Query Response

Tender No : RAILTEL/TENDER/OT/CO/DNM/2019-20/Security & Infra Solution of DC & DR /489 Dtd. 06.06.
2019 Infra/489
Name of the work : Supply, Installation, Testing &Commissioning of Security Solution and Expansion of Cloud Infrastructure for Data Center (DC & DR) of RailTel.
Firm Name: Intech Infonet Private Limited vishal kaushik: [email protected]

SN Page/ Clause no. / Point no. Topics Original Clause Query /Requested Changes / Should read as, Reason RailTel Resonse
1 Page 59 Point 36 Cloud Orchestration The private cloud management solution should support for The private cloud management solution should support for Refer Corrigendum-II
heterogenous virtualization platform. Vmware ESXi 6.5 or later, heterogenous virtualization platform. Vmware ESXi 6.5 or
Microsoft Hyper-V, System Center 2016 or above, RedHat later/ Microsoft Hyper-V and System Center 2016 or above /
virtualization RedHat virtualization.
2 Page 60 Point 46 Cloud Operations & Solution must provide cloud operations layer integrated with Solution must provide cloud operations layer integrated with Refer Corrigendum-II
Management automation layer which provides proactive monitoring, alerts, automation layer which provides proactive monitoring, alerts,
management, capacity planning, performance management etc. management, capacity planning, performance management
This should be for heterogenous environment including Vmware etc. This should be for heterogenous environment including
ESXi, Hyper-V, RHEV Vmware ESXi/ Hyper-V/ RHEV.
3 Page 60 Point 49 Cloud Operations & Solution capacity analytics should provide "What If" scenarios for Solution capacity analytics should provide "What If" scenarios Refer Corrigendum-II
Management physical, virtual (VMware, Hyper-v, RedHat KVM) & container for physical, virtual (VMware / Hyper-v / RedHat KVM) &
environment and provide infrastructure and operations, log container environment and provide infrastructure and
analytics to eliminate time-consuming problem resolution operations, log analytics to eliminate time-consuming problem
processes through automated root cause analysis resolution processes through automated root cause analysis
4 Page 77 Point 12.1.8 Technical Capability The bidder shall furnish documentary proof of backend support The bidder shall furnish documentary proof of backend Spares availability is not applicable for Software As per RFP
including software upgrades and availability of spares for a period support including software upgrades. products.
of 5 years from the respective OEMs of the products offered.
5 Page 73 Point 3.2 Long Term Maintenance Tenderer/OEM(through its Indian subsidiary), shall be paid @ Should be deleted for software products/ components. Long Term Maintenance Support after As per RFP.
Support 3.5% of supply cost per annum towards Long Term Maintenance completion of Warranty period for Software Bidder can quote
Support after completion of warranty period, to undertake products ranges from 22% to 27% per annum. higher rates for AMC
repairs/replacements of all type of module/ card/assembly/
subassembly and update/upgrade of software released during
this period and /or which may fail in the network after the
warranty.
6 Page 51 Point 13 SOR-E- i- Rack Server: 13. 2 x 1G RJ45 and 2 x 10G SFP+ populated with Multimode HCI node should have minimum number of 4 x 10G physical This is required for redundant network Refer Corrigendum-II
Ethernet ports Transceivers. uplinks. All the host should have same sequence of physical connectivity on compute workload.
uplinks. Hence, this clause should be changed as "2 x 1G RJ45
and 4 x 10G SFP+ populated with Multimode Transceivers."
7 Query Please confirm if Compute Infra ( Cores) required for Clarification: Compute
Management cluster have been factored into the sizing or will Infra ( Cores) required
be given separately by the customer for Management
cluster has been
factored into the sizing.
8 Query Please confirm if the 3rd party Softwares required for Clarification: The 3rd
management cluster like Operating Sytems and Data base will party Softwares
be provided by the Customer. required for
management cluster
like Operating Sytems
and Data base will be
provided by the Bidder.
9 Query The Scope of work doesnot cover the Cloud infrastructure in Refer Corrigendum-II
detail, kindly consider the document enclosed for reference. (
Letter has been enclosed for your referene )
Que
ry : Page no.
SN Clause No. Clause Description Clarification / Change request Justification
1 Page No.: 22, Clause No: 13 13 Solution should be able to access data from a variety of operating Solution should be able to access data from a variety of Understanding is there is no Mac OS in the As per RFP.
systems including Microsoft Windows, Linux, Unix, and Mac OS. operating systems including Microsoft Windows, Linux, Unix environment, request you to relax this clause
without Mac OS
2 Page No.: 23, Clause No: 34 34 Solution Should have 48TB of Usable Capacity with HW RAID 60 Solution Should have absolute 80TB of Usable Capacity with As there is no other backup media mechanism, As per RFP
minmum 2 copies using 8TB or higher drives request to have higher capacity for higher
resilience
3 Page No.: 24, Clause No: 36 SOR-B: Backup Solution Appliance Should have Hot Swappable Disks, In case of failure , The appliance solution should provide controller level For redundancy feature & to ensure backup is As per RFP.
individual drives can be replaced without impacting any other redundancy. In case one of the controller fails the backup maintained & restored as and when required.
drives solution should not be affected. Each virtual controller node Request to add this clause
should provide minimum SSD/NVMe cache to ensure backup
process does not have any bottleneck, The controller should
have its own filesystem that will manage the backup storage
including data protection, replication, deduplication &
compression features, the filesystem should be distributed file
system and should not rely on wrting the data adjacent to the
controller
4 Page No.: 50, SOR-E- i- Rack Server: 1: General Requirement Security: Server should have Hardware (Silicon) root of trust, Security: Server should have Hardware (Silicon) root of trust, request to relax " System drift detection and As per RFP
Cryptographically signed firmware updates, system drift detection Cryptographically signed firmware updates. secure erase" for wider participation
and secure erase security features inbuilt
5 Page No.: 51, SOR-E- i- Rack Server: 1: General Requirement Inbuild Server Management iii) Power & Temperature monitoring: Should support Real- request to relax "historical power counters" Refer Corrigendum-II
iii) Power & Temperature monitoring: Should support Real-time time power meter, graphing, thresholds,alerts & capping , for wider participation
power meter, graphing, thresholds,alerts & capping with historical Temperature monitoring & graphing through dashboard
power counters, Temperature monitoring & graphing through
dashboard
6 Page No.: 51, SOR-E- i- Rack Server: 2. Market position The OEM for the proposed server must be in Leaders quadrant in The OEM for the proposed server must be in Leaders quadrant this clause restricits only 2 vendors to qualify, Refer Corrigendum-II
the last two Gartner’s report of “Magic Quadrant for Modular in the last Gartner’s report of “Magic Quadrant for Modular for wider participation request you to dilute
Servers”. Servers”. "Two "
7 Page No.: 52, SOR-E- i- Rack Server: 21. Configuration & • Agent-free monitoring, driver updates & configuration, power • Agent-free monitoring, driver updates & configuration, There is no external storage, the system is Refer Corrigendum-II
management monitoring & capping, RAID management, external storage power monitoring & capping, RAID management, storage running internal storage system
management, monitoring of FC, HBA & CNA & system health management, monitoring of FC, HBA & CNA & system health
8 Page No.: 52, SOR-E- i- Rack Server: 23. Server security - Silicon-based Hardware Root of Trust Hardware Root of Trust Silicon root of trust is vendor specific, request As per RFP
to use generic term as HW root of trust
9 Page No.: 52, SOR-E- i- Rack Server: - Configuration and firmware drift detection Configuration and firmware updates The solution should be able to manage As per RFP
firmware updates. request to relax "drift
detection"
10 Page No.: 52, SOR-E- i- Rack Server: 25. Warranty 03 years On-site comprehensive warranty with 24x7x365 remote 03 years On-site comprehensive warranty with 24x7x365 For ease of management, request you to add Refer Corrigendum-II
hardware support. remote hardware support with with automated transmission this clause
of support files to the OEM support center
11 Page No.: 26, SOR-C- i- Virtual Firewall 1 The solution should be virtual appliance based and enterprise Please change the clause to "The solution should be virtual firewall appliance physical or virtual can be Refer Corrigendum-II
class (complete control from GUI as well as CLI) appliance based and enterprise class (complete control from managed either using Centralized
GUI and CLI/Dervice Manager )" Management platform or inbuilt device
manager. CLI mode is not required hence
requesting change
12 Page No.: 26, SOR-C –ii - UTM: 2 The UTM/NGFW should be Hardware based and enterprise class Please change the clause to "The UTM/NGFW should be firewall appliance physical or virtual can be Refer Corrigendum-II
(complete control from GUI as well as CLI) Hardware based and enterprise class (complete control from managed either using Centralized
GUI and CLI / Device Manager)" Management platform or inbuilt device
requesting change
13 Page No.: 26, SOR-C –ii - UTM: 3 UTM appliance should have at least 04 x 10/100/1000 GE RJ45 Please confirm whether proposed platform should additionally This ensure that propose platform doesn’t As per RFP
ports and 4 x 1GE SFP ports with fully populated from day one support 8 x 10G SFP+ ports in future require forklift upgrade and hence increases
ROI
14 Page No.: 26, SOR-C –ii - UTM: 5 Firewall should provide at least 4 Gbps of NGFW/ Threat Please change the clause to "Firewall should provide at least 4 As per industry standard terminology, NGFW Refer Corrigendum-II
Prevention Real world performance (includes FW, Application Gbps of NGFW/ Threat Prevention Real world performance mean Firewall supporting Firewall, Application
Visibility, IPS & Anti-Malware) from day one. (includes FW, Application Visibility, and IPS ) from day one." Visibility, and IPS) and hence requesting
change. Clause already include the phrase used
by other vendor and hence requesting change
15 Page No.: 27, SOR-C –ii - UTM: 40 URL database should have at least 200 million+ sites and 50 + Please confirm whether proposed platform should support Solution with 200 million+ sites and just 50 As per RFP
categories. "URL database should have at least 200 million+ sites and 80 categories would be less flexible and might
or more categories." create false positive. Hence it is requested to
have support for higher categories
16 Page No.: 27, SOR-C –ii - UTM: 50 High Availability Configurations should support Active/Active / Please change the clause to "High Availability Configurations Since the solution will be deployed at Refer Corrigendum-II
Clustering, Active/ Passive should support Active/Active / Clustering or Active/ Passive" perimeter, it suggested to have bigger
appliance from day one rather can clustering
multiple appliance and hence requesting
change
17 Page No.: 28, SOR-C –ii - UTM: 58 For antivirus based solution AV signature database of proposed Please change the clause to "For antivirus based solution AV Different OEM use different technolgy to As per RFP
solution should comprise of up to date list of signatures of virus, signature database of proposed solution should comprise of up detect and block zero-day or unknown, few
malwares, spyware etc and other to date list of signatures of virus, malwares, spyware etc and oem leverages AV based solution and other
for Anti-APT based solution should have automatic local leverages Anti-APT and hence requesting
malware detection updates " change
18 26 New Clarification Please confirm that whether proposed solution should include This is to avoid any ambiguity and ensure all Clarification: All
all license like URL Filtering, Zero-Day Protection from day one bidder include the require license from day one features asked in RFP
(Fw, IPS , Application
Control , URL filterig ,
Anti Malware , Zero
Day Protection , Anti
Bot will be required
from day 1)
FIRM-2: CIPL Sudipta Banerjee: [email protected]

Page/ Clause no./ Point no. Topics Original Clause Query /Requested Changes / Should read as, Reason
Page 59 Point 36 Cloud Orchestration The private cloud management solution should support for The private cloud management solution should support for Already Clarified above
Page 60 Point 46 Cloud Operations & Solution must provide cloud operations layer integrated with Solution must provide cloud operations layer integrated with Already Clarified above
Page 60 Point 49 Cloud Operations & Solution capacity analytics should provide "What If" scenarios for Solution capacity analytics should provide "What If" scenarios Already Clarified above
Page 77 Point 12.1.8 Technical Capability The bidder shall furnish documentary proof of backend support The bidder shall furnish documentary proof of backend Spares availability is not applicable for Software Already Clarified above
Page 73 Point 3.2 Long Term Maintenance Tenderer/OEM(through its Indian subsidiary), shall be paid @ Should be deleted for software products/ components. Long Term Maintenance Support after Already Clarified above
Support 3.5% of supply cost per annum towards Long Term Maintenance completion of Warranty period for Software
Support after completion of warranty period, to undertake products ranges from 22% to 27% per annum.
warranty.
Page 51 Point 13 SOR-E- i- Rack Server: 13. 2 x 1G RJ45 and 2 x 10G SFP+ populated with Multimode HCI node should have minimum number of 4 x 10G physical This is required for redundant network Already Clarified above
Query Please confirm if Compute Infra ( Cores) required for Already Clarified above
Management cluster have been factored into the sizing or will
be given separately by the customer
Query Please confirm if the 3rd party Softwares required for Already Clarified above
management cluster like Operating Sytems and Data base will
be provided by the Customer.
Query The Scope of work does not cover the Cloud infrastructure in Already Clarified above
detail, kindly consider the document enclosed for reference.
Already Clarified above
FIRM-3: CISCO Vishal Prakash: [email protected]

SN Page no. SOR No. Clause No. Clarification / Change request Justification
1 Page No. 22, Clause No. 13 SOR-B: Backup Solution Solution should be able to access data from a variety of operating Solution should be able to access data from a variety of Understanding is there is no Mac OS in the Already Clarified above
systems including Microsoft Windows, Linux, Unix, and Mac OS. operating systems including Microsoft Windows, Linux, Unix environment, request you to relax this clause
without Mac OS
2 Page No. 23, Clause No 34 SOR-B: Backup Solution Solution Should have 48TB of Usable Capacity with HW RAID 60 Solution Should have absolute 80TB of Usable Capacity with As there is no other backup media mechanism, Already Clarified above
minmum 2 copies using 8TB or higher drives request to have higher capacity for higher
resilience
3 Page No. 24, Clause No 36 SOR-B: Backup Solution Appliance Should have Hot Swappable Disks, In case of failure , The appliance solution should provide controller level For redundancy feature & to ensure backup is Already Clarified above
individual drives can be replaced without impacting any other redundancy. In case one of the controller fails the backup maintained & restored as and when required.
drives solution should not be affected. Each virtual controller node Request to add this clause
should provide minimum SSD/NVMe cache to ensure backup
process does not have any bottleneck, The controller should
have its own filesystem that will manage the backup storage
including data protection, replication, deduplication &
compression features, the filesystem should be distributed file
system and should not rely on wrting the data adjacent to the
controller
4 Page No. 50, SOR-E- i- Rack Server: 1: General Requirement Security: Server should have Hardware (Silicon) root of trust, Security: Server should have Hardware (Silicon) root of trust, request to relax " System drift detection and Already Clarified above
and
secure erase security features inbuilt
5 Page No. 51, SOR-E- i- Rack Server: 1: General Requirement Inbuild Server Management iii) Power & Temperature monitoring: Should support Real- request to relax "historical power counters" Already Clarified above
iii) Power & Temperature monitoring: Should support Real- time power meter, graphing, thresholds,alerts & capping , for wider participation
time power meter, graphing, thresholds,alerts & capping Temperature monitoring & graphing through dashboard
with historical power counters, Temperature monitoring &
graphing through dashboard
6 Page No. 51, SOR-E- i- Rack Server: 2. Market position The OEM for the proposed server must be in Leaders quadrant in The OEM for the proposed server must be in Leaders quadrant this clause restricits only 2 vendors to qualify, Already Clarified above
7 Page No. 52, SOR-E- i- Rack Server: 21. Configuration & • Agent-free monitoring, driver updates & configuration, power • Agent-free monitoring, driver updates & configuration, There is no external storage, the system is Already Clarified above
management monitoring & capping, RAID management, external storage power monitoring & capping, RAID management, storage running internal storage system
8 Page No. 52, SOR-E- i- Rack Server: 23. Server security - Silicon-based Hardware Root of Trust Hardware Root of Trust Silicon root of trust is vendor specific, request Already Clarified above
9 Page No. 52, SOR-E- i- Rack Server: - Configuration and firmware drift detection Configuration and firmware updates The solution should be able to manage Already Clarified above
detection"
10 Page No. 52, SOR-E- i- Rack Server: 25. Warranty 03 years On-site comprehensive warranty with 24x7x365 remote 03 years On-site comprehensive warranty with 24x7x365 For ease of management, request you to add Already Clarified above
11 Page No. 26, SOR-C- i- Firewall: 1 The solution should be virtual appliance based and enterprise Please change the clause to "The solution should be virtual firewall appliance physical or virtual can be Already Clarified above
requesting change
12 Page No. 26, SOR-C- ii- UTM: 2 The UTM/NGFW should be Hardware based and enterprise class Please change the clause to "The UTM/NGFW should be firewall appliance physical or virtual can be Already Clarified above
requesting change
13 Page No. 26, SOR-C- ii- UTM: 3 UTM appliance should have at least 04 x 10/100/1000 GE RJ45 Please confirm whether proposed platform should additionally This ensure that propose platform doesn’t Already Clarified above
ROI
14 Page No. 26, SOR-C- ii- UTM: 5 Firewall should provide at least 4 Gbps of NGFW/ Threat Please change the clause to "Firewall should provide at least 4 As per industry standard terminology, NGFW Already Clarified above
15 Page No. 27, SOR-C- ii- UTM: 40 URL database should have at least 200 million+ sites and 50 + Please confirm whether proposed platform should support Solution with 200 million+ sites and just 50 Already Clarified above
16 Page No. 27, SOR-C- ii- UTM: 50 High Availability Configurations should support Active/Active / Please change the clause to "High Availability Configurations Since the solution will be deployed at Already Clarified above
change
17 Page No. 28, SOR-C- ii- UTM: 58 For antivirus based solution AV signature database of proposed Please change the clause to "For antivirus based solution AV Different OEM use different technolgy to Already Clarified above
18 26 New Clarification Please confirm that whether proposed solution should include This is to avoid any ambiguity and ensure all Already Clarified above
all license like URL Filtering, Zero-Day Protection from day one bidder include the require license from day one
FIRM-04: Vmware Tapan Johri: [email protected]

