We are looking for a Breach & Attack Simulation Tool (hereinafter referred to as BAST) with which the NRW. BANK is able to independently and automatically simulate penetration tests on dedicated IT infrastructure components (hereinafter referred to as IT-IS components). The agents of the BAST are installed on these IT-IS components. The IT-IS components should not really be attacked in order not to impair the functionality of the systems. This also includes the use of attack software, e.g. Attacks based on metasploits.

The BAST is to be made available in the cloud model Software as a Service (SaaS).

It is planned that about 3400 assets (about 800 servers and about 2600 clients) will be operated in the BAST initially.

The contract has a term including extensions of four years from go.live.

See short description