Académique Documents
Professionnel Documents
Culture Documents
CONTENTS
1 Corporate Information.......................................................................3
2 Purpose and Scope...........................................................................4
2.1 EXECUTIVE SUMMARY............................................................4
2.2 ISSUE..................................................................................5
3 Instructions and Considerations..........................................................6
3.1 DESIGNATED POINT OF CONTACT............................................6
3.2 RELEVANT DATES..................................................................6
3.3 PUBLICITY............................................................................6
3.4 CELGENE CONFIDENTIAL INFORMATION...................................6
3.5 OWNERSHIP OF MATERIAL......................................................6
3.6 RESPONSE SUBMISSION........................................................6
3.7 DISCLAIMER.........................................................................7
4 Solution Overview............................................................................8
5 Functional Requirements...................................................................9
5.1 CENTRALIZED MANAGEMENT..................................................9
5.2 PHYSICAL REQUIREMENTS....................................................11
5.3 RELIABILITY AND AVAILABILITY............................................12
5.4 DETECTION ENGINE AND RULES............................................12
5.5 NETWORK AND USER INTELLIGENCE......................................14
5.6 IDS/IPS AUTOMATION..........................................................14
5.7 IT POLICY COMPLIANCE........................................................14
5.8 NETWORK BEHAVIOR ANALYSIS (NBA)...................................15
5.9 THIRD-PARTY INTEGRATION.................................................15
5.10 TARGET LOCATIONS AND THROUGHPUT REQUIREMENTS........16
ii
Revision 1.0 (Proposal)
Project: N-IDPS
Printed on: 10/30/2009
Last Saved: 10/30/2009
1 CORPORATE INFORMATION
-- www.celgene.com
With clear commitment to clinical accomplishment, Celgene is equally committed to
patient support as a guiding principle. Celgene believes all who can benefit from its
discoveries should have the opportunity to do so. Celgene puts patients first with
industry-leading programs that provide information, support and access to our
innovative therapies.
With an ethics-driven culture, Celgene has demonstrated the need and responsibility to
protect information assets, their own, their customers’, their patients’, and their
partner/suppliers’.
Page 3
Page 4
2.2 ISSUE
Currently, Celgene has robust firewalls that deny all network traffic, except that which is
explicitly permitted. While they perform this role satisfactorily, traffic from hosts and
protocols that are explicated permitted still present a risk to Celgene network resources.
Additionally, compromises from internal threats would not be addressed by perimeter
firewall rules.
Moreover, when there are incidents of deliberate or inadvertent violations, the tools to
identify tools offending devices are either inadequate or dispersed across several
systems. A security tool that could identify and preemptively stop such attacks would be
a valuable asset to Celgene.
Page 5
3.3 PUBLICITY
Supplier agrees not to publish or use any advertising, sales, promotional, press releases
or publicity materials, wherein the name or trademark of Celgene is used or language is
employed from which the connection of said name of mark could be inferred or implied
without prior written approval of Celgene.
3.7 DISCLAIMER
The purpose of this RFP is to solicit vendor responses to stated requirements for a
project that Celgene intends to execute; however, receipt of this RFP is not to be
interpreted as a commitment on the part of Celgene to purchase any product or service,
or to be executed on the intended project in any manner. Celgene reserves the right to
choose to proceed with and/or cease negotiations with any recipient of this RFP at any
time during this process for any reason.
The Vendor is required to indicate agreement with the conditions stated in this
disclaimer by signing below:
___________________________________________________
Signature
____________________________________ ___________
Title Date
Page 7
4 SOLUTION OVERVIEW
Celgene is seeking bids for a network based IDPS solution that employs inline and/or
passive sensors (appliances) with centralized management for analysis, alerting, and
reporting on critical network segments and devices of any suspicious activity that may
be external or internal to Celgene. The solution should be capable of analyzing network,
transport, and application protocols using a variety of detection methods i.e. signature-
based, anomaly-based; as well as stateful protocol analysis techniques.