Page 59 Point 36 Cloud Orchestration The private cloud management solution should support for The private cloud management solution should support for Already Clarified above
warranty.
FIRM-05: Exato Technologies Pvt. Ltd. Varun Gupta: [email protected]
Page 59 Point 36 Cloud Orchestration The private cloud management solution should support for The private cloud management solution should support for Refer Corrigendum-II-II
warranty.
15 CHAPTER-3-A Technical The solution must have a database of minimally 6000+ signatures Is the expectation by this requirement is that the proposed Refer Corrigendum-II
Requirement - - SOR A: Web that are designed to detect known problems and attacks on web solution should have a minimum of 6000 signatures as default
Application Firewall applications. to detect and protect Web Applications. Kindly clarify
19 CHAPTER-3-A Technical System must have minimum(fully populated) 6 x10G SFP+ Ports we understand that it’s a multimode SFPs that is required but Refer Corrigendum-II
Requirement - - SOR A: Web and 2 x 40G ports. Populated Optics should be Multimode. as required the appliance has to be fully populated request
Application Firewall you to Kindly clarify how many Interfaces is required for each
type 1Gig, 10Gig and 40gig. As there could be a possibility of
permutation combination on the type and interfaces proposed
while fully populating the appliance SFP slots
19 CHAPTER-3-A Technical The solution must be a Leader or Challenger in the Gartner Magic Gartner report of 2019 is not yet published so the Gartner Already Clarified above
Requirement - - SOR A: Web Quadrant of Web Application Firewalls 2017/2018/2019 report of 2017/2018 will suffice kindly confirm
Application Firewall
20 CHAPTER-3-A Technical The solution should support Unified Anti-Bot Detection and Does this clause means that a proposed WAF solution should As per RFP
Requirement - - SOR A: Web Protection & Cloning Application Traffic have capability to detect and mitigate BOT attacks using
Application Firewall multiple level of security checks Via Bot Signature, Application
Figure printing, Java Challenge, Browser capability check and
Captcha. Kindly confirm
20 CHAPTER-3-A Technical Should support persistence mirroring and System must support Kindly elaborate Refer Corrigendum-II
Requirement - - SOR A: Web interactive Layer 7 health checks for the application availability
72 CHAPTER 4 - - - COMMERCIAL Tenderer/OEM(through its Indian subsidiary), shall be paid @ 3.5% AMC for security solution like WAF or any similar security Already Clarified above
TERMS & CONDITIONS. - - - 3. 3.5% of supply cost per annum towards Long Term Maintenance solution is not a realistic %. We request Railtel to kindly make
Long Term Maintenance Support after completion of warranty period, to undertake this clause to at least 15% per annum instead of 3.5% per
Support repairs/replacements of all type of module/ card/assembly/ annum
warranty. Only incremental cost in % over and above this, if
perceived by the OEM and Tenderer, may be indicated in
Schedule of Requirement and shall be added to the equipment
cost towards evaluation of tender. If however the tenderer feels
that his AMC Cost is less than 3.5% per annum, he should give
suitable discount in equipment pricing. For AMC he will be paid @
3.5% per annum only. If the Tenderer quotes a higher base rate
for AMC, he will be paid at his quoted rate per annum and five
years differential cost shall be added to offered cost for
evaluation. AMC would have to be valid for minimum period of 5
years after the warranty
CHAPTER-3-A Technical The proposed WAF solution should also have capability for BOT The proposed WAF solution should also have BOT Detection To be added New As per RFP
Requirement - - SOR A: Web Detection that have capability to identify Bot Signature + DNS feature that have capability to identify Bot Signature + DNS
Application Firewall checks, Java script challenge + Browser Fingerprinting, Browser checks, Java script challenge + Browser Fingerprinting, Browser
Capabilities, Optional CAPTCHA, Human Detection & Anomalies. Capabilities, Optional CAPTCHA, Human Detection &
Anomalies.
19 CHAPTER-3-A Technical In case of RMA Process, Define the no of days to deliver the Kindly elaborate as RMA is NBD, do you mean to ask how As per RFP
Requirement - - SOR A: Web solution. many days will it take to deliver the hardware onsite in case of
Application Firewall RMA?
50 SOR-E- i- Rack Server: Security: Server should have Hardware (Silicon) root of trust, Security: Server should have Hardware (Silicon) root of trust, request to relax " System drift detection and Already Clarified above
and secure erase security features inbuilt
51 SOR-E- i- Rack Server: Inbuild Server Management iii) Power & Temperature monitoring: Should support Real- request to relax "historical power counters" Already Clarified above
iii) Power & Temperature monitoring: Should support Real-time time power meter, graphing, thresholds,alerts & capping , for wider participation
power meter, graphing, thresholds,alerts & capping with historical Temperature monitoring & graphing through dashboard
power counters, Temperature monitoring & graphing through
dashboard
51 SOR-E- i- Rack Server: The OEM for the proposed server must be in Leaders quadrant in The OEM for the proposed server must be in Leaders quadrant this clause restricits only 2 vendors to qualify, Already Clarified above
52 SOR-E- i- Rack Server: • Agent-free monitoring, driver updates & configuration, power • Agent-free monitoring, driver updates & configuration, There is no external storage, the system is Already Clarified above
monitoring & capping, RAID management, external storage power monitoring & capping, RAID management, storage running internal storage system
52 SOR-E- i- Rack Server: - Silicon-based Hardware Root of Trust Hardware Root of Trust Silicon root of trust is vendor specific, request Already Clarified above
52 SOR-E- i- Rack Server: - Configuration and firmware drift detection Configuration and firmware updates The solution should be able to manage Already Clarified above
detection"
52 SOR-E- i- Rack Server: 03 years On-site comprehensive warranty with 24x7x365 remote 03 years On-site comprehensive warranty with 24x7x365 For ease of management, request you to add Already Clarified above
26 SOR-C –i -Virtual Firewall: The solution should be virtual appliance based and enterprise Please change the clause to "The solution should be virtual firewall appliance physical or virtual can be Already Clarified above
requesting change
26 SOR-C –ii - UTM: The UTM/NGFW should be Hardware based and enterprise class Please change the clause to "The UTM/NGFW should be firewall appliance physical or virtual can be Already Clarified above
requesting change
26 SOR-C –ii - UTM: UTM appliance should have at least 04 x 10/100/1000 GE RJ45 Please confirm whether proposed platform should additionally This ensure that propose platform doesn’t Already Clarified above
ROI
26 SOR-C –ii - UTM: Firewall should provide at least 4 Gbps of NGFW/ Threat Please change the clause to "Firewall should provide at least 4 As per industry standard terminology, NGFW Already Clarified above
27 SOR-C –ii - UTM: URL database should have at least 200 million+ sites and 50 + Please confirm whether proposed platform should support Solution with 200 million+ sites and just 50 Already Clarified above
27 SOR-C –ii - UTM: High Availability Configurations should support Active/Active / Please change the clause to "High Availability Configurations Since the solution will be deployed at Already Clarified above
change
28 SOR-C –ii - UTM: For antivirus based solution AV signature database of proposed Please change the clause to "For antivirus based solution AV Different OEM use different technology to Already Clarified above
26 New Clarification Please confirm that whether proposed solution should include This is to avoid any ambiguity and ensure all Already Clarified above
all license like URL Filtering, Zero-Day Protection from day one bidder include the require license from day one
Fir Millennium Automation Amar Pratap: [email protected]

m Private Ltd.
2:
FOR SOR-A
SL# Page no. & Clause No. RFP Volume Section and sub- Content in the RFP Clarification sought/ Change Request
section
1 Page No.: 15, Clause No.: 22 CHAPTER-3-A Technical The solution must have a database of minimally 6000+ signatures Is the expectation by this requirement is that the proposed Already Clarified above
2 Page No.: 19, Clause No.: 104 CHAPTER-3-A Technical System must have minimum(fully populated) 6 x10G SFP+ Ports we understand that it s a multimode SFPs that is required but Already Clarified above
type 1Gig, 10Gig and 40gig. As there could be a possiblity of
3 Page No.: 19, Clause No.: 103 CHAPTER-3-A Technical The solution must be a Leader or Challenger in the Gartner Magic Gartner report of 2019 is not yet published so the Gartner Already Clarified above
4 Page No.: 20, Clause No.: 128 CHAPTER-3-A Technical The solution should support Unified Anti-Bot Detection and Does this clause means that a proposed WAF solution should Already Clarified above
Fingure printing, Java Challenge, Browser capability check and
5 Page No.: 20, Clause No.: 127 CHAPTER-3-A Technical Should support persistence mirroring and System must support Kindly elaborate Already Clarified above
6 Page No.: 72, Clause No.: 3.2 CHAPTER 4 - - - COMMERCIAL Tenderer/OEM(through its Indian subsidiary), shall be paid @ 3.5% AMC for security solution like WAF or any similar security Already Clarified above
7 Page No.: 19, Clause No.: 99 CHAPTER-3-A Technical In case of RMA Process, Define the no of days to deliver the Kinldy elaborate as RMA is NBD, do you mean to ask how Already Clarified above
Requirement - - SOR A: Web solution. many days will it take to dleiver the harwdare onsite in case of
Application Firewall RMA ?
Add
itio
nal
Poi
nts
sug
ges
ted
to
be
Add
ed
for
a
bett
er
&
Co
mp
ete
nt
WA
F
Sol
utio
n
8 NA CHAPTER-3-A Technical The proposed WAF solution should also have capability for BOT The proposed WAF solution should also have BOT Detection As per RFP
Anomalies.
FOR SOR-B
SN Page No./clouse No. Particulars Bidder's Comments (BC)
Tender Specification Suggested specification Justification
1 23/22 Solution must be able to perform Source (Client) & Target (Backup Solution must be able to perform Source (Client) & Target As requirement here is for Purpose Built Refer Corrigendum-II
Server) base block-level deduplication without requiring (Backup Server) base block-level deduplication with proposed Backup Appliance, this point is coming as
expensive and proprietary disk appliances. backup solution. contradictory to the ask of an appliance.
2 24/32 Solution should support rapid/instant VM recovery with LiveBoot Solution should support rapid/instant VM recovery for Live Boot is propritory to one specific OEM Refer Corrigendum-II
for Vmware and Microsoft Vmware and Microsoft hence request you to remove this point.
Hyper-V Hyper-V
3 24/34 Solution Should have 48TB of Usable Capacity with HW RAID 60 Solution Should have 48TB of Usable Capacity with HW RAID 6 RAID 60 is not supported on purpose built Already Clarified above
with hotspares with every 15 disks. backup appliance as it will increase the cost
storage per bit hence request you to accept
the suggested change.
FOR SOR-C
SN Page no Clouse no Existing Changes Required
SOR-C-ii -UTM
1 26 6 UTM/NGFW appliance should have at least 32 GB RAM or higher UTM/NGFW appliance should have at least 16 GB RAM or As per RFP
higher
2 26 10 The UTM appliance should be Rack Mountable, not exceeding 1U The UTM appliance should be Rack Mountable, not exceeding Refer Corrigendum-II
with redundant power supply fully populated from day one and 1U with redundant power supply fully populated from day one
should have hot-swappable fan tray/module
3 27 35 The IPS system should have at least 25,000 signatures with The IPS system should have at least 10,000 signatures with Refer Corrigendum-II
support for custom IPS signatures support for custom IPS signatures
SOR-C –iii - Firewall Manager
4 28 3 The management appliance should have 2 x 1G port and The management appliance should have 2 x 1G port. As per RFP
integrated redundant power supply from day one
5 29 14 The centralized management platform must not have any limit in The centralized management platform must have minimum Refer Corrigendum-II
terms of handling logs per day 100 GB limit in terms of handling logs per day
FOR SOR-D
Page no Clouse no Existing Changes Required
SOR-D-iii - Vulnerability Assessment:
46 1 the scanning solution must be software / appliance based, that is Linux flavours is more secure than windows. Therefore , as a Refer Corrigendum-II
deployable in windows and linux platforms request , please arrange to remove the Ms platform
47 13 The Signature database must be exportable to CSV, PDF etc Every OEM has different way of exporting the plugins Refer Corrigendum-II
database, we do in CSV format
48 24 vi) Inventory of Hardware manufacturer for Host OS like Request to remove As per RFP
workstations, Servers and laptops
48 24 vii) Inventory of drives & file shares Request to remove As per RFP
48 31 The solution Must provide a graphical, interactive and search Request to remove Refer Corrigendum-II
friendly topology of the discovered assets
48 46 The solution Must allow various output formats like CSV, DOC, multiple reporting format like PDF, CSV, Richtext and As per RFP
HTML, PDF, XML etc cyberscope. Please remove native support for DoC, HTML and
XML, etc for removing restriction of vendor specific. And
provide common ground.
49 61 iii) Identify vulnerabilities with zero day First inform the zero day vulnerability to the respective OEM As per RFP
and don’t declare it publicly as its likely to be exploited if OEM
is not ready with the solution/Patch.
49 61 iv) Identify Zero Day vulnerabilities first inform the zero day vulnerability to the respective OEM As per RFP
and don’t declare it publicly as its likely to be exploited if OEM
is not ready with the solution/Patch.
50 71 The solution must offers integrated password management CyberArk is global leader in Privilege Identity Management Refer Corrigendum-II
integration with PowerBroker space and is more widely used in India than Beyond Trust.
Password Safe as well as it includes a built-in third party password Request you here to include add cyberArk as well with Beyond
management connector. Trust.
N/A N/A Additional Suggestion
OEM should be the leader as per
Gartner peer Insights
How many number of
applications/URLs they intend to scan?
Page no Clouse no Existing Changes Required

SOR-D-i - SECURITY DETECTION AND
RFP Volume Section and sub- Clause/ Content in the RFP Clarification sought/ Change Request
section
30 SOR-D-i – SOC:, 4. The solution must support auto discovery of assets that are The 'auto discovery of assets' is additional feature of specific As per RFP
ADMINISTRATION AND being protected or monitored and automatically start accepting SIEM OEM but not a general SIEM functionality, hence this
CONFIGURATION events without any administrator intervention through an agent clause must be removed from the RFP
less solution
30 SOR-D-i – SOC:, 5 The solution should support automated classification of assets Please elaborate on 'classification of assets that are being As per RFP
ADMINISTRATION AND that are being protected. protected', this seems value add feature of specific SIEM OEM
CONFIGURATION but not a general SIEM functionality, hence this clause must be
removed from the RFP
31 SOR-D-i – SOC:, OPERATIONAL 6. The solution should support high availability requirements in an Building high availability at different components is design Refer Corrigendum-II
REQUIREMENT embedded fashion at all layers including collection, normalization, aspect, it is not necessary the product must have it as
correlation and management and without the need for additional embedded fashion. This again an OEM specific product
3rd party software to provide 24x7 availability and fault tolerance. feature, request you to modify this as "the proposed SIEM
solution must provide high availability at all layers including
collection, normalization, correlation and management with
the need for additional 3rd party software"
31 SOR-D-i – SOC:, OPERATIONAL 6. The solution should support high availability requirements in an The "support high availability" is just a capability to be present Already Clarified above
REQUIREMENT embedded fashion at all layers including collection, normalization, in the solution, but Railtrail want the bidder to provide SIEM
correlation and management and without the need for additional solution with high availability or stand-alone solution so that
3rd party software to provide 24x7 availability and fault tolerance. HA capability may be leveraged in future ?
31 SOR-D-i – SOC:, OPERATIONAL 13. The solution must maintain an externally accessible store or Scanning IT infra, discovering assets and maintaining inventory As per RFP
REQUIREMENT database of all assets discovered on the network. This asset data are features of "Asset Management Software" tools and may
should include important information about the asset as learned be value add feature of specific SIEM OEM but not a general
by the information collected (i.e. system attributes, network SIEM functionality. Hence this clause must be removed from
attributes, vulnerability state, etc.). The database must provide the RFP
the ability to edit attributes when they cannot be learned (i.e.
department, location, etc.). The user must be able to search this
database.
32 Security and Data Integrity of 2 The system must provide Real-time remote indexing of data to Every SIEM Product have its way to manage the data integrity Refer Corrigendum-II
SIEM minimize the opportunity for alteration of audit trails on for the logs collected in real-time and near-real time. This
compromised hosts clause is specific feature of OEM Product, hence please
4 The solution should block-signs events with a digital signature to remove this or change this to "the system must perform
demonstrate integrity of the indexed data indexing for real-time data and maintain data integrity check
5 The solution must provide event hashing at index time to for both index and processed in a remote location for future
determine at search time if events have been tampered with audit and compliance purposes"
6 The solution must monitors its own configurations and usage to
maintain a complete, digitally signed audit trail of who is
accessing the system, what searches they are running, what
reports they are viewing, what configuration changes they are
making, and more.
32 Security and Data Integrity of 4 The solution must support industry log collection methods While the support of log collection methods is standard ask, As per RFP
SIEM (syslog-UDP (as detailed in RFC 3164) and TCP (as detailed in RFC but for exporting of offline log data or custom data may be
3195),DNS,DHCP, WMI, JDBC, XML,CSV,JSON,SNMP, Checkpoint supported differently by each SIEM OEM. Please modify this
LEA,FTP,S/FTP,ODBC,SDEE,Window event logs-agent based and clause to what RailTel wanted to achieve instead referring to
agent less etc.,mail server, web server),directly pointing to log specific product feature of a OEM SIEM.
files over the network or on the indexer,Custom inputs which
includes scripted and modular inputs, vendor supplied universal
agents.
33 LOG NORMALIZATION AND 7 The system should provide adequate categorization and This is feature is specific to a SIEM OEM not general As per RFP
CATEGORIZATION prioritization of the collected and aggregated events from the functionality of SIEM, hence remove this clause from RFP or
monitored log sources. This entails a deep understanding of the modify this to as per end objective that RailTel wanted to
event types and criticality associated with the events for the achieve.
supported log sources. E.g.: The categorization may by be HIGH,
MEDIUM, LOW or color coding.
34 REPORTING 10 The solution must support the ability to centrally deliver Delivering vulnerability/Asset reports and dashboards is Already Clarified above
vulnerability reports. feature provided by Vulnerability/Asset Management solution,
11 The solution may support the ability to centrally deliver asset this requirement is a feature of specific to a SIEM OEM but not
reports. a general SIEM functionality, hence this clause must be
27 Dashboard should display asset list and capture details removed from the RFP or modify as per end objective that
including name, location, owner, value, IP address, platform RailTel wanted to achieve.
details
36 Open Platform 2 The solution must offers multiple SDKs written on top of the API These features apart from 'support of API for external Refer Corrigendum-II
for: integration' are specific to a SIEM OEM not general
2.1. Python functionality of SIEM, hence remove this clause from RFP or
2.2. Java modify this to as per end objective that RailTel wanted to
2.3. JavaScript achieve.
2.4. PHP
2.5. Ruby
2.6. C#
3 The solution should offers hundreds of free, public Apps for
point products or use cases to create more value and accelerate
time-to-value
37 CORRELATION AND ALERTING 15 The solution may provide an out of the box mechanism to This is feature is specific to a SIEM OEM not general Already Clarified above
discover and classify assets by system type (i.e. mail servers vs. functionality of SIEM, hence remove this clause from RFP or
data base servers) to minimize false positives associated with modify to "the proposed SIEM must collect business context
poor asset classification. such as asset classification data and leverage in better incident
prioritization and reduction of false positives" or as per end
objective that RailTel wanted to achieve.
39 SEARCH 7 The solution must have the ability to directly search raw data This is feature is specific to a SIEM OEM not general As per RFP
(using existing search capabilities) stored externally in Hadoop functionality of SIEM, hence remove this clause from RFP
HDFS file systems and the results made available for advanced
visualizations
41 INDEXING 6 The solution must have ability to import raw data from Hadoop This is feature is specific to a SIEM OEM not general As per RFP
for indexing functionality of SIEM, hence remove this clause from RFP
33 SOR-D-i – SOC, LOG 8 The solution should support longterm access to detailed security Please provide the retention duration for long term and also Refer Corrigendum-II
MANAGEMENT REQUIREMENT event and, if available, network flow data. The system should be would it be offline or online retention ?
able to provide access to at least x months worth of detailed
information.
34 SOR-D-i – SOC, REPORTING 10 The solution must support the ability to centrally deliver This is an additional feature of specific SIEM OEM but not a As per RFP
vulnerability reports. general SIEM functionality, hence this clause must be removed
from the RFP
35 SOR-D-i – SOC, REPORTING Dashboard should display asset list and capture details including Scanning IT infra, discovering assets and maintaining inventory As per RFP
name, location,owner, value, IP address, platform details are features of "Asset Management Software" tools is value
add feature of specific SIEM OEM but not a general SIEM
functionality, hence this clause must be removed from the RFP
42 SOR-D-i – SOC, Packet 1 Perform Full Packet Capture of network traffic with zero packet Please provide how no of network points at each location and Already Clarified above
Capture: loss. Support the retrieval of relevant packets to a cyber security their link bandwidth to be covered by full packet capture
incident solution
6 Solution should be sized for traffic rate of 1Gbps or higher.
42 SOR-D-i – SOC, Packet 12 Should provide Regeneration and Playback functionality: This is feature is specific to a SIEM OEM not general As per RFP
Capture: Ability to create shadow networks. Regeneration and Playback: functionality of SIEM, hence remove this clause from RFP
Point and click to instantly regenerate traffic (at configurable
speeds) to a chosen NIC on a shadow network for further analysis
in 3rd party systems. Without interruption of regular services.
43 SOR-D-i – SOC, Packet 19 Should support Integration With Endpoint Detection and The purpose of EDR solution is to detect malicious As per RFP
Capture: Response (EDR) technology as proposed in the RFP which should software/activities on the endpoint which can't be detected by
remediate and blacklist the suspicious/malicious files in entire AV solution deployed on the same. When these two products
network with one click from same console. The AV and EDR must are from same OEM, it wont be of benefit ( depth in defense).
be from same OEM and provided AV must be leader Gartner
Qudarnt for last 3 years
42 SOR-D-i – SOC, Packet 26 Solution must perform flow generation and analysis and must This is feature is specific to a SIEM OEM not general As per RFP
Capture: perform aggregation of all traffic pertaining to single session with functionality of SIEM, there is not a much value of flow data
a single flow records. when there Deep Packet Inspecting in place with Packet
Capture. Hence remove this clause from RFP
43 SOR-D-i – SOC, Packet 34 The solution provided for SSL decryption must support 78+ Please explain why is that SSL decryption must from the same Refer Corrigendum-II
Capture: Ciphers and TLS 1.3. The packet capyure tool and SSLVA must be OEM that supplies Packet Capture? Not every DPI/Packet
from same OEM. Capture OEM is not into SSL decryption products, and this may
be true for specific OEM. Therefore request you allow the
bidder to support Packet Capture and SSL decryption from
different OEMs.
SOR-E
Page no Clouse no Existing Changes Required Clarification
SOR-E- i- Rack Server:
50 1 General Requirement: Server should be a vSAN certified ready Server should be a vSAN certified ready node or Since the requirement is for VSAN, it is always As per RFP
node a Factory pre-configured integrated and tested VSAN preferred to have a factory pre-configured
Appliance with pre-installed softwares of VSAN, vcenter. appliance
which comes pre-installed with all the
hardwares
and software components with single file
upgrade
for entire solution.
50 1 SAP Certification: Server should be SAP HANA certified. SAP Certification: Server should be preferred to have For wider participation, would request to make As per RFP
SAP HANA certified. it optional.
51 8 Front drive bays: Up to 24 x 2.5” SAS/SATA/SSD Should be scalable upto 16 x 2.5” SAS/SATA/SSD 24 will be specific to a single OEM As per RFP
51 8 12Gbps PCIe 3.0 with RAID 1, 5, 6,10, 50 with 4Gb cache 12Gbps PCIe 3.0 with RAID 1, 5, 6,10, 50 with 2Gb cache 4Gb Cache is specific to a single OEM As per RFP
51 5 Configured CPU Should be populated with 2nos. of Intel Xeon Configured CPU Should be populated with 2nos. of Intel Xeon Would request you to accept this change as Refer Corrigendum-II
Skylake CPU architecture, Skylake CPU architecture, 16 Core CPU only comes with 2.1 GHz
each CPU should be 16 core 2.3Ghz or more. each CPU should be 16 core 2.1Ghz or more. processor ie.
Intel Skylake 6130 procesoor.
51 7 Memory Memory to be configured with 128GB per processor using 32 128 GB memory with 32 GB DIMMS is only As per RFP
configured GB DIMM's scalable to 1.5TB capable
Configured with 128GB using 32 GB DIMM's scalable to 1.5TB to support wit one processor.
51 9 RAID Controller 12Gbps PCIe 3.0 with RAID 1, 5, 6,10, 50 RAID Controller 12Gbps PCIe 3.0 with RAID 1, 5, 6,10, 50 with Since solution based on VSAN always supports As per RFP
with 4Gb cache 4Gb cache is preferred but not mandatory. Raid - 10, 5 and 6 along with caching drives so
would
request to put this caluse as an optional.
51 10 Disks configured 2 nos. of 240GB BOSS card or SATA/SAS SSD in Disks configured 2 nos. of 240GB BOSS card or SATA/SAS SSD Would request you to accept this change as Refer Corrigendum-II
mirrored configuration for OS & 3 nos. of 960 GB SSD SAS and in mirrored configuration for OS & 3 nos. of 800 GB SSD Drives it will clearly defined the sizing guidelines.
6x2.4 TB 10k rpm SAS drives. as caching drives and 6x2.4 TB 10k rpm SAS drives as capacity
drives.
51 11 DVD writer DVD RW Request to remove For wider participation, would request to make Refer Corrigendum-II
it optional.
51 12 I/O slots Up to 6x PCIe Gen3 Slots I/O slots Up to 4x PCIe Gen3 Slots Would request you to accept this change as As per RFP
4 PCI slots per server are enough for scalability.
Also, it will qulify us for the participation
51 13 Ethernet ports 2 x 1G RJ45 and 2 x 10G SFP+ populated with Ethernet ports 1 x 1G RJ45 for Management Ports and 4 x 10G For wider participation, would request to Already Clarified above
Multimode Transceivers. SFP+ populated with Multimode Transceivers. accept this
change.
52 24 Intrusion alert in case chassis cover being opened Request to removed Specific to single OEM As per RFP
Page no Clouse no Existing Changes Required Clarification

