The Department of Defense seeks an advanced kit to enable cybersecurity threat hunting, incident response, forensics/reverse engineering of malware, and telemetry collection (endpoint and/or network) operations in sometimes uncontrolled or assumed-compromised networks.
Vendors selected for phase two will deliver a live/virtual pitch as well as a live/virtual product demonstration. The demonstration event will allow the evaluation team to assess the current maturity of the proposed solution. NOTICE: The Government will not provide funding for company participation in the demonstration.
Prospective bidders are invited to submit their proposals (“Solution Brief”) per the guidelines below.
Desired Product Specifications
The DoD seeks to prototype a readily available solution that includes the ability to:
- Take up limited physical space in a hand-carriable or commercial airline cabin overhead sized form factor
- Ingest tapped or mirrored network traffic
- Analyze derived metadata from netflow and use bundled protocol analysis tools to identify threat activity in progress or perform forensics analysis post-compromise
- Perform digital forensics and reverse engineering as a modularized component of the kit
- Come as a fully self contained system with the ability to operate in the field without dependencies.
- Proposal should: Describe your product’s general approach to threat investigation.
- Spell out form-factor variations for product proposed for each environment
- If integrating more than 1 commercial or open source component, explicitly describe which products or components are included
- The solution should be a commercial product and not a service
In addition to submission instructions below, companies should include links to the following in their solution briefs.
- Administration/user guide of the current shipping product
- Technical guides of the current shipping product
- The Government may facilitate teaming arrangements among submissions offering complimentary capabilities to achieve desired effect. Companies are also welcome to present their own teaming arrangements in their solution briefs.
- Companies without a CAGE code will be required to register in SAM if selected. The Government recommends that prospective companies begin this process as early as possible.
- Resellers, integrators, and academic research proposals are not desired.
- This solicitation will be awarded in accordance with the Commercial Solutions Opening (CSO) process detailed within HQ0845-20-S-C001 (DIU CSO), posted to FBO in March 2020.