A successful solution would also include an NBA (Network Behavior Analysis) system,
which examines network traffic or statistics on network traffic to identify unusual traffic
flows, such as distributed denial of service (DDoS) attacks, certain forms of malware
(e.g., worms, backdoors), and policy violations (e.g., a client system providing network
services to other systems).
While the focus of this RFP is for in house solutions that are owned and managed by
Celgene employees and consultants, Celgene is open to a fee for service solution that
includes external vendor monitoring, alerting, and reporting of internal devices that are
owned by the vendor or Celgene.
Describe the general approach/strategy your N-IDPS solution is based on.
Summarize all of the key components and highlight any competitive advantages your
solution may have. Ideally, provide network diagrams. Explain the solution’s ability to
defend virtual environments.
Page 8
5 FUNCTIONAL REQUIREMENTS
The following is an outline of functional requirements that a successful bid for N-IDPS
consideration at Celgene should meet or exceed:
Page 10
Page 11
Page 12
Page 13
A. The solution must be able to passively gather information about network hosts and
their activities, such as operating system, services, open ports, client applications, and
vulnerabilities, to assist with multiple activities, such as intrusion event data
correlation, elimination of false positives, and policy compliance.
B. The solution must be able to passively gather information about session flows for all
monitored hosts, including start/end time, ports, services, and amount of data.
C. The solution must be able to passively detect pre-defined services, such as FTP, HTTP,
POP3, Telnet, etc., as well as custom services.
D. The solution must be capable of storing user-defined host attributes, such as host
criticality or administrator contact information, to assist with compliance monitoring.
E. The solution should be able to passively gather user identity information, mapping IP
addresses to username, and making this information available for event management
purposes.
F. The aforementioned network and user intelligence should be passively gathered using
existing IPS appliances (no separate appliances required).
A. The solution must provide capabilities for establishing and enforcing host compliance
policies and alerting on violations.
B. The solution must be capable of exempting specific hosts from specific compliance
rules and suppressing corresponding compliance events and alerts.
C. The solution must be capable of easily identifying all hosts that exhibit a specific
attribute or non-compliance condition.
Page 14
A. The system must provide a full-featured NBA capability to detect threats emerging
from inside the network (i.e., ones that have not passed through a perimeter IPS).
This includes the ability to establish “normal” traffic baselines through flow analysis
techniques (e.g., NetFlow) and the ability to detect deviations from normal baselines.
B. The NBA capability must provide visibility into how network bandwidth is consumed to
aid in troubleshooting network outages and performance degradations.
C. The NBA capability must provide the ability to link Active Directory and/or LDAP
usernames to IP addresses related to suspected security events.
D. The NBA capability must provide the option of supplying endpoint intelligence to the
IPS for correlation against intrusion events to aid in event impact prioritization.
E. The same network appliances used for IPS must also be used as part of the NBA
capability. No NBA-only appliance should be required.
F. The same management platform used for IPS must also be used to manage the NBA
capability. No NBA-only management components should be required.
B. As mentioned in the section on NBA, the solution should be capable of integrating with
Microsoft Active Directory or LDAP services in order to make appropriate correlations
and identification of workstations and user accounts, as they relate to any triggered
alerts and base lining of the environment.
Page 15
Celgene intends for the Network-based IDPS implementation to cover the following
locations, with their associated throughput requirements*:
* There are approximately 23 additional branch locations throughout the US, Europe and
Asia that have internet connectivity and would be candidates for N-IDPS deployment;
however, only the 4 sites listed are within the scope of this RFP.
* Depending on a variety of factors (patch management policy, operating systems, etc.),the
N-IDPS implementation may be expanded to cover specific server farms; while this is
outside the scope of this RFP, the suitability of an N-IDPS solution for such an
implementation will be taken into consideration.
Page 16