SOR-E- ii- switch
53 12 Switch should have a minimum 40MB buffer of more. We request to modify the minimum buffer to 32MB for better request to please change the clause to "Switch Refer Corrigendum-II
participation should have a minimum 32MB buffer of more"
FIRM-3: DXC Technology [email protected]

SN Section Pg No Clause Remarks Suggested Changes
1 SOR-D-i – SOC 41 4.7 PCAP Files This would be available on the PCAP solution in raw format Kindly remove the clause As per RFP
2 SOR-D-i – SOC 41 Packet Capture The Packet capture soltuion should be a separate solution and Kindly add a separate SOR for Packet Capture Refer Corrigendum-II
should come as a separate requirement (SOR). In its current solution
state this favors OEMs who have both SIEM and Packet
capture offerings. Kindly also refer Pg 6, Clause VII where it is
mentioned that the bidder can quote only one OEM against
one SOR.
3 SOR-D – iv - Vulnerability Assessment: 46 Vulnerability Assessment The Vulnerability Assessment soltuion should be a separate Kindly add a separate SOR for Vulnerability Refer Corrigendum-II
solution and should come as a separate requirement (SOR). In Assessment solution
its current state this favors OEMs who have both SIEM and
Vulnerability Assessment offerings. Kindly also refer Pg 6,
Clause VII where it is mentioned that the bidder can quote
only one OEM against one SOR.
4 SOR-D-ii & iii - Anti Virus + EDR (Client 43 The solution must be in Leader's quadrant of the latest Gartner There are other analyst reports where we have been The solution must be in Leader's quadrant of As per RFP
& Server) Magic Quadrant report on End Point Protection recognized as leaders, IDC being one among them. the latest Gartner Magic Quadrant report on
End Point Protection or IDC Marketscape for
worldwide endpoint specialized threat analysis
and protection
5 SOR-D-ii & iii - Anti Virus + EDR (Client 46 Solution should have Deception component from same or Deception technologies are used to lure attackers using Kindly remove this requirement. As per RFP
& Server) different OEM which helps identify the unknown attacks that different mechanisms which may include a separate agent.
conduct file traversals, network discovery, terminate processes, Typical deception architecture would include a separate setup
try to conduct credential theft, altogether that will have endpoint lures; network traps; OS
and more traps all integrated with an intelligence platform and an
operations console. This is in itself a requirement with multiple
components and should be a separate requirement altogether.
6 SOR-C-ii -UTM 26 UTM/NGFW appliance should have at least 32 GB RAM or higher UTM/NGFW appliance should have at least 16 Already Clarified above
GB RAM or higher
7 SOR-C-ii -UTM 26 The UTM appliance should be Rack Mountable, not exceeding 1U The UTM appliance should be Rack Mountable, Already Clarified above
with redundant power supply fully populated from day one and not exceeding 1U with redundant power supply
should have hot-swappable fan tray/module fully populated from day one
8 SOR-C-ii -UTM 27 The IPS system should have at least 25,000 signatures with The IPS system should have at least 10,000 Already Clarified above
support for custom IPS signatures signatures with support for custom IPS
signatures
9 SOR-C –iii - Firewall Manager 28 The management appliance should have 2 x 1G port and The management appliance should have 2 x 1G Already Clarified above
integrated redundant power supply from day one port.
10 SOR-C –iii - Firewall Manager 29 The centralized management platform must not have any limit in The centralized management platform must Already Clarified above
terms of handling logs per day have minimum 100 GB limit in terms of
handling logs per day
FIRM-4: Inspira Enterprise India Pvt. Naveen Datta: [email protected]
Ltd.
SN Tender clause No. Tender Pg No. Tender clause description Modification/Clarification Justification
1 Page No.: 73, Clause No.: 3.3 73 Separate agreement for AMC (Long term Maintenance Support) Pls confirm if Bank Gaurantee of 10% of AMC PO value to be Clarity for the same in better cost estimation No Change. PO for
before expiry of warranty period shall be entered with OEM/the submitted. AMC will be isuued
authorized partner of OEM by RailTel. after expiry of
A fresh Bank Guarantee @10% of issued LOA/PO value valid for Warranty.
64 months (4 months beyond the AMC period of 5 years)from the On submission of PBG
date of issue of LOA shall be required to be submitted by OEM/ against AMC PO, BG
Tenderer for due fulfillment of long term maintenance support submitted against main
obligation. PO will be released.
2 Page No.: 5, Clause No.:SOR 5 SOR G Pls confirm if we have to enter incremental percentage or clarity for the same is required for quoting Bidder has to quote
incremental value in price bid for SOR G perfectly incremental
percentage.
Pls confirm if the SOR G shall be awarded in a single PO along Clarity for the same in better cost estimation No PO for SOR G (AMC)
with other SOR. will be issued on expiry
of warranty.
3 Page No.: 11, Clause No.:12 F 11 Selection of vendors for RA shall be as under: Pls clarify what will be the qualifying criteria for selection of 3 Criteria for selection is not mentioned
tenderers for participating in RA
If the number of tenderers qualified are 3 to 6, only 3 tenderers
shall be eligible for participating in RA.
4 Page No.: 11, Clause No.:12 F 11 If the number of tenderers qualified are more than 6, only 50% of Pls clarify what will be the qualifying criteria for selection of Criteria for selection is not mentioned
tenderers shall be eligible for RA (rounded off to next higher 50% of tenderers for participating in RA
integer).
5 Page No.: 13, Chapter 3 A - 2 13 Bidder should have backend tie-ups with the respective OEMs to Bidder should have backend tie-ups with the respective OEMs Quantiying the OEM professional services shall Refer Corrigendum-II
provide required technical support along with OEM professional to provide required technical support along with 30 days of be beneficial for Railtel as it would ensure the
services for the supplied Hardware, Software, Network OEM professional services for the supplied Hardware, duration of assured Services.
equipment and Network & Security software for their installation, Software, Network equipment and Network & Security
configuration, fine-tuning, integration with existing components software for their installation,
and commissioning to meet the functional requirements. OEMs configuration, fine-tuning, integration with existing
shall also be responsible for successful implementation and components and commissioning to meet the functional
system operations. requirements. OEMs shall also be responsible for successful
implementation and system operations.
6 Page No.: 13, Chapter 3 A - Note 2 13 Bidder should submit the vetted BOM from their respective Bidder should submit the signed BOM from their respective Signed BOM on OEM letter head ensures As per RFP
OEMs. OEMs on OEM letter head. propoer vetting.
7 Page No.: 6,Note: V (A) 6 Integration with existing Network as required. Pls share details of Existing Network No Justification As per RFP.
8 Page No.: 64, Clause No.: 1.2 64 Under exceptional circumstance, if it is not feasible to conduct Under exceptional circumstance, if it is not feasible to conduct After Test reports genreration the equipment is As per RFP
Factory Acceptance Testing (FAT) at manufacturing facility, the Factory Acceptance Testing (FAT) at manufacturing facility, the shipped from manufacturing facility to
equipment shall be accepted on the basis of certified equipment shall be accepted on the basis of certified warehouse. It is not feasible to carry out
manufacturer test report. In that case preliminary inspection of manufacturer test report. In that case preliminary inspection detailed testing at warehouse. Request to
the equipment shall be arranged by the vendor at a suitable of the equipment shall be arranged by the vendor at a suitable please consider physical verification in
facility within India and detail inspection at site as per mutually facility within India and brief inspection at site as per mutually inspection
agreed testing procedure. Exemption of inspection at factory agreed testing procedure like physical verification shall be
premises (FAT) will be at the sole discretion of RailTel. carried out. Exemption of inspection at factory premises (FAT)
will be at the sole discretion of RailTel.
9 Page No.: 72, Clause No.: 2.4.3 72 During the free warranty maintenance period contractor should Request to please define maximum duration of extension We have to consider cost for same in bid. Open As per RFP
stabilize the working of the system. Purchaser has the right to period of supervision. ended timeline shall result in incorrect cost
extend the period of supervision of the maintenance free of cost estimation.
till the system stabilizes and works satisfactorily for a reasonable
period of time. If during the time any equipment etc. is to be
added or deficiencies are to be rectified to make the system work
trouble free the same also will have to be done by the contractor
at no cost to RailTel as to make good all the deficiencies.
Also if the scope is changed by Railtel and deficiencies arise No Justification As per RFP
due to same then the additional requirement shall be taken
care by Railtel.
10 Page No.: 73, Clause No.: 5.2 73 last 5% payment of the value of Supply items of the PO shall be Can the BG equivalent to 5% and valid for one year after PAC No Justification Standered Clause, As
made by RailTel on issue of Final Acceptance Certificate (FAC) be acceptable for claiming the balance 5% amount. per RFP.
11 Page No.: 74, Clause No.: 5.7.1 74 final 5% on issue of Final Acceptance Certificate Can the BG equivalent to 5% and valid for one year after PAC No Justification Standered Clause, As
be acceptable for claiming the balance 5% amount. per RFP.
12 Page No.: 77, Clause No.: 12.1.2 77 The Tenderer/bidder should have supplied and provision of similar The Tenderer/bidder should have supplied and provision of It is suitable to mention the requisite As per RFP
offered security solution with satisfactory working as to similar offered security solution like NG Firewall or UTM and experience so that appropriate bidder with
Government/PSUs/Telecom Service Providers/Public Listed SIEM+SOC with satisfactory working as to required experience to qualify.
Company during the last three years from the date of opening of Government/PSUs/Telecom Service Providers/Public Listed
tender. Company/ Public Sector Banks during the last three years
from the date of opening of tender.
13 Page No.: 84, Clause No.: 33.5.9 84 Documentary proof of equipment being proven and working for Shall OEM certification w.r.t documentary prrof be acceptable No Justification As per RFP
more than 6 months in India or outside India along with user
certificate and Contact Details of user/firm.
14 Page No.: 89, Clause No.: 12.2.1 89 The tenderer should present at least one (1) project worth at least The tenderer should present at least one (1) project worth at It is suitable to mention the requisite As per RFP
INR 7.52Crore showcasing supply, installation, testing, least INR 7.52 Crore showcasing supply, installation, testing, experience so that appropriate bidder with
commissioning, implementation and operations projects for Data commissioning, implementation and operations projects for required experience to qualify.
Center solutions commercially in India in the last 3 years. Data Center solutions and one project of next generation
SIEM+SOC commercially in India in the last 3 years.
15 Additional clause suggestions It is suggested to ask from bidder for certified resources 1 no. These certificates shall ensure that the bidder As per RFP
each as follows and to furnish the certificates: with right skill set of resources qualify.
1) CISSP
2) PMP/Prince 2
3) HCI OEM certified professional level.
10 resource of ISO 27001 Lead auditor
16 Additional clause suggestions It is suggested to ask from bidder for furnishing 2 nos. As SOC is the major part of this RFP so As per RFP
Purchase order from Government/PSUs/Telecom Service experience pertainig to the EPS deployment
Providers/Public Listed Company/ Banks for implementation of shall ensure the requisite bidder capabilities
SOC for minimum 30000 EPS in India in last 3 years. can be ascertained from the furnished
Purchase Orders.
17 Page No.: 26, SOR-C –ii - UTM: > S.No. 26 UTM/NGFW appliance should have at least 32 GB RAM or higher We request you to kindly modify this clause as "UTM/NGFW No Justification Already Clarified above
6 appliance should have at least 16 GB RAM or higher"
18 Page No.: 26, SOR-C –ii - UTM: > S.No. 26 The UTM appliance should be Rack Mountable, not exceeding 1U We request you to kindly modify this clause as "The UTM No Justification Already Clarified above
10 with redundant power supply fully populated from day one and appliance should be Rack Mountable, not exceeding 1U with
should have hot-swappable fan tray/module redundant power supply fully populated from day one "
19 Page No.: 27, SOR-C –ii - UTM:> S. No. 27 The IPS system should have at least 25,000 signatures with We request you to kindly modify this clause as "The IPS system No Justification Already Clarified above
35 support for custom IPS signatures should have at least 10,000 signatures with support for custom
IPS signatures"
20 Page No.: 28, SOR-C –iii – Firewall 28 The management appliance should have 2 x 1G port and We request you to kindly modify this clause as "The No Justification Already Clarified above
Manager: > S. No. 3 integrated redundant power supply from day one management appliance should have 2 x 1G port."
21 Page No.: 29, SOR-C –iii – Firewall 29 The centralized management platform must not have any limit in We request you to kindly modify this clause as "The No Justification Already Clarified above
Manager: > S. No. 14 terms of handling logs per day centralized management platform must have minimum 100
GB limit in terms of handling logs per day"
22 Page No.: 22, CHAPTER-3-A Technical 22 5. Solution Must support Host-Level Virtual Environments Please modify Clause as "Solution Must support Host-Level This is recommended for considering current Refer Corrigendum-II
Requirement Including VMware vSphere, Microsoft Hyper-V Hypervisor integration for Virtual Environments Including and future requirment for cloud Infrastructure
SOR-B: Backup Solution VMware vSphere, Microsoft Hyper-V, RedHat KVM, Nutanix of the Railtel Department.
AHV, OpenStack and Containers"
23 Page No.: 22, CHAPTER-3-A Technical 22 6. Solution must support back agents Including Microsoft Please modify Clause as "Solution must support back agents This is recommended for considering current As per RFP
Requirement Windows (Windows Server, Hyper-V, Exchange, SQL), Linux and Including Microsoft Windows, Linux, Unix and macOS. Also and future requirment for cloud Infrastructure
SOR-B: Backup Solution macOS include Agent/Modules for online backup of applications and of the Railtel Department.
databases such as MS Exchange, MS SQL, Oracle, DB2, Sybase,
MySQL, MongoDB, PostGre SQL and distributed
databases/filesystems like NoSQL, Bigdata and hadoop. "
24 Page No.: 23, CHAPTER-3-A Technical 23 9. Solution must support Advanced sharing of different media Please modify as "Solution must support Advanced sharing of Optical device like CD,DVD cannot be shared Refer Corrigendum-II
Requirement across the environment (disk, tape and optical). different media across the environment (disk and tape)." and usually never used as backup storage, so
SOR-B: Backup Solution request to remove Optical word.
25 Page No.: 23, CHAPTER-3-A Technical 23 11. Solution should offer rate limiting for data sent offsite to limit Please modify clause as "Solution should offer inbuild WAN This clause is specific to some vendor, request As per RFP
Requirement the impact of replication on critical Internet resources. Optimizer for data sent offsite to limit the impact of replication to modify it as requested so that most of
SOR-B: Backup Solution on critical Internet resources." Enterprise backup vendors will participate in
the bid. WAN optimization is the proper term
and feature in most of backup solutions for
optimizing backup data replication to offsite
location.
26 Page No.: 23, CHAPTER-3-A Technical 23 15. Solution should offer message level backups for MS Exchange Please modify clause as " Solution should offer full backup of This clause looks favouring a specific vendor Refer Corrigendum-II
Requirement and allow for restore of individual messages or entire folders. MS Exchange databases and allow for restore of full and and not a geniric feature. Please note most of
SOR-B: Backup Solution individual messages." the enterprise backup solution vendors provide
MS Exchange backup at database level,
however the restore can be done on granular
single mail/message level. please modify so
that most of enterprise backup solution
vendors can participate in the bid.
27 Page No.: 23, CHAPTER-3-A Technical 23 18. Solution must support GUI with centralized management / Please modify clause as "Solution must support GUI with request to remove archival word as this Refer Corrigendum-II
Requirement Single interface for management of all backup and archival centralized management / Single interface for management of requirment is related to a backup solution and
SOR-B: Backup Solution activities. all backup activities. not the archival software, both of them cater
to a different requirment.
28 Page No.: 23, CHAPTER-3-A Technical 23 19. Solution must support Advanced sharing of different media Remove this repeated clause no 9 Repeated clause, request to delete clause or Refer Corrigendum-II
Requirement across the environment (disk, tape and optical). remove optical word.
SOR-B: Backup Solution
29 Page No.: 24, CHAPTER-3-A Technical 24 32. Solution should support rapid/instant VM recovery with Please modify clause as "Solution should support rapid/instant This is recommended for considering current Already Clarified above
Requirement LiveBoot for Vmware and Microsoft Hyper-V VM recovery with LiveBoot for proposed virtualization and future requirment for cloud Infrastructure
SOR-B: Backup Solution hypervisor platform" of the Railtel Department.
30 Page No.: 24, CHAPTER-3-A Technical 24 34. Solution Should have 48TB of Usable Capacity with HW RAID Please modify clause as "Backup Appliance Should have No Justification Already Clarified above
Requirement 60 minimum 50TB of Usable Capacity and scalable to more than
SOR-B: Backup Solution 300TB Usable with HW RAID 60"
31 Page No.: 24, CHAPTER-3-A Technical 24 35 . Appliance Should have 2 x 10Gb RJ45 or 2-port SFP+ Network Please modify clause as "Appliance Should have minimum 4 x Considering current and furture requirments of As per RFP
Requirement Interface 1Gbps Ethernet, 4 x 10Gbps Ethernet(SFP and Copper) and 2 railtel cloud infrastructure, it is necessary for
SOR-B: Backup Solution Fibre Channel ports of minimum 8Gbps speed" department to request for all the necessary
network interfaces in requested backup
appliance. Please note almost all the backup
appliance vendors provide all 1Gbps, 10Gbps
and FC ports with their devices and if not
rerequested, department may get the
appliance missing these common required
interfaces.
32 Page No.: 53, SOR-E-ii-10G Switch > 53 The switch quoted should be part of latest Gartner's Leader Hence, we request you to kindly modify this clause as " The As in gartner quadrant published document Refer Corrigendum-II
SN - 5 Quadrant for Data Center networking switching OEM should be in Gartner Leader Quadrant for Data switching OEM is mentoned and not switch
Center Networking"
33 SOR-E-ii-10G Switch >SN-12 53 Switch should have a minimum 40MB buffer of more. This clause is specific to a single OEM. Hence, we request you No Justification Already Clarified above
to kindly modify this clause as "Switch support 32Mb buffer"
34 SOR-E-ii-10G Switch > SN-13 53 Switch should have smart buffering mechanism to classify long - This looks OEM specific customer should add As per RFP
lived versus short lived flows and must have capability to this or similar technologies to achive the
dynamically prioritize short lived flows during congestion to avoid functionality
packet drop of mission critical traffic.
35 SOR-E-ii-10G Switch > SN-56 55 Switch should support Dynamic ARP Inspection to ensure host This clause is specific to a single OEM. Hence, we request you Same functionality can be achived via Static As per RFP
integrity by preventing malicious users from exploiting the to kindly modify this clause as "Switch should support ARP ARP Inspection.
insecure nature of the ARP protocol Inspection"
36 SOR-E-ii-10G Switch > SN-62 55 Switch should support for capturing packets for identifying This clause is specific to a single OEM. Hence, we request you No Justification As per RFP
application performance using local and remote port mirroring for to kindly modify this clause as "Switch should support Port
packet captures Mirroring"
37 SOR-E-ii-10G Switch> SN-67 56 Switch should support for predefined and customized execution The statement looks grammatically incorrect customer No Justification As per RFP
of script for device mange for automatic and scheduled system requirment needs to be rephrased
status update for monitoring and management
38 SOR-E-ii-10G Switch >SN-75 56 Switch should support NTP to provide an accurate and consistent This clause is specific to a single OEM and feature is with only This feature is not available in our proposed As per RFP
timestamp over IPv6 to synchronize log collection and events single OEM. Hence, we request you to kindly modify this OEM and is limiting our participation
clause as "Switch should support NTP Support over IPv4"
39 CHAPTER-3-A Technical Requirement - 15 The solution must have a database of minimally 6000+ signatures Is the expectation by this requirement that the proposed No Justification Already Clarified above
- SOR A: Web Application Firewall > that are designed to detect known problems and attacks on web solution should have a minimum of 6000 signatures as default
So. No 22 applications. to detect and protect Web Applications. Kindly clarify
40 CHAPTER-3-A Technical Requirement - 19 System must have minimum(fully populated) 6 x10G SFP+ Ports we understand that it s a multimode SFPs that is required but No Justification Already Clarified above
- SOR A: Web Application Firewall > and 2 x 40G ports. Populated Optics should be Multimode. as required the appliance has to be fully populated request
So. No 104 you to Kindly clarify how many Interfaces is required for each
41 CHAPTER-3-A Technical Requirement - 19 The solution must be a Leader or Challenger in the Gartner Magic Pls clarify that the gartner report of any year mentioned in the No Justification Already Clarified above
- SOR A: Web Application Firewall> Quadrant of Web Application Firewalls 2017/2018/2019 clause shall fulfill the clause requirement.
So. No 103
42 CHAPTER-3-A Technical Requirement - 20 The solution should support Unified Anti-Bot Detection and Does this clause means that a proposed WAF solution should No Justification Already Clarified above
- SOR A: Web Application Firewall> Protection & Cloning Application Traffic have capability to detect and mitigate BOT attacks using
So. No 128 multiple level of security checks Via Bot Signature, Application
43 CHAPTER-3-A Technical Requirement - 20 Should support persistence mirroring and System must support This requirement is not clear so request to please elaborate. No Justification Already Clarified above
- SOR A: Web Application Firewall > interactive Layer 7 health checks for the application availability
So. No 127
44 CHAPTER-3-A Technical Requirement - 19 The proposed WAF solution should also have capability for BOT The proposed WAF solution should also have BOT Detection No Justification Already Clarified above
- SOR A: Web Application Firewall, 99 Detection that have capability to identify Bot Signature + DNS feature that have capability to identify Bot Signature + DNS
checks, Java script challenge + Browser Fingerprinting, Browser checks, Java script challenge + Browser Fingerprinting, Browser
Anomalies.
Additional Points suggested to be No Justification
Added for a better & Competent WAF
Solution
45 CHAPTER-3-A Technical Requirement - NA The proposed WAF solution should also have capability for BOT The proposed WAF solution should also have BOT Detection No Justification Already Clarified above
- SOR A: Web Application Firewall Detection that have capability to identify Bot Signature + DNS feature that have capability to identify Bot Signature + DNS
checks, Java script challenge + Browser Fingerprinting, Browser checks, Java script challenge + Browser Fingerprinting, Browser
Anomalies.
46 SOR-D-ii&iii > S. No. 31 44 Solution must provide to create classify applications which are We request department to remove this clause. No Justification Refer Corrigendum-II
attempting network access, and block unauthorized connections
and data transfers by malicious programs.
47 SOR-D-ii&iii > S. No. 36 45 After development of signatures for logs submitted for a We request department to remove this clause. No Justification Refer Corrigendum-II
suspicious system, analysis report must be submitted to RailTel.
The Analysis report should contain IP address of the system, List
of files found suspicious in the submitted log
48 SOR-D-ii&iii > S. No. 46 45 Solution must provide a Utility program for all supported We request department to remove this clause. No Justification Refer Corrigendum-II
Windows, Linux and MAC operating systems for collecting logs of
infected endpoints for analyzing and developing signatures.
49 SOR-D-ii&iii > 43 Anti Virus + EDR (Client & Server) Does RailTel only looking for a Antivirus EDR solution for No Justification As per RFP
Server. As for server security, an enhanced security solution is
also required along with AV.
50 SOR-D-i-SOC > S. No. 19 42 Should support Integration With Endpoint Detection and We request department to elaborate more on the EDR No Justification Already Clarified above
Response (EDR) technology as proposed in the RFP which should requirement in the RFP.
remediate and blacklist the suspicious/malicious files in entire
network with one click from same console
51 SCHEDULE OF REQUIREMENT 5 Commercial SOC includes software components SIEM, Incident Since Quantity is mentioned as 1, Please clarify No Justification As per RFP
forensic and packet capture.
1) if SIEM needs to be deployed in HA in DC ?
2) If DR is to be considered for SIEM instance?
52 SOR-D-i – SOC:> Detailed Technical 29 The proposed solution should be able to handle 10,000 sustained Please suggest if proposed hardware should support 80000 No Justification Already Clarified above
Specifications EPS & 5000 Flows/sec from day one and scalable to 80,000. EPS scalability without further hardware expansion. Also,
kindly confirm the flow/sec scalability.
We suggest to have following clause -
The proposed solution should be able to handle 10,000 EPS&

