Security Operations Center (SOC)

Lot 1: MDR/XDR (Cloud)
Lot 2: Incident Response
Lot 3: OSINT Service

Contract Duration: 2 years
Options: Extension by 2 years each time (maximum 8 years)

To strengthen digital security in the long term, Berliner Wasserbetriebe is establishing a hybrid Security Operations Center (SOC).

In this process, the internal SOC team will be supported by external expertise and modern technologies. This will create a powerful, flexible, and future-proof security organization.

The hybrid SOC pursues several goals: It aims to enable comprehensive monitoring of IT systems (both on-premises and in the cloud) based on a modern XDR platform. The goal is to detect and fend off anomalies, attacks, and security-related incidents at an early stage.

The XDR platform serves as the central alerting and monitoring environment on which both the internal SOC team and the external MDR service provider operate. The internal know-how of our SOC team is to be strengthened through continuous training and exercises supported by our external partners.

The following tender includes three lots, which together form the essential external components for the successful establishment and operation of the hybrid SOC.

Lot 1
The MDR service based on an XDR platform provides the technical foundation for the monitoring, correlation, and analysis of security incidents and supports integration into existing processes.

Lot 2
The Incident Response service ensures operational capability in case of emergency. It includes a qualified response team that assists with analysis, containment, remediation, and recovery.

Lot 3
The OSINT analysis provides strategic foresight: By systematically gathering, evaluating, and preparing open-source intelligence, threats, attack indicators, and trends are recognized early and presented in the form of situation reports and action recommendations. This allows for preventive measures to be taken in time.

LOT-0001
MDR/XDR.
The MDR service based on an XDR platform (Cloud) provides the technical foundation for monitoring, correlation, and analysis of security incidents and supports integration into existing processes.

For confidentiality reasons, the service description and the associated EVB-IT cloud contract will only be made available to suitable bidders with the request for proposals.

LOT-0002
Incident Response.
The Incident Response service ensures operational capability in case of emergency. It includes a qualified response team that assists with analysis, containment, remediation, and recovery.

For confidentiality reasons, the service description and the associated EVB-IT service contract will only be made available to suitable bidders with the request for proposals.

LOT-0003
OSINT Service.
The OSINT analysis provides strategic foresight: By systematically gathering, evaluating, and preparing open-source intelligence, threats, attack indicators, and trends are recognized early and presented in the form of situation reports and action recommendations. This allows for preventive measures to be taken in time.

For confidentiality reasons, the service description and the associated EVB-IT service contract will only be made available to suitable bidders with the request for proposals.