The main goal of the project is to strengthen the information security level of the MÁV-Volán Group through the development of the highlighted areas below. During the project, various information security developments will be carried out in parallel, complementing and strengthening each other. 1. Establishment of container-based vulnerability management for outdated systems: The project's objective is to provide a proactive vulnerability management system for the outdated systems of the MÁV-Volán Group, similar to the Droplet system, which protects outdated systems from external attackers by obscuring the vulnerabilities. Additionally, the goal is to raise the security level of existing IT systems, preventing IT security incidents by reducing the attack surfaces of IT system components. 2. Implementation of a Privileged Access Management (PAM) system: The objective of the project is to fully implement the One Identity Safeguard supporting system for the management of privileged user access, thereby reducing risks. The scope of the project covers: • All main network segments. • All Active Directories. • The elements of the server IT infrastructure in the main segments (operating systems, web servers, database servers, etc.), which are partially AD integrated, but there are also non-AD integrated elements. • Critical non-AD integrated applications. 3. Extension of the Security Information and Event Management (SIEM) system: The project's aim is to implement the Logpoint SIEM system or an equivalent solution for the MÁV-Volán Group, capable of real-time detection and processing of monitored system events in accordance with best practices during continuous analysis. Furthermore, the goal is to elevate the security level of existing IT systems by extending existing tracking methodologies, creating broader centralized logging, log analysis, and security incident management. 4. Implementation of a Continuous Threat Exposure Management (CTEM) system: The project's aim is to implement the Ridgebot Continuous Threat Exposure Management (CTEM) system or an equivalent solution for the MÁV-Volán Group, which, beyond regular vulnerability detection, is capable of tracking the lifecycle of identified vulnerabilities according to best practices. The project's goal is also to enhance the security level of existing IT systems to prevent IT security incidents by reducing the vulnerability surfaces of IT system elements. The CTEM system must be able to operate in the specified infrastructural environment with the features listed in the requirement specification.

LOT-0001
EKR002542162024/1
Development and Implementation of IT Security Systems.
This public procurement procedure aims to procure the establishment of container-based protection for outdated systems, the implementation of a PAM system, the extension of a SIEM system, and the implementation of a CTEM system to strengthen the information security level of the MÁV-Volán Group, according to the following key quantitative characteristics: 1. Establishment of container-based protection for outdated systems a.) Software licenses (product code/product name/quantity/time): - DSC-XXX-WIN-CL Droplet Server Container Campus license (unlimited nr. of servers license): 1 unit/36 months, - DCA-XXX-WIN-CL Droplet Client Container Campus license (unlimited nr. of client license): 1 unit/36 months, b.) Implementation and system integration of the vulnerability management system as a separate service: 1 unit/12 months. Main tasks of the winning contractor: Delivery, implementation, and system integration of the system and its components, i.e.: o Planning its application at the MÁV-Volán Group level; o Careful documentation appropriate to the implemented method; o Training for the user and operator groups involved; o Establishing operation and maintenance processes; o Supporting the expected results with vulnerability assessments. The placement of individual outdated systems into containers is not the responsibility of the winning contractor. 2. Implementation of a PAM system a.) Software licenses (product code/product name/quantity/time): - BZI-BAL-PK-247 ONE IDENTITY SAFEGUARD PRIVILEGED SECURITY BUNDLE PER IDM USER LICENSE/24X7 MAINT PACK: 100 users/36 months, - BAO-BAL-PB-247 ONE IDENTITY SAFEGUARD SESSION VIRTUAL APPLIANCE LICENSE/24X7 MAINT: 8 units/36 months, - BAS-BAL-PB-247 ONE IDENTITY SAFEGUARD PASSWORD VIRTUAL APPLIANCE LICENSE/24X7 MAINT: 12 units/36 months, - BZI-BAL-KS-247 ONE IDENTITY SAFEGUARD PRIVILEGED SECURITY BUNDLE PER IDM USER/24X7 MAINT PACK RENEWAL: 100 users/36 months, - BAO-BAL-PS-247 ONE IDENTITY SAFEGUARD SESSION VIRTUAL APPLIANCE 24X7 MAINT RENEWAL: 8 units/36 months, - BAS-BAL-PS-247 ONE IDENTITY SAFEGUARD PASSWORD VIRTUAL APPLIANCE 24X7 MAINT RENEWAL: 12 units/36 months, b.) Implementation and system integration of the PAM system as a separate service: 1 unit/12 months, c.) Operational support: Normal work hours troubleshooting, maintenance, and as-needed operation and user support of the established PAM system as a separate service, with a maximum expected content of 0.25 full-time equivalent (FTE): 24 months. Main tasks of the winning contractor: Delivery, implementation, and system integration of the PAM and its components, i.e.: o Planning its implementation (methodology, scheduling); o Adapting the affected IT systems according to the pre-prepared specifications; o Careful documentation of the implementation; o Training for the user and operator groups involved; o Establishing operational processes related to usage. 3. Extension of the SIEM system a.) Software licenses (product code/product name/quantity/time): - CORE-E Logpoint Enterprise SIEM+SOAR, on-premise license with Director, including unlimited node (logsource), 40,000 - UEBA license and 5 SOAR user seats per yearly subscription: 1 unit/36 months, b.) Implementation and system integration of the systems necessary for SIEM extension as a separate service: 1 unit/12 months, c.) Operational support: Normal work hours troubleshooting, maintenance, and as-needed operation and user support of the established SIEM system as a separate expert service support, with a maximum expected content of 0.25 full-time equivalent (FTE): 24 months. Main tasks of the winning contractor: Delivery, implementation, and system integration of the systems and elements necessary for SIEM extension, i.e.: o Preparing the logging specifications of the source systems to be involved; o Integrating the affected IT systems into the SIEM system according to the pre-prepared specifications; o Careful documentation of the implementation; o Establishing operational and management processes related to the use of SIEM; o Training on the use of SIEM; 4. Implementation of the CTEM system a.) Software licenses (product code/product name/quantity/time): - RS-Bot-IP-20K-1Y RidgeBot 20000 IP Hosts Annual Subscription License (Tier 20K): 1 unit/36 months, - RS-Bot-Single-IP-20K-50K-1Y RidgeBot Single IP Host Annual Subscription License Addon (For Total # Between Tier 20K and 50K): 20,000 units/36 months, - RS-Bot-Web-50-1Y RidgeBot 50 Web Servers Annual Subscription License (Tier 50): 1 unit/36 months, b.) Implementation and system integration of the CTEM system as a separate service: 1 unit/12 months. c.) Operational support: Normal work hours troubleshooting, maintenance, and as-needed operation and user support of the established CTEM system as a separate expert service support, with a maximum expected content of 0.25 full-time equivalent (FTE): 24 months. Main tasks of the winning contractor: Delivery, implementation, and system integration of the CTEM and its components, i.e.: o Planning its operation at the level of the MÁV-Volán Group; o Documenting the system implementation; o Conducting employee training; o Developing the operational and management processes for the use of CTEM, defining required resources and developing specific security methodologies for the entire incident lifecycle, taking into account the specifics of the MÁV-Volán Group; o Performing initial detection tasks. Details in the Technical Description.