5000 Flows/sec from day one and should be scalable to handle
40,000 EPS & 10,000 FPS on the same hardware and solution
should be horizontally scalable to 80,000 EPS by adding
additional hardware.
53 Detailed Technical Specifications 29 The proposed solution should be able to handle 10,000 sustained Kindly confirm the log sources locations so as to size collectors No Justification Already Clarified above
EPS & 5000 Flows/sec from day one and scalable to 80,000. for the same.
54 Detailed Technical Specifications 30 The Bidder will give the hardware sizing for the EPS count We understand bidder doesn't need to provision hardware for No Justification Refer Corrigendum-II
required if solution is software based. software based solution. Pls confirm.
55 Detailed Technical Specifications 30 The Bidder will give the hardware sizing for the EPS count Kindly confirm the log & flow retention policy(online & offline) No Justification Already Clarified above
required if solution is software based. so as to suggest on storage requirements.
56 Detailed Technical Specifications 31 The solution should support high availability requirements in an Kindly confirm if solution needs to be deployed in high No Justification Already Clarified above
embedded fashion at all layers including collection, normalization, availability at all the layers ?
correlation and management and without the need for additional
3rd party software to provide 24x7 availability and fault tolerance.
57 Detailed Technical Specifications 32 The solution must easily expand to support additional demand. Kindly clarify additional demand if this is w.r.t additional No Justification Refer Corrigendum-II
EPS/log sources integration.
58 Detailed Technical Specifications 32 The solution should block-signs events with a digital signature to We suggest to modify this clause to read as " The solution No Justification As per RFP
demonstrate integrity of the indexed data should be able to support integrity of the indexed data" since
most of the SIEM players doesn't support digitial signatures.
59 Detailed Technical Specifications 32 The solution must monitors its own configurations and usage to We suggest to modify this clause to read as "The solution must No Justification As per RFP
maintain a complete, digitally signed audit trail of who is monitor its own configurations and usage to maintain a
accessing the system, what searches they are running, what complete, audit trail of who is accessing the system, what
reports they are viewing, what configuration changes they are searches they are running, what reports they are viewing,
making, and more. what configuration changes they are making, and more." since
most of the SIEM players doesn't suport digital signature
60 Detailed Technical Specifications 32 The solution must support Disaster Recovery.It should have the Kindly confirm if solution needs to be deployed in DR as well. No Justification As per RFP
provision to run in active / passive mode in a DC-DR environment Also, will this DR be in Active/Passive Mode.
and should be able to failover to automatically DR in case of a
primary failure. Incase of passive DR, kindly confirm the RTO/RPO to adhere.
61 Detailed Technical Specifications 41 Perform Full Packet Capture of network traffic with zero packet Please confirm the number of locations & interfaces to be No Justification As per RFP.
loss. Support the retrieval of captured for packet capture.
relevant packets to a cyber security incident
62 Detailed Technical Specifications 42 Should be able to support integration with Endpoint We suggest to read this clause as "Should be able to support No Justification As per RFP
Management/EDR solution for remediation endpoints via single integration with Endpoint Management/EDR solution for
agent EDR and Anti-virus solution.The AV and EDR must be from remediation endpoints "
same OEM. Provided AV must be in leaders Gartner Quadrant.
63 Detailed Technical Specifications 42 Should be an on-premise appliance-based solution with capability We recommend to have appliance based solution for packet No Justification Already Clarified above
to do packet capture, storage, protocol dissection. analysis.
We suggest to have software based solution for storing pcap

and session reconstruction.
64 Detailed Technical Specifications 42 Should be an on-premise appliance-based solution with capability Kindly confirm following for sizing the packet solution - No Justification As per RFP
to do packet capture, storage,
protocol dissection. 1) No of locations/interfaces including DC & DR for packet data
collection
2) Link & current bandwidth utilization details for each
interface/location to be cpatured
3) Retention policy to be considered for raw & meta data
retention.
65 Detailed Technical Specifications 42 Should capture signature/heuristics and behavioral based alerts We suggest to remove this clause since Packet capture No Justification Refer Corrigendum-II
and block the malicious activity solutions are not supposed to block the activity
66 Detailed Technical Specifications 42 Solution must support provision to implement custom Kindly provide with the expectations. No Justification Refer Corrigendum-II
environment.
67 Detailed Technical Specifications 42 The solution should be able to provide suggested mitigation Clause mentioned are applicable to SOAR platform hence we No Justification As per RFP
actions for events suggest to remove this clause from packet capture.
68 Detailed Technical Specifications 42 Proposed solution should Integrate with On Premise Malware We suggest to remove "The ATP solution must be able to No Justification Refer Corrigendum-II
Sandbox Analytics solution. Security analytics should be able submit files for sandbox." from the mentioned clause since
submit files for detonation and analysis.The ATP solution must be packet capture & ATP solution are different.
able to submit files for sandbox.
69 Detailed Technical Specifications 42 Should support Integration With Endpoint Detection and We suggest to remove this clause since this clause is not No Justification As per RFP
Response (EDR) technology as proposed in the RFP which should applicable to Packet Capture solution.
network with one click from same console. The AV and EDR must
70 Detailed Technical Specifications 35 "The solution should include following native visualizations: This seems to be specific OEM clause hence we request to No Justification As per RFP
remove this clause
Tables
Time charts
Line charts
Bar charts
Area charts
Pie charts
Scatterplot charts
Radial, filler, and marker gauges
Geo-IP maps"
71 Detailed Technical Specifications 35 The solution should have the ability to convert dashboards into This seems to be specific OEM clause hence we request to No Justification As per RFP
PDF files and schedule them to be emailed to others. remove this clause
72 Detailed Technical Specifications 35 The solution should have the ability to integrate with external This seems to be specific OEM clause hence we request to No Justification As per RFP
visualization frameworks and options (D3, Tableau, etc) for remove this clause
additional visualizations
73 Detailed Technical Specifications 36 Dashboard should support export of data to multiple formats This seems to be specific OEM clause hence we request to No Justification As per RFP
including CSV, Excel, PDF remove this clause
74 Detailed Technical Specifications 36 The solution must offers multiple SDKs written on top of the API This seems to be specific OEM clause hence we request to No Justification As per RFP
for: remove this clause
Python
Java
JavaScript
PHP
Ruby
C#
75 Detailed Technical Specifications 36 The solution must assist in following use cases due to indexed This seems to be specific OEM clause hence we request to No Justification As per RFP
data leading to a high ROI and cross-department collaboration. remove this clause
Compliance
Fraud
IT Operations
Application Management
Web/Digital Intelligence
Business Analytics
Industrial Data and Internet of Things
76 Detailed Technical Specifications 38 The solution must be able to do full-text search on any field in the This seems to be specific OEM clause hence we request to No Justification As per RFP
indexed data based on: remove this clause
Keywords
Time ranges
Specific or relative time windows down to the
month/day/minute/second
Boolean logic (and, or, not, etc)
Regular expressions
Wild card syntax
Statistical analysis including:
Count of occurrences, distinct count of occurrences, sum
Most common values or least common values of a field
Minimum, maximum
Average, mean, mode, median
Standard deviation, variance
The identification of anomalous values in results that may be
irregular, or uncommon
The statistical correlation between fields
Clustering of events together based on their similarity to each
other as a single event
Truncate outlying numerical values in selected fields to assist in
statistical correlation
First and last seen value
Percentile
Predicted values (search that looks at historical data to
mathematically predict future values)
Perform a union, diff, or intersection of individual or multiple
search results
77 Detailed Technical Specifications 38 The solution must be able to do baselining and then apply the This seems to be specific OEM clause hence we request to No Justification As per RFP
above search logic to find outlier/anomalies from the baseline remove this clause
that may be advanced, non-signature based threats
78 SOR-D-ii & iii - Anti Virus + EDR (Client 43, Point no. 20 Shall offer customizable & standard notifications via - SMTP, Pager is an obsolete technology and most of vendors has stop No Justification Refer Corrigendum-II
& Server): SNMP, Pager, NT Event Log supporting as a medium for sending notification so we request
you to kindly modify this clause as "Shall offer customizable &
standard notifications via - SMTP, SNMP, NT Event Log"
79 SOR-D-ii & iii - Anti Virus + EDR (Client 43, Point no. 21 The solution should provide quarantine management in order to This is specific to one OEM and restricting us from No Justification As per RFP
& Server): prevent spreading. A management interface must be provided to participation
allow the administrator to review, sort and analyze quarantined
items. so we request you to kindly modify this clause as "
The solution should provide quarantine management in order
to prevent spreading. A management must be provided to
allow the administrator to restore quarantined items in case
file found to be legitimate"
80 SOR-D-ii & iii - Anti Virus + EDR (Client 43, Point no. 28 Solution must provide virtualized environment Please help in elaborating the use case of this requirement No Justification Refer Corrigendum-II
& Server):
81 SOR-D-ii & iii - Anti Virus + EDR (Client 45, Point no. 56 The solution should combine NIPS (network) and HIPS (host) This is specific to one OEM and restricting us from No Justification Refer Corrigendum-II
& Server): based signature to proactively protect against intrusion targeted participation
at the servers or provide attack prevention using the least
privilege containment approach so we request you to kindly modify this clause as "The
solution should use HIPS (host) based signature to proactively
protect against intrusion targeted at the servers"
82 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 70 Solution should have an emulator to cause threats to reveal This is specific to one OEM and restricting us from No Justification Refer Corrigendum-II
& Server): themselves. This should not be a part of sandboxing and should participation
run individually in each agent So we request you to kindly modify this clause as" Solution
should have a mechanism to Identifies packed malware in
memory as it unpacks prior to execution using machine
learning functionality"
83 SOR-D-ii & iii - Anti Virus + EDR (Client 45, Point no. 71 Solution should have Deception component from same or This is specific to one OEM and restricting us from No Justification As per RFP
& Server): different OEM which helps identify the unknown attacks that participation
conduct file traversals, network discovery, terminate processes,
try to conduct credential theft, and more Clause Should Read as :
Solution should have functionality which helps identify the
unknown attacks
84 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 73 The Solution should check for the existence for antivirus software, This is specific to one OEM and restricting us from No Justification As per RFP
& Server): patches, hot fixes, and other security requirements. For example, participation
the policy may check whether the latest OS patches have been
applied to the operating system. So we request you to kindly modify this clause as" The Solution
should check for the existence of open known vulnerabilities
and shield them using virtual patching technology"
85 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 74 If the host is non-compliant with the policies, the solution must This is specific to one OEM and restricting us from No Justification As per RFP
& Server) automatically initiate remedial action, downloading and participation. Hence we request you to kindly remove this
executing/inserting a software, running scripts , by setting clause to allow alteast more than one OEM participation
required registries keys. The solution should recheck host for
compliance after remediation and grant access for the compliant
host to the network.
86 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 75 The solution must be able check whether required software, This is specific to one OEM and restricting us from No Justification As per RFP
& Server) security patches and hot fixes have not been installed on the participation. Hence we request you to kindly remove this
endpoint as mandated by organization, the solution should be set clause to allow alteast more than one OEM participation
to connect to an update server to download and install the
required software based on the policy.
87 SOR-D-i – SOC:Packet Capture 41 Specifications from Serial no. 1 to 38 Specificaitons are specific to one particular OEM and No Justification As per RFP
restricting us from participation. Hence we request you to
kindly remove this clause to allow alteast more than one OEM
participation
88 2 28 The management platform must be a dedicated OEM appliance Rrequest to please change the clause to "The management A virtual appliance is more flexible and As per RFP
and VM running on server will not be accepted platform must be a dedicated OEM appliance orr VM running scalable. Rresticting the solution to a HW based
on server" appliance will rrestric competition.
89 8 28 The management platform must be capable of integrating third Request to please delete this item This is a SIEM capability and since SIEM has As per RFP
party vulnerability information into threat policy adjustment been requested as a separate item in SOR
routines and automated tuning workflows thereforre this functionaality is not required on
the FW manager
90 SOR-E-ii-10G Switch 27 Switch should support multi OEM hypervisor environment and Our proposed OEM is partially complied as they As per RFP
should be able to sense movement of VM and configure network support this for VM ware
automatically.
91 SOR-E-ii-10G Switch 53 Switch should support for stringent security policies based on Our proposed OEM is Partiall Complaint, they As per RFP
time of day of Layer-2 to Layer-4 don’t support this by default but can be added
via Scripting
92 SOR-E-ii-10G Switch 53 Switch Support Max 64VRF Switch Support Max 16VRF No implementation requires such high VRF As per RFP
Scale most of time 8 to 16 VRF Suffice
93 SOR-E- i- Rack Server > S. No 1 50 Server should be a vSAN certified ready node We request to remove this clause as this is Vendor Specific. As per RFP
94 SOR-E- i- Rack Server > S. No 2 51 The OEM for the proposed server must be in Leaders quadrant in MQ retired and not even valid since last 2 years. We request Already Clarified above
the last two Gartner’s report of “Magic Quadrant for Modular to remove this clause.
Servers”
96 Software defined Storage For DR > S. 57 The solution should provide unified and centralized software Vendor Specific and if you search for it on internet using the As per RFP
No. 1 defined platform that intergates market leading compute, red highlighted font, you will reach the vendor in question
storage, networking and security virtualization into a site/documentation
common platform to deliver enterprise-ready cloud
infrastructure for the private and public cloud.
99 Software defined Storage For DR > S. 57 The solution should provide broad ecosystem to flexibly deploy Vendor Specific and if you search for it on internet using the Refer Corrigendum-II
No. 4 on premises on certified hardware from major OEM vendors red highlighted font, you will reach the vendor in question
or run it as a service from AWS or from a selected number site/documentation
of Cloud Providers.
102 Server Virtualization > S. No. 8 57 Solution should include compute Virtualization layer that sits Vendor Specific and if you search for it on internet using the Refer Corrigendum-II
directly on the bare metal server hardware with no dependence red highlighted font, you will reach the vendor in question
on a general purpose OS with features like proactive HA, DRS, site/documentation
agentless anti - malware/anti-virus, HIPS integration, replication,
fault tolerance with continuous availability of VMs with zero
downtime and zero data loss, hot add of CPU, memory, devices
for windows as well as linux VMs, VM level encryption, secure
boot, vMotion within and across datacenter at geographical
distance (<100ms latency), distributed virtual switch, kernel
embedded network and storage virtualization technology
109 Storage Virtualization > S. No. 10 57 Should include storage virtualization /HCI software supporting all Vendor Specific and if you search for it on internet using the As per RFP
flash nodes which is Hardware independent to provide flexibility red highlighted font, you will reach the vendor in question
of choosing hardware from any server manufacturer & should site/documentation
support mixing of different compatible Server brands in same
Cluster. It should work on mutually certified hardware of any
vendor like dell, HP, Cisco, Lenovo, Hitachi etc. Compatibility
certification should be publicly endorsed by both, i.e. hardware
OEM & Hyper Converged Software OEM.
115 Network Virtualization> S. No. 18 58 The network virtualization should provide distributed in-kernel Vendor Specific and if you search for it on internet using the Refer Corrigendum-II
routing (OSPF & BGP), VXLAN based logical virtual switching, NAT red highlighted font, you will reach the vendor in question
function, server load balancer, Software L2 bridging to physical site/documentation
environments, L2 & L3 VPN services, distributed L2-L4 stateful in
kernel firewall at vNIC level and at a very granular level based on
constructs such as MAC, IP, Ports, vCenter objects and tags, active
directory groups, Security Groups and Security policies which
must follow the VM in the event of migration (i.e. live migration)..
121 Network Virtualization> S. No. 19 58 The solution should be capable to provide agentless guest Vendor Specific and if you search for it on internet using the As per RFP
introspection services like Anti-Malware etc and Network red highlighted font, you will reach the vendor in question
introspection services like IPS/IDS, edge load balancing, multi-site site/documentation
networking (Layer 2 extension) irrespective of underlying physical
topology for active DC & DR purposes, container network and
security for container to container L3 networking and micro
segmentation for microservices etc
126 Network Virtualization> S. No. 20 58 Solution provide traffic visibility (IPFIX), end point monitoring for Vendor Specific and if you search for it on internet using the Refer Corrigendum-II
visibility up to layer 7 for network monitoring and automating red highlighted font, you will reach the vendor in question
application security rules, firewall planning & management, site/documentation
network virtualization operations & troubleshooting tools
129 Network Virtualization> S. No. 21 58 The solution should have the ability to deliver end to end security Vendor Specific and if you search for it on internet using the As per RFP
for all applications by delivering network-level micro- red highlighted font, you will reach the vendor in question
segmentation, distributed firewalls, load balancers, virtual site/documentation
routers, virtual switches and VPN,
Firm-5: Vehere Mannu Kalra: [email protected]
SN Page No Clause No. Clause in the RFP Query
1 41 Packet Capture: SN#1 Perform Full Packet Capture of network traffic with zero packet Please clarify if incident investigation shall be on a per-incident Already Clarified above
loss. Support the retrieval of relevant packets to a cyber security basis or, can be multiple incidents being explored at the same
incident. time. If there's a possibility of multiple incidents being
explored at the same time, related explorations and retrievals
should be supported as such.
2 41 Packet Capture: SN#2 Support importing archived PCAP files for analysis, Support Request please clarify the nature of structure and Clarification: Refer RFP
importing other structured and unstructured content for unstructured content that is likely to be ingested for analysis. specs
analysis Kindly clarify of the Packet Capture tool is to include an ETL
facility to support importing of supplemental data such as
IPDR.
3 42 Packet Capture: SN#4 Highlight potentially malicious or suspicious content,Allow for Kindly clarify if incident assignment is to be driven by the Clarification: Refer RFP
assigning security analysts to specific security incident central pane-of-glass (SIEM) or, Packet-Capture? Packet- specs
investigations Capture tool based event discoveries should be forwarded to
SIEM which should take care of workflow and task
assignments. Anyway, the point #5 solicits SIEM integration.
4 42 Packet Capture: SN#5 Solution should generate a whitelist policy based on real-time Security is getting paranoid to a point of being zero-trust. It is As per RFP
application behavior and keep the policies up-t-date as our opinion that this requirement of whitelisting applications
applications evolves and more applications are added and not only creates integration challenges and security posture
modified. It should enforce the generated application whitelisted gaps, it opens the environment to more risk by use of any form
policy consistently across bare-metal, virtual and container of whitelisting. Therefore, we request this requirement to be
workloads. It should track policy compliance. dropped. Let the system monitor 100% of network traffic and
flows without any bias.
5 42 Packet Capture: SN#10 Should be able to support integration with Endpoint This requirement prohibits worthy vendors of competing and Already Clarified above
Management/EDR solution for remediation endpoints via single reduces on Railtel's leverage to negotiate for a better
agent EDR and Anti-virus solution.The AV and EDR must be from technology to be delivered as it favors only one vendor. Aside
same OEM. Provided AV must be in leaders Gartner Quadrant. to that it presents a security risk - One vendor, one solution,
one threat-intelligence feed. What one misses, the other
misses too. Adding external threat intelligence sources for
detection implies additional cost over and above the cost of
solution.
It's a sure win-win for the vendor but not for the buyer. A
better strategy is to as for a standards (STIX) based integration
with a competent EDR technology. Two products - not all eggs
in one basket. Allows for the buyer to best negotiate for
technology on merit and has open integration interfaces for
better utility over a long period.
6 42 Packet Capture: SN#14 The solution should support - classification from more than 3000 May we request Railtel to stregthen this clause by ensuring As per RFP
protocols/applications(natively without writing any custom that the OEM is the owner of this technology piece too. After-
parsers) and thousands of descriptive, metadata attributes, all, the Deep Packet & Payload Inspection lends the Packet
including content types, file names, and more - for easy analysis Capture technology one of its most important capability to
and recall without writing any custom parsers. quickly determine activities of interest that an analyst may
want to investigate. Ownership with the OEM ensures better
control over what you want detected and decoded and not
what the DPI vendor provides.
7 42 Packet Capture: SN#17 Root Cause Explorer Features - Automates tracing of HTTP Realistically, how much clear-text traffic do we see? It's better As per RFP
referrer chains that can significantly reduce time to search for to have a solution that allows exploration of root-cause using
related preceding sessions. much contemporary technologies such as graph analysis - It is
application agnostic and provides compelling insights upfront.
8 42 Packet Capture: SN#19 Should support Integration With Endpoint Detection and Again a repeat of point #10. This ensures that only a single As per RFP
Response (EDR) technology as proposed in the RFP which should vendor wins this requirement. The clause prohibits offering of
remediate and blacklist the suspicious/malicious files in entire equal opportunity to competent technology providers and
network with one click from same console. The AV and EDR must must be taken off along with point #10.
9 42 Packet Capture: SN#22 The solution should support network anomaly detection that Statistical anomaly is history. Modern analytics use As per RFP
performs statistical analysis on captured data and alerts on unsupervised ML algorithms to model network behavior and
anomalous behavior. It should support pivot from the alert to an discover anomalies on multiple vectors not just statistical
investigation view, where details around anomaly are available counters. Request that this clause may be eliminated as SIEM
for analysts review. can meet these requirements.
10 42 Packet Capture: SN#25 Should Identify the source of an attack Are you looking at attribution to the last known endpoint or, As per RFP
simply detection of Source IP Address? Request please clarify.
11 42 Packet Capture: SN#26 Solution must perform flow generation and analysis and must Request please clarify if the buyer wants to procure a flow- As per RFP
perform aggregation of all traffic pertaining to single session with based capability besides the ability to capture full packets. If
a single flow records. yes, kindly state the performance expectations for flow
ingestion.
12 43 Packet Capture: SN#34 The solution provided for SSL decryption must support 78+ This requirement along with requirement #10 and, 19 hands Already Clarified above
Ciphers and TLS 1.3. The packet capyure tool and SSLVA must be over at-least three technologies to one vendor alone and
from same OEM. eliminates competition.
We request that the requirements from #27 till #34 be

