Security Operations Center (SOC)

Lot 1: MDR/XDR (Cloud)
Lot 2: Incident Response
Lot 3: OSINT Service

Contract duration: 2 years
Options: Extension for 2 years each (maximum of 8 years)

To strengthen digital security in the long term, the Berlin Water Utilities is establishing a hybrid Security Operations Center (SOC).

The internal SOC team will be supported by external expertise and modern technologies. This will create a powerful, flexible, and future-proof security organization.

The hybrid SOC pursues several goals: It aims to enable comprehensive monitoring of IT systems (in the company and the cloud) based on a modern XDR platform. The goal is to detect and repel anomalies, attacks, and security-related incidents at an early stage.

The XDR platform forms the central alerting and monitoring environment on which both the internal SOC team and the external MDR service provider operate. The internal know-how of our SOC team should be strengthened through continuous training and exercises with the support of our external partners.

The following tender includes three lots that together form the essential external components for the successful establishment and operation of the hybrid SOC.

Lot 1
The MDR service based on an XDR platform provides the technical foundation for monitoring, correlation, and analysis of security events and supports integration into existing processes.

Lot 2
The incident response service ensures operational capability in case of emergencies. It includes a qualified response team that supports analysis, containment, elimination, and recovery.

Lot 3
The OSINT analysis provides strategic foresight: Through systematic collection, evaluation, and preparation of open-source intelligence, threats, attack indicators, and trends are recognized early and presented in the form of situation reports and recommendations for action. This allows preventive measures to be initiated in a timely manner.

LOT-0001
MDR/XDR.
The MDR service based on an XDR platform (Cloud) provides the technical foundation for monitoring, correlation, and analysis of security events and supports integration into existing processes. For reasons of confidentiality, the specifications and the associated EVB-IT Cloud contract will be made available to the suitable bidders only upon request for proposal.

LOT-0002
Incident Response.
The incident response service ensures operational capability in case of emergencies. It includes a qualified response team that supports analysis, containment, elimination, and recovery. For reasons of confidentiality, the specifications and the associated EVB-IT service contract will be made available to the suitable bidders only upon request for proposal.

LOT-0003
OSINT Service.
The OSINT analysis provides strategic foresight: Through systematic collection, evaluation, and preparation of open-source intelligence, threats, attack indicators, and trends are recognized early and presented in the form of situation reports and recommendations for action. This allows preventive measures to be initiated in a timely manner. For reasons of confidentiality, the specifications and the associated EVB-IT service contract will be made available to the suitable bidders only upon request for proposal.