mail to: procurement@shelterafrique.org with
subject as: RESPONSE TO RFP – SUPPLY, INSTALLATION AND COMMISSIONING OF
SIEM TOOL.
Or in sealed envelopes to the address below:
SUBJECT: Response to RFP – Supply, Installation and Commissioning of SIEM
Tool
Head of Human Resources and Administration
Shelter Afrique, Longonot Road, Upper Hill
P.O. Box 41479 - 00100, GPO Nairobi, Kenya.
Tel: 254-20-2722305-9
Page 13 of 14
The deadline for submission of bids is close of business 19th June 2020
For any clarification contact us via procurement@shelterafrique.org
Yours Sincerely,
Victor Laibuni,
Head of Human Resources and Administration.
Page 14 of 14