dropped as SSL isn't just one encryption technology being
used. Modern perpetrators are stealthy and use data masking,
code-caving, custom ciphers, using SSH, IPSec (inbuilt into
IPv6) for malicious activities to which this solution offers no
visibility at-all.
13 43 Packet Capture: SN#38 The Solution should include 3 yrs. Of Subscription Kindly clarify if this is support term expectation or, subscription Clarity: Both
to something else? Subscription and
Support for 3 yrs.
FIRM-6: RAH Infotech Pvt Ltd
S.N. RFP Document Reference Section No., Content of the RFP require Clarifications Suggested Clauses
Page No.) clarification
SOR-A Web Application Firewall
1 SOR-A:Web Application Firewall, Page The solution's monitoring The WAF should be deployed in Reverse Proxy mode in order to The solution's monitoring appliance must be able to support Refer Corrigendum-II
No. 13 appliance must be able to provide maximum level of security. However there should be ALL of the following deployment modes to monitor web
1 support ALL of the following mechanism to have the WAF placed on OOP or SPAN port to application traffic over the network:
deployment modes to monitor enhance the traffic baseline initially before deploying in actual - Via a SPAN/TAP port sniffing mode
web application traffic over production. - Reverse Proxy mode
the network: - Out Of Path Mode
- Via a SPAN/TAP port sniffing
mode
- Layer-2 transparent inline
mode
- Reverse Proxy mode
- Transparent Layer-2 Reverse
Proxy mode
2 SOR-A:Web Application Firewall The solution must provide theThis clause talks about strengthning the SSL security, We would The solution must TLS1.3 version and ECC Ciphersuite. Already Clarified above
Page No. 15 ability to comply to A+ recommend to simplify this clause and ask for the support of ECC
18 Certification at the click of a
and Latest TLS version i.e. TLS 1.3 support. One can achieve A+
button with numeric score of greater than 80, with TLS1.3 you can go
beyond that.
3 SOR-A:Web Application Firewall The solution must have a We recommend to go for behavioral based technology that does The solution must have positive and negative security models Already Clarified above
Page No. 15 database of minimally 6000+ not rely on the number of signatures, as the spectrum for designed to detect known and Unknown attacks on web
22 signatures that are designed Application attacks cannot be mitigated with 6000 signatures. applications.
to detect known problems and Hence we would recommend the combination of Positive and
attacks on web applications. Negative security model.
4 SOR-A:Web Application Firewall The solution must support the The solution should not be dependent on 3rd party web The solution must support Autamated Patching of Refer Corrigendum-II
Page No. 19 web application vulnerability application vulnerability assessment tools for virtual patching. The Vulnerabilities without any manual intervention OR integration
101 assessment tools (Web process should be Inbuilt and without any manual intervention with web application vulnerability assessment tools (Web
application scanners in the device should be able to patch the vulnerabilities with auto application scanners in Leaders of Latest Gartner Magic
Leaders of Latest Gartner policy generation, hence we request to ammend this clause. Quadrant Application Security Testing) to virtually patch web
Magic Quadrant Application application vulnerabilities.
Security Testing) to virtually Like:-
patch web application - Acunetix
vulnerabilities. - Beyond Security
Like:- - Cenzic
- Acunetix - Denim Group
- Beyond Security - HP Fortify WebInspect
- Cenzic - IBM AppScan
- Denim Group - NT OBJECTives
- HP Fortify WebInspect - Qualys
- IBM AppScan - Rapid7
- NT OBJECTives - Trend Micro
- Qualys - Veracode
- Rapid7 - WhiteHat
- Trend Micro
- Veracode
- WhiteHat
5 SOR-A:Web Application Firewall The solution must be a Leader Please relax this clause to allow maximum participation The solution must present in the latest Gartner Magic Refer Corrigendum-II
Page No. 19 or Challenger in the Gartner Quadrant of Web Application Firewalls
103 Magic Quadrant of Web
Application Firewalls
2017/2018/2019
6 SOR-A:Web Application Firewall System must have The traffic ports requirement is not Inline with throughput asked System must have minimum(fully populated) 6 x10G SFP+ Already Clarified above
Page No. 20 minimum(fully populated) 6 for WAF i.e. 2 Gbps only. As per specifications 2X40G ports have Ports from day 1 scalable to 12 x 10G ports. Populated Optics
109 x10G SFP+ Ports and 2 x 40G been asked which comes to 80G of combined capaciy. Seems to should be Multimode.
ports. Populated Optics should be a typo error. Requesting to ammend the same
be Multimode.
7 SOR-A:Web Application Firewall the proposed appliance should The DDoS attacks can be of any type like ack flood,ICMP the proposed appliance should have Advanced Denial of As per RFP
Page No. 20 have capability of Hardware flood,IGMP flood etc. Hence the solution should have advanced Service mechanism to mitigate the DDoS attacks.
109 based DDOS protection up to DOS protection to protect from every type of attack.
50M Sync Cookies per second
8 SOR-A:Web Application Firewall The proposed hardware It is not recommended and not a industry standard hence should Remove this clause Refer Corrigendum-II
Page No. 20 should include a LCD panel be removed. The device should support very granular reporting
110 which should support mechanism that will help to identify the root cause of the issues.
Configuration for Initial With LCD display its not possible.
Management IP address and
display all the error and
information corresponding to
hardware & software without
logging into the appliance.
9 SOR-A:Web Application Firewall Should support client Please generalise this clause. The solution should support Front end and Backend SSL Tunnel Already Clarified above
Page No. 20 certificate constrained to provide end to end Secure SSL tunnel.
123 delegation (C3D) which will
enable the Load balancing
solution to generate
certificates on behalf of clients
and pass it to the end servers
if SSL based client
authentication has been
enabled on the backend
servers .
10 SOR-A:Web Application Firewall The proposed appliance should We recommend to include ECC TPS as a capacity parameter as The proposed appliance should support up to 30K SSL CPS and As per RFP
Page No. 20 support up to 35K SSL TPS with with TLS 1.3 RSA has been discontinued. 20K SSL CPS on ECC with dedicated hardware SSL card.
123 Dedicated SSL Offloading Chip.
TPS = Only one HTTP
transaction over each new SSL
handshakes per second,
without session reuse and
using a 2048 bit key SSL
Certificate.
11 New Clause Request New Clause Request The solution should support next generation features like Suggested Clause: As per RFP
Virtualization that can that virtualizes the Device Should be appliance based solution with purpose built
resources—including CPU, memory, network, and acceleration hardware for high performance with Virtualization feature that
resources to provide complete separate environment from virtualizes the Device resources—including CPU, memory,
applications and management perspective. network, and acceleration resources.
This gives the IT/Operations team the flexibility to test any
application functionality through server load balancer before Each virtual ADC instance contains a complete and separated
actual deployment without an Impact on production environment of the Following:
environment. a) Resources,
All the virtual instance on the appliance can run different OS b) Configurations,
which means you can easily boot any instance without impacting c) Management,
other instances, hence ensuring maximum uptime for the critical d) OS
applications.
The proposed device should support 30 virtual instances.
SOR-B Backup
1 Backup Software Page 22 Solution must support Guest-Level Virtual Environments including Solution should be able to capture APPS and DB's running on As per RFP
Citrix XenServer, Kernel- based Virtual Machine (KVM), Oracle VM top of Guest VM's. & should capture full VM and recover on
and Red Hat Virtualization Vmware and also on Cloud Platform.
2 Backup Software Page 22 Solution must support back agents Including Microsoft Windows Solution must support back agents Including Microsoft Already Clarified above
(Windows Server, Hyper-V, Exchange, SQL), Linux and macOS Windows (Windows Server, Hyper-V, Exchange, SQL), Linux.
4 Backup Software Page 23 Solution should be able to access data from a variety of operating Solution should be able to access data from a variety of Already Clarified above
systems including Microsoft Windows, Linux, Unix, and Mac OS. operating systems including Microsoft Windows, Linux, Unix.
5 Backup Software Page 23 Solution must support Advanced sharing of different media across Requesting the committee to exempt this clause as the Already Clarified above
the environment (disk, tape and optical). appliance will have embedded deduplication and compression
and can store data for years.
6 Backup Software Page 23 Solution must support multiple level of backups including full, Requesting the committee members to look into VDP As per RFP
incremental and differential backups including the Virtual backups technology as it has Initial full with forever incremental backup
technology and will create PIT synthetic full, which can capable
of restoring data from any point in time. Hence does not need
differnictal backup.
7 Backup Software Page 23 Solution must be able to perform Source (Client) & Target (Backup As the solution already has incremental backups , it would be Already Clarified above
Server) base block-level deduplication without requiring suitable not to have client level deduplication as it might cause
expensive and proprietary disk appliances. performance issues on client.
8 Backup Software Page 24 Solution should offer automatic software updates and access to Solution should let the admin to plan and upgrade to avoid any As per RFP
new features included with annual subscription. backup failure and all upgrades withour any additional cost
and will get alerted when there is a new version available.
SOR-D-iv VAPT
1 VAPT Page 49 Reporting and Schedules Need more clarity on maintenance window As per RFP
must be able to auto start,
auto pause, auto resume and
auto cancel to suit a
maintenance window if
required
2 VAPT Page 49 Solution should allow users to Need more clarity on what all customizations are required. Refer Corrigendum-II
customize the dashboard
3 VAPT Page 49 The Solution must provide Need more clarity. Can the ticketing tool be integrated with the As per RFP
inbuilt ticketing for VM tool to address the requirement.
vulnerability status monitoring
4 VAPT Page 50 The solution must automates Please provide more clarity on policy life cycle management. Refer Corrigendum-II
policy definition and policy life
cycle management
SOR-D-i SIEM
1 SIEM Page 29 The solution must be a Leader Requesting the technical committee to please exempt this Already Clarified above
in the Gartner Magic Quadrant clause under Make in India.
of Security Information and
Event Management (SIEM)
2017/2018
2 SIEM Page 30 The Bidder will give the Requesting the committee members to change this cluase Refer Corrigendum-II
hardware sizing for the EPS from Technical Specification part to Bidder Responsibilities.
count required since the
solution is software based.
3 SIEM Page 30 The solution must support Requesting the committee to provide more clarity on the same As per RFP
the detachment of selected
dashboards from the UI for
use in SOC or NOC
deployments.
4 SIEM Page 30 The solution should support Requesting the committee to provide more clarity on the same As per RFP
the ability to modify
communications ports
between components from
a central location.
5 SIEM Page 32 The solution should block- Please elaborate Already Clarified above
signs events with a digital
signature to demonstrate
integrity of the indexed data
6 SIEM Page 36 The solution must offers Requesting the technical committee to exempt this clause as Already Clarified above
multiple SDKs written on top every SIEM tool will have their own backend API's to work on
of the API for: or rephrase the same to Python/Java/Javascript/PHP/Ruby/C#
Python
Java
JavaScript
PHP
Ruby
C#
7 SIEM Page 36 IT Operations Requesting the committee to provide more clarity on the same. As per RFP
8 SIEM Page 36 Application Management Requesting the committee to provide more clarity on the same. As per RFP
9 SIEM Page 36 Web/Digital Intelligence Requesting the committee to provide more clarity on the same. As per RFP
10 SIEM Page 36 The solution must support a Requesting the committee to provide more clarity on the same. Clarification: Details
single solution to support all given in the RFP specs.
the data needs of different
users, roles, and
departments across the
organization
11 SIEM Page 40 The solution may support SIEM Solution should be able to take logs from As per RFP
information collected from custom/proprietary applications and parse the raw log by
proprietary applications. developing parsers for the same
12 SIEM Page 41 Packet Capture Requesting the Technical Committee to change this from SIEM Already Clarified above
perspective to PCAP tool as PCAP tools and SIEM tools are
different and getting this into one consolidated solution makes
it OEM Specific.
SOR-C-ii UTM
1 UTM Page 26 The Firewall solution should Requesting the Committee to change the same to The Firewall Requesting the committee to exempt DNS64 as this will be Refer Corrigendum-II
support NAT64, DNS64 & solution should support NAT64, DHCPv6 OEM specific
DHCPv6
2 UTM Page 28 The management platform The management platform must be accessible via a web-based Requesting the committee to exempt this as this is OEM Refer Corrigendum-II
must be accessible via a web- interface and/or with additional client software specific
based interface and ideally
with no need for additional
client software
SOR-C-iii Firwall Manager

1 Firewall Manager Page 28 The management platform The management platform must be accessible via a web-based Requesting the committee to exempt this as this is OEM Already Clarified above
must be accessible via a web- interface and/or with additional client software specific
based interface and ideally
with no need for additional
client software
2 Firewall Manager Page 28 The management platform The management platform must have 1 x 2TB hot swap HDD and Requesting the committee to provide the storage As per RFP
must be able to store record of 32 GB RAM from day 1. requirement.
15000 user or more
FIRM-9: Check Point Software Anuj Madan: [email protected]

Technologies, Ltd.
SOR-C –ii - UTM:
SN Minimum Requirement Description Check Point's comment & revised specification Remarks
1 The solution must be present as Leaders in latest Gartner’s As per RFP
Magic Quadrant for Enterprise Firewall
2 The UTM/NGFW should be Hardware based and enterprise Already Clarified above
class (complete control from GUI as well as CLI)
3 UTM appliance should have at least 04 x 10/100/1000 GE RJ45 Already Clarified above
ports and 4 x 1GE SFP ports with fully populated from day one
4 UTM appliance must have separate SYNC and

management ports other than the above mentioned ports.
5 Firewall should provide at least 4 Gbps of NGFW/ Threat Already Clarified above
Prevention Real world performance (includes FW,
Application Visibility, IPS & Anti-Malware) from day one.
6 UTM/NGFW appliance should have at least 32 GB RAM or Already Clarified above

higher
7 UTM appliance should have a on device storage of min
200GB to be able to hold multiple OS images, logs,
backups etc
8 Firewall should support 20,000 new sessions per second or
more
9 Firewall should support 2 Million concurrent sessions
10 The UTM appliance should be Rack Mountable, not Already Clarified above
exceeding 1U with redundant power supply fully populated
from day one and should have hot-swappable fan
tray/module
11 The Firewall solution should support NAT64, DNS64 & The Firewall solution should support NAT64 & DHCPv6 Pls remove DNS64 Already Clarified above
DHCPv6
12 Firewall should operate in Route mode and transparent
mode
13 The appliance should support Link aggregation (IEEE
802.3ad) technology to group multiple physical links into a
single logical link of higher bandwidth and link fail over
capability
14 The proposed system should have integrated Traffic
Shaping / Rate-Limit functionality.
15 Support multiple firewall domains/instants/context /zone or
more
16 Certified by ICSA 4.1x OR EAL4 OR NDPP
17 Internationally accepted marked/Certified like RoHS,
UL/CUL, FCC,CE,..etc.
18 The system should inherit all the standard RFC’s.
19 Firewall should be either IPv6 Ready Logo certified / FIPS/
USGv6 or equivalent
20 Should facilitate to apply policy like IPS, Content filtering,
Traffic shaping/Rate-Limit & policy based routing decision
21 User authentication facilitated by services like LDAP and

RADIUS/AD.
22 Management over GUI using HTTPS or equivalent secure
mechanism, SSH and console access.
23 Management access control using Profile/Role based for
granular control.
24 Configuration backup and restore on to/from a remote
system via GUI/CLI over HTTP/SSH/TFTP or equivalent.
25 Support configurable option for E-mail or SMS alerts (Via

