A Managed Security Operation Centre with SIEM capability covering 24 hours, 7 days a week operation monitoring FSCS services to meet the Service Levels provided in the ITT
i)A Managed Security Operation Centre with SIEM capability covering 24 hours, 7 days a week operation monitoring FSCS services to meet the Service Levels provided in the ITT
ii)Ingest logs from FSCS IT services and provide monitoring, detection, and response
iii)To consume logs in a range of formats and from multiple sources on premise and in the azure cloud, including and not limited to: firewalls, Azure DDoS, Azure WAF, Azure load balancer, Azure Application Gateway, Azure NSG, routers, servers, switches, wireless controllers, VMs, virtual and physical appliances, laptops, containers, applications, FSCS web sites – IIS and Azure web apps , email services, Office365, Key Vaults, Backup Vaults, Azure KSMs, Azure Event Hub, Azure log analytics, HSMs, deployment mechanisms, third-party applications, authentication and authorisation services, anti-virus software, endpoint protection software, Microsoft Defender for Cloud and threat intelligence.
iv)To apply threat intelligence analysis to the technologies and services that comprise of the FSCS IT estate.
v)Hosts and services located in cloud and on-premises environments shall be scanned and vulnerabilities highlighted.
vi)To include regular real-time and summary reporting, and dashboards
vii)To implement, configure and provide on-boarding support and assistance to FSCS in respect of the Services
viii)To provide on-going account management and service management
ix)To develop and tune the service to reduce false positives
x)To work with FSCS to enhance the Services in line with changes to best practice