OARnet Security Survey – September 2022

OARnet is exploring cybersecurity services for the OARnet communities. In order to understand the current and future needs, we have developed a survey for twelve (12) potential services. These services will be managed by the institution, or the vendor. OARnet will not have access to or store any data, and will not receive any reporting:

  1. Security Information Event Management (SIEM)
  2. Enterprise Password Management
  3. Security Operations Center (SOC) – As a Service
  4. Endpoint Detection and Response (EDR)
  5. Multi-Factor Authentication (MFA)
  6. Email Authentication - Domain-Based Message Authentication, Reporting & Conformance (DMARC)
  7. Cyber Incident Response Services
  8. Penetration Testing
  9. External Vulnerability Scanning
  10. Intrusion Detection System (IDS)
  11. Data Encryption in Transit
  12. Vulnerability Management

Based on the results of this survey, engagement with vendors will be performed to acquire a one-year subscription which may be made available to your organization and funded through a grant program.

Vendor presentations will be planned to provide details of services and processes. Participation is voluntary and results from the engagement would be confidential for each participating organization.

Security Information Event Manager (SIEM)

A SIEM is an application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface. Potential vendors include but are not limited to Splunk and SumoLogic.

The cost of a SIEM application is based on log ingestion from devices such as endpoints, servers, and networking equipment.

Enterprise Password Manager

A password manager is an encrypted database for storing, retrieving, and generating passwords. Enterprise password managers not only improve password security, but also simplify password management for end-users. Potential vendors include but are not limited to LastPass and 1Password.

The cost of an Enterprise Password Management application is based on users utilizing the application.

Security Operations Center (SOC) – As a Service

A SOC is a combination of people, processes, and technology protecting the information systems of an organization through 24x7 monitoring, threat detection, SIEM, and incident response, managed by a third-party. Potential vendors include but are not limited to Mandiant and AgileBlue.

The cost of SOC-as-a-Service is based on the number of devices such as endpoints, servers, and networking equipment.

Endpoint Detection and Response (EDR)

EDR is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats such as ransomware and malware. Potential vendors include but are not limited to CrowdStrike and Cisco Amp.

The cost of EDR is based on the number of devices such as endpoints, servers, and networking equipment.

Multi-Factor Authentication (MFA)

MFA is an authentication system that requires more than one distinct authentication factor for successful authentication. MFA can be performed using a multi-factor authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are. MFA applications provide users the ability to prove something they have with a push notification, text, call, or code. Potential vendors include but are not limited to DUO and Okta Verify.

The cost of MFA is based on the number of users.

Email Authentication – Domain Based Message Authentication, Reporting & Conformance (DMARC)

DMARC is an email authentication, policy, and reporting protocol. It builds upon the widely deployed Sender Policy Framework (SPF) and DomainKeys Identified Message (DKIM) protocols, adding linkage to the author (“From.”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. DMARC enforcement can assist to prevent phishing of your organization’s users, and your customers. Potential vendors include but are not limited to ValiMail, DMARCanalyzer, and dmarcian.

The cost of DMARC is based on volume of emails a month and active domains.

Cyber Incident Response Services

Cyber Incident Response Services helps your organization build incident response capabilities, respond to active breaches, and bolster your security operations to detect and respond to attacks. This includes investigation and crisis management, 24/7 coverage, and prepaid hours. Potential vendors include but are not limited to Mandiant and Deloitte.

The cost of Cyber Incident Response Services is based on the number of devices covered.

Penetration Testing

Penetration testing helps to evaluate the security posture of an organization by actively trying to exploit vulnerabilities. A penetration test is a customized, coordinated engagement with a vendor who produces a confidential findings report. The results of this survey will be kept confidential. Potential vendors include but are not limited to StealthEntry and TrustedSec.

Proposed penetration testing costs are as follows:

Number of IP Addresses Tested

Cost

20

$1,845

60

$2,460

100

$3,051
External Vulnerability Scanning

External vulnerability assessments include systemic scans and reviews of public facing information systems to identify publicly known security vulnerabilities. Potential vendors include but are not limited to Tenable and Qualys.

Intrusion Detection System (IDS)

Intrusion Detection Systems are software or hardware systems that automate the process of monitoring the events occuring in a computer system or network, analyzing them for signs of security problems. This service would include a network-based threat intelligence platform leveraging existing infrastructure to detect unauthorized Command & Control (C2), data exfiltration, and includes alerting to customers of suspicious and/or known malicious connections. Potential vendors include but are not limited to Fortinet and Palo Alto.

Data Encryption In-Transit

Data encryption in-transit is the process of turning plaintext data into ciphertext which conceals the data's original meaning to prevent it from being known or used over an internet connection. Potential vendors include but are not limited to PacketLight and Ekinops.

Vulnerability Management

Vulnerability Management is the utilization of an application with the capability to identify Common Vulnerabilities and Exposures (CVEs) on devices that are likely to be used by attackers to compromise a device and use it as a platform from which to extend compromise to the network, combined with risk management and reporting activities. Potential vendors include but are not limited to Tenable and Qualys.

Proposed vulnerability management costs are as follows:

License Type

Cost

Tenable.io Asset License

$5.00

Web Application Scanning (WAS) License

$200.00
Other Security Services
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.