SMS gateway) incase of any event trigger.
26 Firmware/OS/software updates via Web UI / TFTP or
equivalent and should support version roll back
functionality.
27 All SNMP versions support (v1, v2c and v3).
28 Support IEEE 802.1q (VLAN Tagging) and VLANs on all
interfaces with at least 1024 VLANs
29 Dynamic Routing (RIPv2, OSPF, OSPFv3, BGP4, BGP with
IPv6), Static Route, Policy Based Routing, Multicast
Routing
30 Support DHCP relay, DNS client and NTP client; Firewall as
security appliance should not use DHCP and should have
static ip address
31 Support NAT (SNAT and DNAT) with following modes
Static, Dynamic, PAT and IPv6 to IPv4 (vice versa).
Intrusion Prevention System
32 The IPS capability should have NSS, ICSA or other
equivalent Certification
33 The IPS detection methodologies should consist of:
a) Signature based detection using real time updated
database
b) Anomaly based detection that is based on thresholds
34 The IPS should be able to inspect SSL sessions by

decrypting the traffic
35 The IPS system should have at least 25,000 signatures with Already Clarified above
support for custom IPS signatures
36 IPS Signatures should be updated in different ways:
manually, via pull or push technology. Administrator should
schedule to check for new updates or if the device has a
public IP address, updates can be pushed to the device
each time an update is available
37 IPS signatures should have a configurable actions like
terminate a TCP session by issuing TCP Reset packets to
each end of the connection, or silently drop traffic in
addition to sending an alert and logging the incident
38 Signatures should have severity level defined to it so that

the administrator can understand and decide which
signatures to enable for what traffic (e.g. for severity level:
high medium low)
39 Solution should be able to detect & Prevent the Bot
communication with C&C
Web Content Filtering & Application Control Features:
40 URL database should have at least 200 million+ sites and Already Clarified above
50 + categories.
41 Support for geographical based filtering like country level
TLD etc.
42 The appliance should have 3000 or more application
signatures database
43 Should have the intelligence to identify & control of popular
IM & P2P applications like KaZaa, Bit Torrent, Skype, You
Tube, Facebook, LinkedIn etc.
User Authentication
45 The proposed solution shall be able to support various form
of user Authentication methods simultaneously , including:
a) LDAP server entries

b) Native Windows AD (Single sign on capability)
46 Firewall should support the system authentication with
RADIUS and local authentication. Both should work
simultaneously.
High Availability
47 System should have built-in high availability (HA) features
without extra cost/license or hardware component from day
one
48 Should support state full session maintenance in the event
of a fail-over to a standby unit.
49 High Availability feature must be supported for either
NAT/Route or Transparent mode
50 High Availability Configurations should support Already Clarified above
Active/Active / Clustering, Active/ Passive
Management, Logging and Reporting
51 The system would be managed centrally using a web-based
console that allows system monitoring, software updates,
client configuration.
52 The management solution must offer console capability for
managing the logs, policy, reporting and various features of
the UTM.
53 Logging and Reporting up to layer 7 traffic details (firewall
policy level, denied traffic details etc.)
54 Should provide log report in Web/GUI /dashboard based
format with detailed information categorized by
IP/Application/Port/Protocol etc., able to forward logsto
syslog server and sending schedule reports and send via
email.
Anti-virus, Anti-bot & Advance Persistence Threat
Solution
55 Should provide protection against zero-days, Trojan, worms
or any other malicious content in traffic like SMTP, SMTPs,
POP3, POP3s, IMAP, IMAPs, HTTP, HTTPs, FTP, FTPs
etc. and must be configurable/applicable on specific firewall
Policy
56 Remove buffering, it will introduce latency and impact user
experience. All gateway level solution are flow
57 Should have option to respond to malicious detection like
delete/quarantine the file or block the connection and send
notification via e-mail/SMS.
58 For antivirus based solution AV signature database of Already Clarified above
proposed solution should comprise of up to date list of
signatures of virus, malwares, spyware etc and other
59 Should be able to block or allow oversize file based on
configurable thresholds
60 Firewall must include Anti-bot capability using IP reputation
DB, terminates botnet communication to C&C servers also.
Support and Warranty

61 Comprehensive onsite hardware warranty for 3 years with
Next business Day (NBD) resolution.
62 Online upgrade the version of firmware/software/patches as
and when required.
63 Telephonic support with call logging mechanism should be
provided on 24x7x365 basis.
64 Provide confirmation letter for license (if any) subscription
for 3 years. License applicable from day one.
65 All the technical specifications mentioned above must be

available from day one
Other Requirements
66 For all requirements listed above, the necessary cables,
connectors, external software media, manuals or any other
hardware and software must be provided along
SOR-C –iii – Firewall Manager:

Minimum Specification requirement
1 The management platform must be accessible via a web-based The management platform must be accessible via a web-based This is specific to one OEM. Pls change. Already Clarified above
interface and ideally with no need for additional client software interface and/or with additional client software
2 The management platform must be a dedicated OEM appliance Already Clarified above
and VM running on server will not be accepted
3 The management appliance should have 2 x 1G port and Already Clarified above
4 The management platform must be able to store record of 15000 The management platform must have 1 x 2TB hot swap HDD Pls mention the storage requirement. Already Clarified above
user or more and 32 GB RAM from day 1.
5 The management platform must provide a highly customizable As per RFP
dashboard.
6 The management platform must domain multi-domain Refer Corrigendum-II
management
7 The management platform must provide centralized logging and As per RFP
reporting functionality
8 The management platform must be capable of integrating third Already Clarified above
party vulnerability information into threat policy adjustment
routines and automated tuning workflows
SOR-C –iii – Firewall Manager:
Minimum Specification requirement Check Point's comment & revised specification Remarks
1 The management platform must be accessible via a web-based The management platform must be accessible via a web-based This is specific to one OEM. Pls change. Already Clarified above
interface and ideally with no need for additional client software interface and/or with additional client software
2 The management platform must be a dedicated OEM appliance Already Clarified above
and VM running on server will not be accepted
3 The management appliance should have 2 x 1G port and Already Clarified above
4 The management platform must be able to store record of 15000 The management platform must have 1 x 2TB hot swap HDD Pls mention the storage requirement. Already Clarified above
user or more and 32 GB RAM from day 1.
5 The management platform must provide a highly customizable Already Clarified above
dashboard.
6 The management platform must domain multi-domain Already Clarified above
management
7 The management platform must provide centralized logging and Already Clarified above
reporting functionality
8 The management platform must be capable of integrating third Already Clarified above
party vulnerability information into threat policy adjustment
routines and automated tuning workflows
9 The management platform must be capable of role-based
administration, enabling different sets of views and configuration
capabilities for different administrators subsequent to their
authentication.
10 Should support troubleshooting techniques like Packet tracer and
capture
11 Should support REST API for monitoring and config
programmability
12 The management platform must provide multiple report output
types or formats, such as PDF, HTML, and CSV.
13 The management platform must support multiple mechanisms for
issuing alerts (e.g., SNMP, e- mail, SYSLOG).
14 The centralized management platform must not have any limit in Already Clarified above
terms of handling logs per day
15 Solution should be able to provide insights of hosts/user on basis
of indication of compromise, any license required for this to be
included from day one
16 The management platform must provide built-in robust reporting
capabilities, including a selection of pre-defined reports and the
ability for complete customization and generation of new reports.
17 The management platform support running on-demand and

scheduled reports
18 The management platform must risk reports like advanced
malware, attacks and network
19 The management platform must include an integration
mechanism, preferably in the form of open APIs and/or standard
interfaces, to enable events and log data to be shared with
external network and security management applications, such as
Security Information and Event Managers (SIEMs), and log
management tools.
20 Comprehensive onsite hardware warranty for 3 years with Next
business Day (NBD) resolution.
21 Online upgrade the version of firmware/software/patches as and
when required.
22 Telephonic support with call logging mechanism should be
provided on 24x7x365 basis.
23 Provide confirmation letter for license (if any) subscription for 3
years. License applicable from day one.
24 All the technical specifications mentioned above must be
available from day one
25 Solution should be able to manage vFirewall and UTM mentioned
in SOR
FIRM-10: CCS Computers Pvt. Ltd. Rana Kumar: [email protected]
SOC
SN Page No. Heading Point Description Query Recommendation/Suggestion
1 13 Chapter 3A, Pt 2 Bidder should have backend tie-ups with the respective OEMs to Does this mean that OEM PS would be doing the OEM authorized partner shall do the Refer Corrigendum-II
provide required technical support along with OEM professional implementation implementation
services for the supplied Hardware, Software, Network
equipment and Network & Security software for their installation,
configuration, fine-tuning, integration with existing components
and commissioning to meet the functional requirements. OEMs
shall also be responsible for successful implementation and
system operations.
2 29 SOR-D-i-SOC, Pt 1 The solution must be a Leader in the Gartner Magic Quadrant of this should allow atleast last 3 or 5 years gartner report or it The solution must be a Leader in the Gartner Refer Corrigendum-II
Security Information and Event Management (SIEM) 2017/2018 should allow both leader & challenger quadrant solution Magic Quadrant of Security Information and
Event Management atleast once in last 5 years
3 29 SOR-D-i-SOC, Pt 3 The proposed solution should be able to handle 10,000 sustained As in ArcSight SIEM, flows are also considered under EPS The proposed solution should be able to handle Refer Corrigendum-II
EPS & 5000 Flows/sec from day one and scalable to 80,000 EPS. licensing only. So whether solution needs to be proposed 10,000 sustained EPS.
including flows for 10000 EPS license or 15000 EPS license.
4 31 SOR-D-i-SOC, Pt 4 (Operational The solution must support the automatic update of configuration Do we mean software patches updates as well by this point. Either this point should be deleted or should be Refer Corrigendum-II
Requirement) information with Here as per industry best practices, it is never recommended updated as " The solution must support the
minimal user intervention. For example, security taxonomy to put your SIEM solution to a direct internet acess. automatic update of configuration information
updates, vendor rule via a centralized management console with
updates, device support, etc. Also detail the features that are minimal user intervention. For example,
updated. security taxonomy updates, vendor rule
updates, device support, etc. Also detail the
features that are updated."
5 31 SOR-D-i-SOC, Pt 4 The solution must provide browser-based UI access for end users As ArcSight correlation solution works with thick client based This point should be modified as "The solution Refer Corrigendum-II
(Architectural Requirement) (does not require UI for advanced level analysis and content creation. Also must provide browser-based/thick client UI
thick client) ArcSight command centre is used for management and access for end users"
monitoring through browser based web UI.
6 33 SOR-D-i-SOC, Pt 8 (Log The solution should support longterm access to detailed security Please specifiy the X I.e. exact no of months for both online 3 months online and 1 year offline Already Clarified above
Management Requirement) event and, if and offline log retention
available, network flow data. The system should be able to
provide access to at
least x months worth of detailed information.
7 33 SOR-D-i-SOC, Pt 9 (Log The solution should capture flow information from multiple This point is part of packet capture solution so should not be This point should be deleted. Refer Corrigendum-II
Management Requirement) network points. Solution part of SIEM solution.
should support Network traffic collected via TAP, SPAN, and/or
Mirror.
8 37 SOR-D-i-SOC, Pt 9 (Correlation The solution proposed should provide capability to add the Are the following systems existing in Railtel or it is mentioned Already Clarified above
& Alerting) following systems for from future roadmap perspective.
effective incident detection and correlation post completion of
the SIEM
deployment.
a) Flow based threat Detection b) User Behavior analysis c) DNS
data analysis.
9 46 SOR-D-iv- Vulnerability Vulnerability Assessment - Only Network Based The ask in RFP is only for VA of Network/host while VA/PT of Already Clarified above
Assessment applications/web servers is missing from the ask. We highly
recommend that it should also be part of RFP ask.
FIRM-12: Hitachi Systems Jay ShankarSingh: [email protected]
SN RFP Page No. Point/Section No. RFP Clause Bidder's Remarks

1 47 SOR-D-iv- VULNERABILITY the scanning solution must be software / appliance based, that is Tenable can be deployed in Linux flavours only. Refer Corrigendum-II
ASSESSMENT: deployable in windows and linux pla orms Therefore , as a request , please arrange to remove the Ms
platform or change the clause as-
"the scanning solution must be software / appliance based,
that is deployable in windows/linux pla orms"
2 47 SOR-D-iv- VULNERABILITY The Signature database must be exportable to CSV, PDF etc Every OEM has different way of exporting the plugins Already Clarified above
ASSESSMENT: database, We request you to change the clause as-
"The Signature database must be exportable to CSV/PDF etc"
3 47 SOR-D-iv- VULNERABILITY The solution Must allow various output formats like CSV, DOC, Tenable has multiple reporting format like PDF, CSV, Richtext Already Clarified above
ASSESSMENT: HTML, PDF, XML etc and cyberscope. We requesy client to change the clause as-
"The solution Must allow various output formats like CSV/
DOC/ HTML/PDF/XML etc"
4 47 SOR-D-iv- VULNERABILITY The Solution must identify the critical vulnerabilities to prioritize Tenable as a OEM has the maximum number of Vulnerability As per RFP
ASSESSMENT: remediation coverage and as a policy Tenable (R &D)first inform the zero
iii) Identify vulnerabilities with zero day day vulnerability to the respective OEM and don’t declare it
publicly as its likely to be exploited if OEM is not ready with
the solution/Patch. So we request customer to remove the
clause pls.
5 47 SOR-D-iv- VULNERABILITY Tenable as a OEM has the maximum number of Vulnerability As per RFP
ASSESSMENT: The Solution must identify the critical vulnerabilities to prioritize coverage and as a policy Tenable (R &D)first inform the zero
remediation day vulnerability to the respective OEM and don’t declare it
iv) Identify Zero Day vulnerabilities publicly as its likely to be exploited if OEM is not ready with
the solution/Patch. So we request customer to remove the
clause pls.
6 47 SOR-D-iv- VULNERABILITY The solution must offers integrated password management CyberArk is global leader in Privilege Identity Management Already Clarified above
ASSESSMENT: integration with PowerBroker Password Safe as well as it includes space and is more widely used in India than Beyond Trust.
a built-in third party password management connector. Request you here to include add cyberArk as well with Beyond
Trust.
7 47 SOR-D-iv- VULNERABILITY Addition of Clause OEM should be the leader as per Gartner peer Insights As per RFP
ASSESSMENT:
8 47 SOR-D-iv- VULNERABILITY 24.The Solution must perform automated Asset inventory and Since this point is refering to dedicated asset & patch As per RFP
ASSESSMENT: must be able to collect and allow searching via inventory details management solution, we request you to remove the point vi
like & vii in clause 24.
vi) Inventory of Hardware manufacturer for Host OS like
workstations, Servers and laptops
vii) Inventory of drives & file shares
9 47 SOR-D-iv- VULNERABILITY The solution Must provide a graphical, interactive and search Since this point is refering to dedicated asset & patch Already Clarified above
ASSESSMENT: friendly topology of the discovered assets management solution, we request you to remove the point.
10 15 CHAPTER-3-A Technical The solution must have a database of minimally 6000+ signatures Is the expectation by this requirement is that the proposed Already Clarified above
11 19 CHAPTER-3-A Technical System must have minimum(fully populated) 6 x10G SFP+ Ports we understand that it s a multimode SFPs that is required but Already Clarified above
12 19 CHAPTER-3-A Technical The solution must be a Leader or Challenger in the Gartner Magic Gartner report of 2019 is not yet published so the Gartner Already Clarified above
13 20 CHAPTER-3-A Technical The solution should support Unified Anti-Bot Detection and Does this clause means that a proposed WAF solution should Already Clarified above
14 20 CHAPTER-3-A Technical Should support persistence mirroring and System must support Kindly elaborate Already Clarified above
15 72 CHAPTER 4 - - - COMMERCIAL Tenderer/OEM(through its Indian subsidiary), shall be paid @ 3.5% AMC for security solution like WAF or any similar security Already Clarified above
16 NA CHAPTER-3-A Technical Additional Clause The proposed WAF solution should also have BOT Detection
Requirement - - SOR A: Web feature that have capability to identify Bot Signature + DNS
Application Firewall checks, Java script challenge + Browser Fingerprinting, Browser
Capabilities, Optional CAPTCHA, Human Detection &
Anomalies.
17 NA SIEM Query Is it required to create entire setup replica in DR for SIEM Already Clarified above
18 NA LOG MANAGEMENT Query Pls suggest the time for which log has to be sotred online and Already Clarified above
REQUIREMENT offline so that the storage/loggers can be sized accordingly
19 NA Collectors Query For the purpose of log collection, please specify if the logs to Clarification: Log
be collected are from different locations or only from the log sources can be
sources at DC ? anywhere in DC & DR.
Pls suggest the count of collectors to be factored
20 69 CHAPTER-3-C The training course to be conducted at the manufacturing We request that the traning can even be done on the product No Change, As per RFP
1. TRAINING facilities shall be designed to train the trainees in all aspects of and in live encironment so that the actual real scenario can be
System engineering, equipment operation, installation and showcased.
functional details, theory of operation of equipment, trouble
shooting and familiarization with the equipment at card and
component level. All equipment used for training shall be identical
to those quoted and supplied for site installation in hardware and
software versions.
21 89 CHAPTER-5 Delivery Period We request you to pls change the following clause to- No Change, As per RFP
Clause 4 Delivery and supervision of installation and commissioning within Delivery and supervision of installation and commissioning
120 within 200
days of issue of LOA/PO. days of issue of LOA/PO.
22 Query SOR-D-iv Query Pls sugest the count of IPs for Vulnerability Assessment Refer RFP Specs, it is
Vulnerability Assessment solution as the solution's BOQ needs to be sized accordingly mentioned clearly.
23 29 SOR-D-i – SOC: 1.The solution must be a Leader in the Gartner Magic Quadrant of We request you to change the clause as- Already Clarified above
Detailed Technical Security Information and Event Management (SIEM) 2017/2018 1.The solution must be a Leader/CHallenger in the Gartner
Specifications Magic Quadrant of Security Information and Event
Management (SIEM) 2017/2018
Or
The solution must be a Leader in the Gartner Magic Quadrant
of Security Information and Event Management atleast once in
last 5 years
24 NA CHAPTER-3-A Technical The proposed WAF solution should also have capability for BOT The proposed WAF solution should also have BOT Detection Already Clarified above
Anomalies.
1 13 Chapter 3A, Pt 2 Bidder should have backend tie-ups with the respective OEMs to Does this mean that OEM PS would be doing the Already Clarified above
provide required technical support along with OEM professional implementation
services for the supplied Hardware, Software, Network Recommendation/Suggestion- OEM authorized partner shall
equipment and Network & Security software for their installation, do the implementation
system operations.
2 29 SOR-D-i-SOC, Pt 1 The solution must be a Leader in the Gartner Magic Quadrant of this should allow atleast last 3 or 5 years gartner report or it Already Clarified above
Security Information and Event Management (SIEM) 2017/2018 should allow both leader & challenger quadrant solution
3 29 SOR-D-i-SOC, Pt 3 The proposed solution should be able to handle 10,000 sustained As in ArcSight SIEM, flows are also considered under EPS Already Clarified above
EPS & 5000 Flows/sec from day one and scalable to 80,000 EPS. licensing only. So whether solution needs to be proposed
Recommendation/Suggestion- The proposed solution should
be able to handle 10,000 sustained EPS.
4 31 SOR-D-i-SOC, Pt 4 (Operational The solution must support the automatic update of configuration Do we mean software patches updates as well by this point. Already Clarified above
Requirement) information with Here as per industry best practices, it is never recommended
minimal user intervention. For example, security taxonomy to put your SIEM solution to a direct internet acess.
updates, vendor rule Either this point should be deleted or should be updated as "
updates, device support, etc. Also detail the features that are The solution must support the automatic update of
updated. configuration information via a centralized management
console with minimal user intervention. For example, security
taxonomy updates, vendor rule updates, device support, etc.
Also detail the features that are updated."
5 31 SOR-D-i-SOC, Pt 4 The solution must provide browser-based UI access for end users As ArcSight correlation solution works with thick client based Already Clarified above
(Architectural Requirement) (does not require UI for advanced level analysis and content creation. Also
thick client) ArcSight command centre is used for management and
Request you to modify the point as "The solution must
provide browser-based/thick client UI access for end users"
6 33 SOR-D-i-SOC, Pt 8 (Log The solution should support longterm access to detailed security Please specifiy the X I.e. exact no of months for both online Already Clarified above
available, network flow data. The system should be able to Recommendation/Suggestion is 3 months online and 1 year
provide access to at offline
7 33 SOR-D-i-SOC, Pt 9 (Log The solution should capture flow information from multiple This point is part of packet capture solution so should not be Already Clarified above
Management Requirement) network points. Solution should support Network traffic collected part of SIEM solution. Request you to delete this point
via TAP, SPAN, and/or Mirror.
8 37 SOR-D-i-SOC, Pt 9 (Correlation The solution proposed should provide capability to add the Are the following systems existing in Railtel or it is mentioned Already Clarified above
the SIEM
deployment.
data analysis.
9 46 SOR-D-iv- Vulnerability Vulnerability Assessment - Only Network Based The ask in RFP is only for VA of Network/host while VA/PT of Already Clarified above
FIRM-13: M/s. Barracuda Networks Vikas Pandey: [email protected]
SOR-B: Backup Solution:

SN WAF - Minimum Requirement Query Description of requested change Justification
Description
1 CHAPTER- 2. The Quantity asked in the RFP Please Increase the Backup solutiion Quantity as 2 Units in the We understand that the solution must go for DC and DR , we Clarification: Quantity
Backup Solution as per Technical Nos. is 1, we understand that the SCHEDULE OF REQUIREMENT at Page 5 understand that there are two boxes with same configuration as per RFP. It may be
Specification given in Chapter-3A solution must go for DC and for Data Replication deploy either DC or DR.
DR , we understand that there
are two boxes with same
configuration . Kindly confirm
SOR-A:Web Application Firewall:

