| AT&T Security Services |
TEXAN 2000 Home |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Request for Offer
|
| For more than 100 years, AT&T has set the standard for network reliability and in doing so, we’ve pioneered the most sophisticated and reliable network in the world without compensating high performance and security that customer’s demanding business enjoy. The story remains unchanged. AT&T has been deeply involved with computer and network security prior to and after the Internet and has an extensive Security Consulting Practice serving Enterprises and the U.S. Government. AT&T is deeply committed to the practice of security, both within its networks and within the services it provides. AT&T has developed numerous security innovations and management techniques supporting security and has leveraged these security innovations to create the services to support enterprises. |
Service Offering |
| AT&T follows a family of policies and practices that governs security in all AT&T services called AT&T Security Policy and Requirements (ASPR). The ASPR addresses everything from Operating Systems to Operations. AT&T IP Services builds on the ASPR foundation with AT&T OneProcess SM Service Realization Process. Within the OneProcess SM framework, security is embedded in every step of service development and network deployment, including Security Architecture, Requirements, Reviews, Testing, Monitoring, Maintenance, and Incident Response. Each new service or feature, the AT&T Security Team works closely with Product Management, Systems Architects and Engineers, Developers, Testers, and Subject Matter Experts, and AT&T Labs to ensure that security is built into the service or feature. |
|
Security Services Categories |
Small Customer |
Medium Customer |
Large Customer |
|
DIR Managed IT Security Services |
|
|
|
|
A. External controlled penetration testing |
|
|
|
|
1. Scanning |
15% |
15% |
15% |
|
2. Penetration testing |
15% - 19% |
15% - 19% |
15% - 19% |
|
3. WAR Dialing |
15% |
15% |
15% |
|
4. WAR Driving |
15% |
15% |
15% |
|
5. Social Engineering |
15% |
15% |
15% |
|
6. Applications Assessment |
15% |
15% |
15% |
|
B. Security Monitoring and Management Services |
|
|
|
|
1. NIDS/NIPS Systems |
|
|
|
|
a. Cyber Attack Alerts |
10% - 20% |
10% - 20% |
10% - 20% |
|
b. Cyber Attack Countermeasures |
10% - 20% |
10% - 20% |
10% - 20% |
|
c. Configuration Management of Monitored Devices: Security Hardware |
10% - 20% |
10% - 20% |
10% - 20% |
|
d. Configuration Management of Monitored Devices: Security Software |
10% - 20% |
10% - 20% |
10% - 20% |
|
2. HIDS/HIPS Systems |
|
|
|
|
a. Cyber Attack Alerts |
40% |
40% |
40% |
|
b. Cyber Attack Countermeasures |
10% |
10% |
10% |
|
c. Configuration Management of Monitored Devices: Security Hardware |
40% |
40% |
40% |
|
d. Configuration Management of Monitored Devices: Security Software |
10% |
10% |
10% |
|
3. Host and Applications Log Monitoring |
|
|
|
|
a. Correlation and reporting of specific server logged events |
10% |
10% |
10% |
|
b. Capture, store and reporting logged events |
10% |
10% |
10% |
|
4. Network attack activity |
40% |
40% |
40% |
|
5. Continuous event identification |
40% |
40% |
40% |
|
6. Advanced analysis and correlation of security events |
45% |
45% |
45% |
|
7. Expert human interpretation |
15% |
15% |
15% |
|
8. Timely response and escalation procedures |
15% |
15% |
15% |
|
9. Dynamic online reporting |
40% |
40% |
40% |
|
10. Security management and event responses ractices |
15% |
15% |
15% |
|
11. Intrusion detection and response |
10% |
10% |
10% |
|
12. Antivirus, email and anti-spam |
20% |
20% |
20% |
|
13. Firewall/VPN monitoring services |
10% |
10% |
10% |
|
14. Firewall/VPN management services |
10% |
10% |
10% |
|
IT Security Services |
|
|
|
|
A. Security Governance and Advisory Services |
|
|
|
|
1. HIPAA Planning and Implementation |
15% |
15% |
15% |
|
2. Texas Administrative Code, Chapter 202 |
15% |
15% |
15% |
|
3. Texas Government Code, Chapter 2059 |
15% |
15% |
15% |
|
B. Network infrastructure discovery, mapping and inventory services |
|
|
|
|
1. Connection and configuration |
15% |
15% |
15% |
|
2. Scanning |
15% |
15% |
15% |
|
3. Topology mapping |
15% |
15% |
15% |
|
4. Network utilization and change detection |
15% |
15% |
15% |
|
5. Network forensics and hot fix detection |
15% |
15% |
15% |
|
C. Infrastructure Services |
|
|
|
|
1. Firewall and VPN policy and architecture review |
15% |
15% |
15% |
|
2. IDS/IPS policy and architecture review |
15% |
15% |
15% |
|
3. Access control/identity management review/integration services |
15% |
15% |
15% |
|
4. Network architecture review |
15% |
15% |
15% |
|
5. Host hardening and secure build development |
15% |
15% |
15% |
|
6. Disaster Recovery plan review, development and telecommunications redundancy |
15% |
15% |
15% |
|
7. High availability architecture review and development |
15% |
15% |
15% |
|
D. Risk and Vulnerability Assessment Services |
|
|
|
|
1. Perimeter vulnerability scans |
15% |
15% |
15% |
|
2. Perimeter penetration scans |
15% |
15% |
15% |
|
3. Internal network vulnerability assessments |
15% |
15% |
15% |
|
4. Network risk assessments |
15% |
15% |
15% |
|
5. Host vulnerability assessments |
15% |
15% |
15% |
|
6. Host risk assessments |
15% |
15% |
15% |
|
7. Applications architecture assessment |
15% |
15% |
15% |
|
8. Applications penetration testing |
15% |
15% |
15% |
|
9. Secure code reviews |
15% |
15% |
15% |
|
10. Commercial product assessment |
15% |
15% |
15% |
|
11. Data security assessment |
15% |
15% |
15% |
|
E. Implementation Services |
|
|
|
|
1. Security product deployment & configuration services |
15% |
15% |
15% |
|
2. Firewall/VPN deployment and configuration services |
15% |
15% |
15% |
|
3. NIDS/NIPS deployment and configuration services |
15% |
15% |
15% |
|
4. HIDS/HIPS deployment and configuration services |
15% |
15% |
15% |
|
5. PKI and access control design and implementation services |
15% |
15% |
15% |
|
F. Incident Response Services |
|
|
|
|
1. Virus outbreak assistance |
10% - 20% |
10% - 20% |
10% - 20% |
|
2. Ciber attack response assistance |
10% - 20% |
10% - 20% |
10% - 20% |
|
G. Security Support, Intelligence and Alerting Services |
|
|
|
|
1. Firewall support services |
10% |
10% |
10% |
|
2. Virus outbreak notification services |
40% |
40% |
40% |
|
3. Vulnerability alerting services |
10% |
10% |
10% |
|
4. Internal threat alerting services |
20% |
20% |
20% |
|
5. External threat alerting services |
10% |
10% |
10% |
|
H. Security Training Services |
|
|
|
|
1. Firewall training |
15% |
15% |
15% |
|
2. Security awareness training program development |
15% |
15% |
15% |
|
3. End user security awareness training |
15% |
15% |
15% |
|
4. Infrastructure security principles training |
15% |
15% |
15% |
|
5. Applications security principles training |
0% |
0% |
0% |
|
6. Forensic/Incident response training |
15% |
15% |
15% |
|
7. Windows security training |
15% |