SN WAF - Minimum Requirement Query Description of requested change Justification
Description
1 The solution's monitoring appliance Span port WAFs: (Challenges) The solution's monitoring appliance must be able to Various For Monitoring appliance can be deployed in Bridge, We do Already Clarified above
must be able to support ALL of the Limited Blocking, Requires deployment support bridge mode . Request you to consinder the request
following deployment Reconfiguring Peer devices modes to monitor web application traffic over the network such so we can particiapte
modes to monitor web application Spanning fails under load, No as :-
traffic over the network: visibility of attacks, Lack ability - Via a SPAN/TAP port sniffing mode/Bridge Mode
- Via a SPAN/TAP port sniffing mode to modify content (cookie - Layer-2 transparent inline mode
- Layer-2 transparent inline mode security, CSRF protection, etc.) - Reverse Proxy mode
- Reverse Proxy mode So Span port deployment is - Transparent Layer-2 Reverse Proxy mode
- Transparent Layer-2 Reverse Proxy good for POC's only. Request
mode you to please remove SPAN
port / TAP mode from RFP.
2 The solution must support the Please add 2FA (RSA) for The solution must support the following authentication Addting 2FA (RSA) for management gives more security As per RFP
following authentication mechanism management as well mechanism for accessing the solution
for accessing the solution management UI:
management UI: - In-built authentication in the solution
- In-built authentication in the - Kerberos authentication
solution - LDAPS authentication and authorization with the following
- Kerberos authentication Windows platforms: 2003, 2003
- LDAPS authentication and R2, 2008, 2008 R2, 2012, and 2012 R2.
authorization with the following - RADIUS authentication and 2FA (RSA) for management as well
Windows platforms: 2003, 2003
R2, 2008, 2008 R2, 2012, and 2012 R2.
- RADIUS authentication
14 The solution must be able to send a Requesting you to Please The solution must be able to send a TCP RST packet to both ends This Sniffing mode feature is good for POC /Demo only , Not As per RFP
TCP RST packet to both ends of a web remove the term "sniffing of a web connection when it is deployed in the event of active recommended for Actual Deployment because of Limitation
connection when it is deployed in mode" enforcement deployment mode.
sniffing mode in the event of active
enforcement deployment mode.
15 The solution must be able to protect Yes As per RFP

both HTTP Web applications and SSL
(HTTPS) web applications.
16 The solution must be able to decrypt Yes As per RFP

SSL web traffic between clients and
web servers.
17 The solution must be able to decrypt Vendor Specific The solution must be able to decrypt SSL web traffic if appliance Requesting you to Please remove the term "Diffie-Hellman " as As per RFP
SSL web traffic that are using Diffie- deployed in transparent layer-2 mode. this is Vendor Specific , So we can Partiicipate
Hellman key exchange protocols with
the monitoring appliance deployed in
transparent layer-2 mode.
18 The solution must provide the ability " A+ Certification Button" is The solution must provide the ability to comply to A+ Certification The Term " Click of a button" is Vendor Specific. In A+ Refer Corrigendum-II
to comply to A+ Certification at the Vendor Specific , Request you Certfications can be acieved by enabiling , Which others can
click of a button to modify this Point and also delivers
remove the Term "at the click
of a Button " Achieving an A+ grade is a non-trivial task; however, it can be
done in an afternoon (even in
less than an hour) when starting from the right point.
Currently, to achieve an A+ rating with
SSL labs, a user must follow these recommendations;
otherwise the site would receive the
following grade in brackets.
• Disable SSLv3 [B] & RC4 [B/C]
• Replace any SHA1 Certs [A] and sub-2k Certs [C]
• Enable TLS_FALLBACK_SCSV [A]
• Enable HTTP Strict Transport [A]
• Enable and Prefer Perfect Forward Secrecy Compatible
Ciphers [A-]
Do not use DHE ciphers (only ECDHE). DHE ciphers will cap the
grade at [B] on
BIG-IP.
• Enable TLS1.2 [C]
• Enable Secure Renegotiation [A-]
The DEFAULT cipher string included in BIG-IP version 12.0 will
yield a B grade but offers full
hardware acceleration. To get that coveted A+ grade, an
administrator would need to have a fairly restrictive cipher list.
For example “!SSLv3:!DHE:ECDHE:RSA+HIGH” will get an
A grade on SSL labs but would require every user to have a
22 The solution must have a database of The Langaue the Vendor The solution must have a database of minimally 6000+ signatures Some Solution follows a different architecture for signatures.. Already Clarified above
minimally 6000+ signatures that are Specific , Please Modify this or Super Patterns that are designed to detect known problems we use what is called as "super patterns".. so 1 pattern would
designed to detect known problems Clause and attacks on web applications. translate into multiple patterns.. and we use a digest
and attacks on web applications. technique called DFA to process these patterns against an
incoming request.
Product efficiency should be measured by the effectiveness of
the blocking, not by number of patterns
55 The solution must support user This is Vendor Specific The solution must support user tracking using form-based Others can Achieve this via client Authentication using SSL As per RFP
tracking using both form-based and /certificate-based user authentication.
certificate-based user authentication.
d. Other (please specify). Our Web application Firewall supports Many predefined
reports such as PCI , DSS , attack summary
101 The solution must support the web Request you to Modify this The solution must support the web application vulnerability Currently our Web Application Firewall supports the following Already Clarified above
application vulnerability assessment Point assessment tools to virtually patch web application Industry Standered scanner
tools (Web application scanners in vulnerabilities.
Leaders of Latest Gartner Magic Cenzic Hailstorm v6.6 Barracuda Vulnerability Manager
Quadrant Application Security HPE Security WebInspect Cenzic Hailstorm v6.6
Testing) to virtually patch web HPE Security Fortify On Demand HPE Security WebInspect
application vulnerabilities. Like:- IBM AppScan v7.9 HPE Security Fortify On Demand
- Acunetix IBM AppScan v9.0 IBM AppScan v7.9
- Beyond Security ImmuniWeb IBM AppScan v9.0
- Cenzic ThreadFix ImmuniWeb
- Denim Group Rapid7 ThreadFix
Qualys Rapid 7
Qualys
- HP Fortify WebInspect
- IBM AppScan
- NT OBJECTives
- Qualys
- Rapid7
- Trend Micro
- Veracode
- WhiteHat
102 The solution must be able to support Request you to Modify this The solution must be able to support 4 Gbps of WAF (HTTPS) 4 GBPS will have better performance As per RFP
2 Gbps of WAF (HTTPS) throughput Point throughput
104 System must have minimum(fully Please Modifiy this Point System must have minimum ( Fully Populated ) 1 no's of The requirement is for 2 GBPS WAF throughput , Barracuda As per RFP
populated) 6 x10G SFP/SFP+ Ports Management port 10/100/1000 + 8 x GbE w/bypass SPF (MM) & 2 960 Model Can deliver 5 GBPS of thoughput with 2 * 10 Gig
and 2 x 40G ports, ( Should Option to x 10 GbE w/bypass SPF+ (MM) Ports
Select Single Mode or Multimode
Fiber Port)
105 The proposed appliance should This is Vendor Specific .. This is Please remove this point WAF throughtput Mesuirng creteria should be based on tps, As per RFP
support Hardware based HTTP Load Balancer Point cps, throughput and concurrent connections . Barracuda
Compression, that is 20GBps of Model 960 can process 50000 Transaction per second
Hardware compression from day one
106 The proposed appliance should This is Vendor Specific .. This is Please remove this point WAF throughtput Mesuirng creteria should be based on tps, As per RFP
support 20GBps of Bulk Encryption Load Balancer Point cps, throughput and concurrent connections . Barracuda
from day one Model 960 can process 50000 Transaction per second
108 The proposed solution should have This is Vendor Specific as Every Please remove this point Please remove this point from RFP to make it generic As per RFP
64bit OS architecture vendor have different OS
Architecture
109 the proposed appliance should have This is Vendor Specific , Please This is Vendor Specific , Please remove this Point from WAF RFP This is not supported by many WAF vendor, request to please Already Clarified above
capability of Hardware based DDOs remove this Point from WAF remove this from WAF RFP so Barracuda Networks can also
protection up to 50M Sync Cookies RFP comply , DDoS solution can be managed or can be installed
per second seperatly. This should not be part of WAF RFP. Please remove
this point from WAF RFP.
Syn flood attack protection is supported on barracuda WAF &
application DDoS as well.
110 The proposed hardware should This is Vendor Specific , Please The proposed hardware should include a LCD panel or option to This is Vendor specific , Please make it Generic so Barracuda As per RFP
include a LCD panel which should modify this point connect monitor and key board to configure Networks can also comply
support Configuration for Initial Management IP address and display all the error and
Initial Management IP address and information corresponding to
display all the error and information hardware & software.
corresponding to
hardware & software without logging
into the appliance.
111 The proposed appliance should be of This is Vendor Specific , Please The proposed appliance should be of 1U or 2U formfactor Please change it to 2U as some have different form factor As per RFP
1U formfactor modify this point
113 the proposed appliance should have This is Vendor Specific , Please the proposed appliance should have minimum of 240GB of SSD For historical logs SIEM / Syslog server is recommended. As per RFP
minimum of 450GB of SSD Hard Drive modify this point Hard Drive for better performmance from day one Please Modify this Point
for better performmance from day
one
115 The proposed appliance should Please Modifiy this Point to The proposed appliance should support up to 45K SSL TPS with Better Performance Already Clarified above
support up to 35K SSL TPS with 45K SSL PTB Minimum for Dedicated SSL Offloading Chip. TPS = Only one HTTP transaction
Dedicated SSL Offloading Chip. TPS = better performance over each new SSL handshakes per second, without session reuse
Only one HTTP transaction over each and using a 2048 bit key SSL Certificate.
new SSL handshakes per second,
without session reuse and using a
2048 bit key SSL Certificate.
123 Should support client certificate This is Vendor Specific , Please Web Application Firewall supports Online Certificate Status This is vendor specific. Request you to please Modify this point Refer Corrigendum-II
constrained delegation (C3D) which modify this point Protocol (OCSP) and Certificate Revocation Lists (CRLs) to so others can qualify
will enable the Load balancing determine the current status of client digital certificates.
solution to generate certificates on
behalf of clients and pass it to the end
servers if SSL based client
authentication has been enabled on
the backend servers .
124 Should Support Active/Standby, Term "N+1" This is Vendor Should Support Active/Standby, Active/Active or N+1 Term "N+1" This is Vendor Specific and is good for virtual WAF As per RFP
Active/Active & N+1 Specific and is good for virtual deployment , Please modify this point so others comply
WAF deployment
126 Should have active-active and active- This is Vendor Specific , Please Should have active-active and active-backup high availability with As per RFP
backup high availability with TCP/IP modify this point TCP/IP connection mirroring or SSL Connection mirroring for SSL
connection mirroring as well as SSL connections or session state failover that are
Connection mirroring for SSL terminated/offloaded on the Web Application Firewall. Hence old
connections that are connection should not fail or forced for SSL renegotiation esp for
terminated/offloaded on the Server applications for which the WAF is doing SSL offloading.
Load Balancer . Hence old connection
should not fail or forced for SSL
renegotiation esp for applications for
which the server load balancer is
doing SSL offloading.
127 Should support persistence mirroring This is Vendor Specific , Please Should support interactive Layer 7 health checks for the Please Modifiy this point so others can comply Already Clarified above
and System must support interactive modify this point application availability
Layer 7 health checks for the
application availability
134 The proposed WAF should support Please Modify this Point The proposed WAF should support ICAP, the security protocol for Please Modfy this point so others can Comply As per RFP
ICAP, the security protocol for sending and receiving uploaded files for antivirus scanning from
sending and receiving uploaded files day one or Solution should have In-built anti-virus for file uplaods"
for antivirus scanning from day one
135 The proposed solution shall support This is Vendor Specific , Please Please Remove this Point As per RFP
both positive and negative security remove this point as this
model and work in HA mode with allready covered Point Number
TCP, SSL mirroring of the traffic that 126 in the RFP
is offloaded on the appliance and
persistence mirroring, so that user
session shall not be disconnected
after failure of primary device. It shall
improve the users experience.
136 System must support TCP The Term " TCP Buffering" System must support TCP optimization, TCP Connection The Term " TCP Buffering" This is Vendor Specific , Please As per RFP
optimization, TCP Buffering, TCP This is Vendor Specific , Please Multiplexing to enhance protocol performance modify this Point so Others can comply
Connection Multiplexing to modify this Point
enhance protocol performance
137 WAF should support for future Please remove this point for Please remove this point for the RFP Not supported, planned… this is in Barracuda Road Map. As per RFP
requirement to Anti-Bot Mobile SDK the RFP Please remove this feature from the RFP or allow us to submit
to Whitelist establish trust based on the dates when this is going to introduce within the solution.
an embedded software package
within the customer’s application
code, and corresponding cookie
verification from day one
138 Supported 3rd Party Repudiation 3rd Party Repudiation is Solution Should have buit-in or Support 3rd Party Repudiation Supported, including our own threat research. Some Vednor As per RFP
Database which include Blacklisted IP specific to vendor who don't Database which include Blacklisted IP Address, TOR, System does not have their own research, which is why they are
Address, TOR, System Vulnerabilities, have their own research , Vulnerabilities, Country, Bad Proxy , Spam Source, Mobile Threats asking specifically for 3rd party. Also TOR is available free
Country, Bad Proxy , Spam Source, Please Modify this point etc. without 3rd party DB’s.
Mobile Threats etc.
141 The Platform must be able to allow This is Vedor Specific , Please Please Remove this Point This is Vedor Specific , Please remove this point as this is a As per RFP
the enterprise to measure remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
infrastructure performance as it WAF RFP and not a reporting and it is achieved via SIEM
relates to application delivery, and to Module , SIEM is Part of this
factor that application performance RFP and it is achieved via SIEM
data into business intelligence tools
such as troubleshooting, ROI
calculations, and capacity planning.
142 The Proposed Management and This is Vedor Specific , Please Please Remove this Point This is Vedor Specific , Please remove this point as this is a As per RFP
reporting Platform must be able to remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
provide tools for monitoring WAF RFP and not a reporting and it is achieved via SIEM
applications across the entire Module , SIEM is Part of this
Application delivery network. E.g RFP and it is achieved via SIEM
dashboard displays system statistics
in selectable graphs, gauges, and
tables. In addition to the pre-defined
views, you can create custom
combinations of the dashboard
windows, and save them in groups.
You can combine windows from
different software modules in a single
view, or use just the windows you
want for a single module. Windows
are available only for those modules
that you have licensed and
provisioned.
143 The Proposed Management and This is Vedor Specific , Please Please Remove this Point This is Vedor Specific , Please remove this point as this is a As per RFP
reporting Platform must be able to remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
support historical statistics collection WAF RFP and not a reporting and it is achieved via SIEM
on CPU and memory usage, Module ,This is achived via any
connections, and throughput in an 3rd party reporting module.
easy-to-read graphical view and
displays real-time historical stats by
the hour, day, week, or month from
the web dashboard GUI. In addition
to real-time stats, historical trending
reports must be viewed by hour, day,
week, or month. E.g. view "real-time"
profile and CPU usage statistics for
individual virtual servers and "real-
time" CPU and memory usage
statistics for individual modules.
144 The Platform must be able to support This is Vendor Specific Please Remove this Point This is Vendor Specific As per RFP
Network Map of the virtual server IP
addresses and server pools.
145 The Platform must be able to provide This is Vedor Specific , Please Please Remove this Point This is Vedor Specific , Please remove this point as this is a As per RFP
aggregated application visibility and remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
reporting tools at the application WAF RFP and not a reporting and it is achieved via SIEM
level. This include viewing of detailed Module , SIEM is Part of this
statistics about application traffic RFP and it is achieved via SIEM
running through the system.
real-time application performance remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
statistics, and diagnostic and WAF RFP and not a reporting and it is achieved via SIEM
troubleshooting information such as Module , SIEM is Part of this
application response time, network RFP and it is achieved via SIEM
latency, and connection statistics for
the entire application, virtual servers,
pools, and nodes.
user-created custom statistics that remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
can be built on-the-fly by WAF RFP and not a reporting and it is achieved via SIEM
preconfiguration or predefined for Module , SIEM is Part of this
more granular data and control RFP and it is achieved via SIEM
through scripting or command shell.
This is a mechanism for tracking
information like metrics such as
connections, data rates, etc.
148 The Management Platform should be This is Vedor Specific , Please Please Remove this Point This is Vedor Specific , Please remove this point as this is a As per RFP
able to perform device discovery and remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
monitoring: WAF RFP and not a reporting and it is achieved via SIEM
Discover, track, and monitor up to 5 Module , SIEM is Part of this
devices from day one—whether RFP and it is achieved via SIEM
physical or virtual, both on-prem and
in the cloud.
153 The Management Platform should This is Vedor Specific , Please Please Remove this Point This is Vedor Specific , Please remove this point as this is a As per RFP
have utility license usage reporting: remove this point as this is a WAF RFP and not a reporting Module , SIEM is Part of this RFP
Enable utility licensing of its managed WAF RFP and not a reporting and it is achieved via SIEM
devices by generating and delivering Module , SIEM is Part of this
reports of device use over time. RFP and it is achieved via SIEM
FIRM-14: Micro Focus ARPIT GOEL: [email protected]

SN Page No. Heading Point Description Query Recommendation/Suggestion
1 13 Chapter 3A, Pt 2 Bidder should have backend tie-ups with the respective OEMs to Does this mean that OEM PS would be doing the OEM authorized partner shall do the Already Clarified above
provide required technical support along with OEM professional implementation implementation
services for the supplied Hardware, Software, Network
equipment and Network & Security software for their installation,
system operations.
2 29 SOR-D-i-SOC, Pt 1 The solution must be a Leader in the Gartner Magic Quadrant of this should allow atleast last 3 or 5 years gartner report or it The solution must be a Leader in the Gartner Already Clarified above
Security Information and Event Management (SIEM) 2017/2018 should allow both leader & challenger quadrant solution Magic Quadrant of Security Information and
Event Management atleast once in last 5 years
3 29 SOR-D-i-SOC, Pt 3 The proposed solution should be able to handle 10,000 sustained As in ArcSight SIEM, flows are also considered under EPS The proposed solution should be able to handle Already Clarified above
EPS & 5000 Flows/sec from day one and scalable to 80,000 EPS. licensing only. So whether solution needs to be proposed 10,000 sustained EPS.
4 31 SOR-D-i-SOC, Pt 4 (Operational The solution must support the automatic update of configuration Do we mean software patches updates as well by this point. Either this point should be deleted or should be Already Clarified above
Requirement) information with Here as per industry best practices, it is never recommended updated as " The solution must support the
minimal user intervention. For example, security taxonomy to put your SIEM solution to a direct internet acess. automatic update of configuration information
updates, vendor rule via a centralized management console with
updates, device support, etc. Also detail the features that are minimal user intervention. For example,
updated. security taxonomy updates, vendor rule
updates, device support, etc. Also detail the
features that are updated."
5 31 SOR-D-i-SOC, Pt 4 The solution must provide browser-based UI access for end users As ArcSight correlation solution works with thick client based This point should be modified as "The solution Already Clarified above
(Architectural Requirement) (does not require UI for advanced level analysis and content creation. Also must provide browser-based/thick client UI
thick client) ArcSight command centre is used for management and access for end users"
6 33 SOR-D-i-SOC, Pt 8 (Log The solution should support longterm access to detailed security Please specifiy the X I.e. exact no of months for both online 3 months online and 1 year offline Already Clarified above
available, network flow data. The system should be able to
provide access to at
7 33 SOR-D-i-SOC, Pt 9 (Log The solution should capture flow information from multiple This point is part of packet capture solution so should not be This point should be deleted. Already Clarified above
Management Requirement) network points. Solution part of SIEM solution.
should support Network traffic collected via TAP, SPAN, and/or
Mirror.
8 37 SOR-D-i-SOC, Pt 9 (Correlation The solution proposed should provide capability to add the Are the following systems existing in Railtel or it is mentioned Clarification
the SIEM
deployment.
data analysis.
9 46 SOR-D-iv- Vulnerability Vulnerability Assessment - Only Network Based The ask in RFP is only for VA of Network/host while VA/PT of Refer Corrigendum-II
FIRM-15: Veritas Nasir Mir: [email protected]

SN Page no. RFP Volume Section and sub- Clause/ Content in the RFP Clarification sought/ Change Request Remarks/Justification
section
1 22 CHAPTER-3-A Technical 5. Solution Must support Host-Level Virtual Environments Please modify Clause as "Solution Must support Host-Level request to include support for lastest Already Clarified above
Requirement Including VMware vSphere, Microsoft Hyper-V Hypervisor integration for Virtual Environments Including hypervisors also like Openstack, containers,
SOR-B: Backup Solution VMware vSphere, Microsoft Hyper-V, RedHat KVM, Nutanix AHV and others as requested as most of
AHV, OpenStack and Containers" enterprise backup software vendors support all
latest hypervisors. This is required considering
current and future requirment for cloud
Infrastructure of the Railtel Department.
2 22 CHAPTER-3-A Technical 6. Solution must support back agents Including Microsoft Please modify Clause as "Solution must support back agents Request department to include support for all Already Clarified above
Requirement Windows (Windows Server, Hyper-V, Exchange, SQL), Linux and Including Microsoft Windows, Linux, Unix and macOS. Also major databases including Haddop Bigdata as
SOR-B: Backup Solution macOS include Agent/Modules for online backup of applications and this may be required by department
databases such as MS Exchange, MS SQL, Oracle, DB2, Sybase, consideting cloud infrastructure and
MySQL, MongoDB, PostGre SQL and distributed haterogenous applications used by railtel. Most
databases/filesystems like NoSQL, Bigdata and hadoop. " of the enterprise backup software vendors
provide support for all these common
applications and databases.
3 23 CHAPTER-3-A Technical 9. Solution must support Advanced sharing of different media Please modify as "Solution must support Advanced sharing of Optical device like CD,DVD cannot be shared Already Clarified above
Requirement across the environment (disk, tape and optical). different media across the environment (disk and tape)." and usually never used as backup storage, so
SOR-B: Backup Solution request to remove Optical word.
4 23 CHAPTER-3-A Technical 11. Solution should offer rate limiting for data sent offsite to limit Please modify clause as "Solution should offer inbuild WAN This clause looks some vendor specific, request Already Clarified above
Requirement the impact of replication on critical Internet resources. Optimizer for data sent offsite to limit the impact of replication to modify it as requested so that most of
SOR-B: Backup Solution on critical Internet resources." Enterprise backup vendors will participate in
the bid. WAN optimization is the proper term
and feature in most of backup solutions for
optimizing backup data replication to offsite
location.
5 23 CHAPTER-3-A Technical 15. Solution should offer message level backups for MS Exchange Please modify clause as " Solution should offer full backup of This clause looks favouring a specific vendor Already Clarified above
Requirement and allow for restore of individual messages or entire folders. MS Exchange databases and allow for restore of full and and not a geniric feature. Please note most of
SOR-B: Backup Solution individual messages." the enterprise backup solution vendors provide
MS Exchange backup at database level,
however the restore can be done on granular
single mail/message level. please modify so
that most of enterprise backup solution
vendors can participate in the bid.
6 23 CHAPTER-3-A Technical 18. Solution must support GUI with centralized management / Please modify clause as "Solution must support GUI with request to remove archival word as this Already Clarified above
Requirement Single interface for management of all backup and archival centralized management / Single interface for management of requirment is related to a backup solution and
SOR-B: Backup Solution activities. all backup activities. not the archival software, both of them cater
to a different requirment.
7 23 CHAPTER-3-A Technical 19. Solution must support Advanced sharing of different media Remove this repeated clause no 9 Repeated clause, request to delete clause or Already Clarified above
Requirement across the environment (disk, tape and optical). remove optical word.
SOR-B: Backup Solution
8 23 CHAPTER-3-A Technical 21. Solution must support following application and database Please modify clause as "Solution must support following Request department to include support for all Refer Corrigendum-II
Requirement backup without CLI and without the requirement of temporary application and database backup without CLI and without the major databases including Haddop Bigdata as
SOR-B: Backup Solution disk space for Oracle, 64-bit Active Directory, MS SQL, MS requirement of temporary disk space for Oracle, 64-bit Active this may be required by department
Exchange, Share-Point, MySQL etc. Directory, MS SQL, MS Exchange, Share-Point, MySQL etc, also consideting cloud infrastructure and
provide online backup for open and distributed databases like haterogenous applications used by railtel. Most
MongoDB, NoSQL, Nutanix, Bigdata and hadoop." of the enterprise backup software vendors
provide support for all these common
applications and databases.
9 24 CHAPTER-3-A Technical 32. Solution should support rapid/instant VM recovery with Please modify clause as "Solution should support rapid/instant This clause looks some vendor specific, request Already Clarified above
Requirement LiveBoot for Vmware and Microsoft Hyper-V VM recovery with LiveBoot for proposed virtualization to modify it as requested so that most of
SOR-B: Backup Solution hypervisor platform" Enterprise backup vendors will participate in
the bid.
10 24 CHAPTER-3-A Technical 34. Solution Should have 48TB of Usable Capacity with HW RAID Please modify clause as "Backup Appliance Should have Considering the future growth of Railtel cloud Already Clarified above
Requirement 60 minimum 50TB of Usable Capacity and scalable to more than Infrastructure, it is necessary for department to
SOR-B: Backup Solution 300TB Usable with HW RAID 60" define the scalability in backup appnliance. This
will help department to get the lastest scalable
backup appliance with storage expansion
feature. Most of the Backup appliance vendors
provide scalability more than 300TB usable in
their backup appliance devices, so there will be
no issues for most of vendors to participate in
the bid.
11 24 CHAPTER-3-A Technical 35 . Appliance Should have 2 x 10Gb RJ45 or 2-port SFP+ Network Please modify clause as "Appliance Should have minimum 4 x Considering current and furture requirments of Already Clarified above
Requirement Interface 1Gbps Ethernet, 4 x 10Gbps Ethernet(SFP and Copper) and 2 railtel cloud infrastructure, it is necessary for
SOR-B: Backup Solution Fibre Channel ports of minimum 8Gbps speed" department to request for all the necessary
network interfaces in requested backup
appliance. Please note almost all the backup
appliance vendors provide all 1Gbps, 10Gbps
and FC ports with their devices and if not
rerequested, department may get the
appliance missing these common required
interfaces.
FIRM-16: TREND MICRO Govind Singh: [email protected]

SN RFP Volume Section and sub-section Page no. Clause/ Content in the RFP Clarification sought/ Change Request
1 SOR-D-ii & iii - Anti Virus + EDR (Client 43, Point no. 20 Shall offer customizable & standard notifications via - SMTP, Pager is an obsolete technology and most of vendors has stop Already Clarified above
& Server): SNMP, Pager, NT Event Log supporting as a medium for sending notification
Clause Should Read as :

Shall offer customizable & standard notifications via - SMTP,
SNMP, NT Event Log
2 SOR-D-ii & iii - Anti Virus + EDR (Client 43, Point no. 21 The solution should provide quarantine management in order to This is specific to one OEM and restricting us from Already Clarified above
& Server): prevent spreading. A management interface must be provided to participation
allow the administrator to review, sort and analyze quarantined
items. Clause Should Read as :
The solution should provide quarantine management in order
to prevent spreading. A management must be provided to
allow the administrator to restore quarantined items in case
file found to be legitimate
3 SOR-D-ii & iii - Anti Virus + EDR (Client 43, Point no. 28 Solution must provide virtualized environment Please help in elaborating the use case of this requirement Already Clarified above
& Server):
4 SOR-D-ii & iii - Anti Virus + EDR (Client 45, Point no. 56 The solution should combine NIPS (network) and HIPS (host) This is specific to one OEM and restricting us from Already Clarified above
& Server): based signature to proactively protect against intrusion targeted participation
privilege containment approach Clause Should Read as :
The solution should use HIPS (host) based signature to
proactively protect against intrusion targeted at the servers
5 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 70 Solution should have an emulator to cause threats to reveal This is specific to one OEM and restricting us from Already Clarified above
& Server): themselves. This should not be a part of sandboxing and should participation
run individually in each agent
Clause Should Read as :
Solution should have a mechanism to Identifies packed
malware in memory as it unpacks prior to execution using
machine learning functionality
6 SOR-D-ii & iii - Anti Virus + EDR (Client 45, Point no. 71 Solution should have Deception component from same or This is specific to one OEM and restricting us from Already Clarified above
& Server): different OEM which helps identify the unknown attacks that participation
conduct file traversals, network discovery, terminate processes,
try to conduct credential theft, and more Clause Should Read as :
Solution should have functionality which helps identify the
unknown attacks
7 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 73 The Solution should check for the existence for antivirus software, This is specific to one OEM and restricting us from Already Clarified above
& Server): patches, hot fixes, and other security requirements. For example, participation
the policy may check whether the latest OS patches have been
applied to the operating system. Clause Should Read as :
The Solution should check for the existence of open known
vulnerabilities and shield them using virtual patching
technology
8 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 74 If the host is non-compliant with the policies, the solution must This is specific to one OEM and restricting us from Already Clarified above
& Server) automatically initiate remedial action, downloading and participation. Hence please help in removing this clause to
executing/inserting a software, running scripts , by setting allow our participation
required registries keys. The solution should recheck host for
compliance after remediation and grant access for the compliant
host to the network.
9 SOR-D-ii & iii - Anti Virus + EDR (Client 46, Point no. 75 The solution must be able check whether required software, This is specific to one OEM and restricting us from Already Clarified above
& Server) security patches and hot fixes have not been installed on the participation. Hence please help in removing this clause to
endpoint as mandated by organization, the solution should be set allow our participation
to connect to an update server to download and install the
required software based on the policy.
10 SOR-D-i – SOC:Packet Capture 41 Specifications from Serial no. 1 to 38 Specificaitons are specific to one particular OEM and Already Clarified above
restricting us from participation. Please help in diluting the
specification to allow our participation
FIRM-21: Fortinet Saroj Kumar Das: [email protected]

Existing Changes Required
SOR-C-ii -UTM
6 UTM/NGFW appliance should have at least 32 GB RAM or higher Already Clarified above
10 The UTM appliance should be Rack Mountable, not exceeding 1U The UTM appliance should be Rack Mountable, not exceeding Already Clarified above
35 The IPS system should have at least 25,000 signatures with The IPS system should have at least 10,000 signatures with Already Clarified above
3 The management appliance should have 2 x 1G port and The management appliance should have 2 x 1G port. Already Clarified above
14 The centralized management platform must not have any limit in The centralized management platform must have minimum Already Clarified above
terms of handling logs per day 100 GB limit in terms of handling logs per day
FIRM-18: Network Bulls Pvt. Ltd. Debulina Biswas: [email protected]

Clouse no Existing Changes Required Remarks
SOR-C-ii -UTM
6 UTM/NGFW appliance should have at least 32 GB RAM or higher UTM/NGFW appliance should have at least 16 GB RAM or Every OEM has their own architecture to achive Already Clarified above
higher desire throughput. Proprietary/Costomised
based solution is used to radically boost the
performance and scalability to enable the
fastest network security appliance available.
Hence request you to reduce the RAM to 16
GB.
10 The UTM appliance should be Rack Mountable, not exceeding 1U The UTM appliance should be Rack Mountable, not exceeding Already Clarified above
35 The IPS system should have at least 25,000 signatures with The IPS system should have at least 10,000 signatures with This is specific to single OEM. Already Clarified above
3 The management appliance should have 2 x 1G port and The management appliance should have 2 x 1G port. Management appliance is passive device, Already Clarified above
integrated redundant power supply from day one redundent power supply will increasing the
overall budget of the project.
14 The centralized management platform must not have any limit in The centralized management platform must have minimum There should be some number for handing log Already Clarified above
terms of handling logs per day 100 GB limit in terms of handling logs per day per day this will help in term of sizing the
suitable appliance.
Requesting you kindly revise it to " The
centralized management platform must not
have 100 GB limit in terms of handling logs per
day"
FIRM-19: Symantec Software India Pvt. Ltd. Himanshu Tyagi: [email protected]
SN Section No. Point No. Content of RFP requiring clarifications Points of clarification required
1 Chapter 2 SOR -D (i) Commercial SOC includes software components SIEM Inncident Please confirm whether department is looking Refer Corrigendum-II
forensic and packet capture. for different OEM solution for SIEM and
Incident forensic & packet capture. We request
department to bifurcate the quantity for the
same in BoQ format.
2 SOR-D-ii&iii 31 Solution must provide to create classify applications which are We request department to remove this clause. Already Clarified above
attempting network access, and block unauthorized connections
and data transfers by malicious programs.
3 SOR-D-ii&iii 36 After development of signatures for logs submitted for a We request department to remove this clause. Already Clarified above
suspicious system, analysis report must be submitted to RailTel.
The Analysis report should contain IP address of the system, List
of files found suspicious in the submitted log
4 SOR-D-ii&iii 40 Solution must provide to send endpoint logs based on IP and MAC We request department to remove this clause. Refer Corrigendum-II
address automatically up to CMAS.
5 SOR-D-ii&iii 46 Solution must provide a Utility program for all supported We request department to remove this clause. Already Clarified above
Windows, Linux and MAC operating systems for collecting logs of
infected endpoints for analyzing and developing signatures.
6 SOR-D-ii&iii 47 OEM/bidder must provide RCA (Root Cause Analysis) report of Is department looking for Premium Support of Refer Corrigendum-II
technical problem/ incidence / issues reported and resolved. OEM. As OEM provide RCA only in premium
support not traditional 24X7 support.
7 SOR-D-ii&iii 56 The solution should combine NIPS (network) and HIPS (host) We request department to remove NIPS Already Clarified above
based signature to proactively protect against intrusion targeted
privilege containment approach
8 SOR-D-i-SOC 21 Proposed solution should Integrate with On Premise Malware We request department to confirm which Already Clarified above
Sandbox Analytics solution. Security analytics should be able sandbox solution do they have and it should
submit files for detonation and analysis.The ATP solution must be integrate with other OEM's solution.
9 SOR-D-i-SOC 27 The Solution must maintain the integrity while sending SSL traffic We request department to please remove the As per RFP
clause, as this will require a separate SSL
Solution.
10 SOR-D-i-SOC 28 Solution must support provision to implement custom We request department to please remove the Already Clarified above
environment. clause, as this will require a separate SSL
Solution.
11 SOR-D-i-SOC 32 Security Analytics should be proposed with required SSL visibility We request department to please remove the As per RFP
solution to enable meticulous network forensics and monitoring clause, as this will require a separate SSL
across all network traffic, thousands of applications, dozens of file Solution.
transports, all flows, and all packets—including encrypted traffic.
Should provide total visibility into network traffic with actionable
intelligence so that department can quickly shut down exposure
and mitigate ongoing risk. Should provide:
• Detailed insights from all forensic captures
• Establish policies to selectively decrypt SSL traffic
• Share encrypted traffic insight with your security applications
12 SOR-D-i-SOC 33 Solution must support automatic visibility and interpretation of We request department to please remove the As per RFP
SSL decrypted traffic regardless of port or protocol. SSL decryption clause, as this will require a separate SSL
should be provided through the dedicated purpose built appliance Solution.
based. There has to be integration with SSL decryption and
security analytics solution.
13 SOR-D-i-SOC 34 The solution provided for SSL decryption must support 78+ We request department to please remove the Refer Corrigendum-II
Ciphers and TLS 1.3. The packet capyure tool and SSLVA must be clause, as this will require a separate SSL
from same OEM. Solution.
14 SOR-D-ii&iii Anti Virus + EDR (Client & Server) We believe that EDR requirement is not coming Already Clarified above
clearly in the specifications. Hence request you
to please consider the following EDR
requirements to be added in specifications.
1) The proposed solution platform must be able
to integrate with the proposed endpoint
protection solution deployed within the current
environment and should be from same OEM to
provide remediation and removal of malware
on infected devices. It should happen without
additional agent.
2) Solution should automatically detect and
confirm multistage zero-day malware and
targeted attacks without prior knowledge of
the malware.
3) Solution should use a stateful attack analysis
to detect the entire infection lifecycle. It should
trace the stage-by-stage analysis of an
advanced attack, from system exploitation to
outbound malware communication protocols,
leading to data exfiltration.
4) Proposed solution should have the ability to
Hunt for threats by searching for indicators of
compromise across all endpoints in real-time.
5) Proposed solution should ensure complete
incident playback with continuous recording of
endpoint activity, view specific endpoint
processes.
15 SOR-D-i&iii Anti Virus + EDR (Client & Server) We understand that department is looking for Already Clarified above
some server security solution like HIPS as there
are mention of the same in specifications.
However those specifications are not making
the requirment of HIPS very clear. Hence we
request department to consider below points
in specifications if requirement is for HIPS.
1) The solution should provide for the
prevention of access to application data files.
2) The solution restrict data being written to an
external device.
3) The solution should implement memory
controls by default between processes.
4) Server Security solution should have
application and device control to lock down
configuration settings, file systems, and use of
removable media.
5) Server Security solution should provide
predefined automated responses to
events.Actions should include alerting the
administrator, disabling the user account,
logging the event and executing
commands/scripts/programs. Solution should
have Alerting via file output.
6) HIPS should perform log analysis, integrity
checking, root kit detection, time-based
alerting and active response. It should help to
detect attacks, software misuse, policy
FIRM-20: IBM India Pvt. Ltd. Mayank Devlal: [email protected]
SN Section Page No Clause Clarification Required Remarks
1 SCHEDULE OF REQUIREMENT 5 Commercial SOC includes software components SIEM, Incident Since Quantity is mentioned as 1, Please clarify Already Clarified above
forensic and packet capture.
1) if SIEM needs to be deployed in HA in DC ?
2) If DR is to be considered for SIEM instance?
2 SCHEDULE OF REQUIREMENT 29 The proposed solution should be able to handle 10,000 sustained Please suggest if proposed hardware should support 80000 Already Clarified above
EPS & 5000 Flows/sec from day one and scalable to 80,000. EPS scalability without further hardware expansion. Also,
kindly confirm the flow/sec scalability.
We suggest to have following clause -
The proposed solution should be able to handle 10,000 EPS&

5000 Flows/sec from day one and should be scalable to handle
40,000 EPS & 10,000 FPS on the same hardware and solution
should be horizontally scalable to 80,000 EPS by adding
additional hardware.
3 SCHEDULE OF REQUIREMENT 29 The proposed solution should be able to handle 10,000 sustained Kindly confirm the log sources locations so as to size collectors Already Clarified above
EPS & 5000 Flows/sec from day one and scalable to 80,000. for the same.
4 Detailed Technical Specifications 30 The Bidder will give the hardware sizing for the EPS count We understand bidder doesn't need to provision hardware for Already Clarified above
required if solution is software based. software based solution. Pls confirm.
5 Detailed Technical Specifications 30 The Bidder will give the hardware sizing for the EPS count Kindly confirm the log & flow retention policy(online & offline) Already Clarified above
required if solution is software based. so as to suggest on storage requirements.
6 Detailed Technical Specifications 31 The solution should support high availability requirements in an Kindly confirm if solution needs to be deployed in high Already Clarified above
embedded fashion at all layers including collection, normalization, availability at all the layers ?
correlation and management and without the need for additional
3rd party software to provide 24x7 availability and fault tolerance.
7 Detailed Technical Specifications 32 The solution must easily expand to support additional demand. Kindly clarify additional demand if this is w.r.t additional Already Clarified above
EPS/log sources integration.
8 Detailed Technical Specifications 32 The solution should block-signs events with a digital signature to We suggest to modify this clause to read as " The solution Already Clarified above
demonstrate integrity of the indexed data should be able to support integrity of the indexed data" since
most of the SIEM players doesn't support digitial signatures.
9 Detailed Technical Specifications 32 The solution must monitors its own configurations and usage to We suggest to modify this clause to read as "The solution must As per RFP
maintain a complete, digitally signed audit trail of who is monitors its own configurations and usage to maintain a
accessing the system, what searches they are running, what complete, audit trail of who is accessing the system, what
reports they are viewing, what configuration changes they are searches they are running, what reports they are viewing,
making, and more. what configuration changes they are making, and more." since
most of the SIEM players doesn't suport digital signautr
10 Detailed Technical Specifications 32 The solution must support Disaster Recovery.It should have the Kindly confirm if solution needs to be deployed in DR as well. Already Clarified above
provision to run in active / passive mode in a DC-DR environment Also, will this DR be in Active/Passive Mode.
and should be able to failover to automatically DR in case of a
primary failure. Incase of passive DR, kindly confirm the RTO/RPO to adhere.
11 Detailed Technical Specifications 41 Perform Full Packet Capture of network traffic with zero packet Please confirm the number of locations & interfaces to be Already Clarified above
loss. Support the retrieval of captured for packet capture.
relevant packets to a cyber security incident
12 Detailed Technical Specifications 42 Should be able to support integration with Endpoint We suggest to read this clause as "Should be able to support Already Clarified above
Management/EDR solution for remediation endpoints via single integration with Endpoint Management/EDR solution for
agent EDR and Anti-virus solution.The AV and EDR must be from remediation endpoints "
same OEM. Provided AV must be in leaders Gartner Quadrant.
13 Detailed Technical Specifications 42 Should be an on-premise appliance-based solution with capability We recommend to have appliance based solution for packet Already Clarified above
to do packet capture, storage, analysis.
protocol dissection.
We suggest to have software based solution for storing pcap
and session reconstruction.
14 Detailed Technical Specifications 42 Should be an on-premise appliance-based solution with capability Kindly confirm following for sizing the packet solution - Already Clarified above
to do packet capture, storage,
protocol dissection. 1) No of locations/interfaces including DC & DR for packet data
collection
2) Link & current bandwidth utilization details for each
interface/location to be cpatured
3) Retention policy to be considered for raw & meta data
retention.
15 Detailed Technical Specifications 42 Should capture signature/heuristics and behavioral based alerts We suggest to remove this clause since Packet capture Already Clarified above
and block the malicious activity solutions are not supposed to block the activity
16 Detailed Technical Specifications 42 Solution must support provision to implement custom Kindly provide with the expectations. Already Clarified above
environment.
17 Detailed Technical Specifications 42 The solution should be able to provide suggested mitigation Clause mentioned are applicable to SOAR platform hence we Already Clarified above
actions for events suggest to remove this clause from packet capture.
18 Detailed Technical Specifications 42 Proposed solution should Integrate with On Premise Malware We suggest to remove "The ATP solution must be able to Already Clarified above
Sandbox Analytics solution. Security analytics should be able submit files for sandbox." from the mentioned clause since
submit files for detonation and analysis.The ATP solution must be packet capture & ATP solution are different.
19 Detailed Technical Specifications 42 Should support Integration With Endpoint Detection and We suggest to remove this clause since this clause is not Already Clarified above
Response (EDR) technology as proposed in the RFP which should applicable to Packet Capture solution.
network with one click from same console. The AV and EDR must
20 Detailed Technical Specifications 35 "The solution should include following native visualizations: This seems to be specific OEM clause hence we request to Already Clarified above
remove this clause
Tables
Time charts
Line charts
Bar charts
Area charts
Pie charts
Scatterplot charts
Radial, filler, and marker gauges
Geo-IP maps"
21 Detailed Technical Specifications 35 The solution should have the ability to convert dashboards into This seems to be specific OEM clause hence we request to Already Clarified above
PDF files and schedule them to be emailed to others. remove this clause
22 Detailed Technical Specifications 35 The solution should have the ability to integrate with external This seems to be specific OEM clause hence we request to Already Clarified above
visualization frameworks and options (D3, Tableau, etc) for remove this clause
additional visualizations
23 Detailed Technical Specifications 36 Dashboard should support export of data to multiple formats This seems to be specific OEM clause hence we request to Already Clarified above
including CSV, Excel, PDF remove this clause
24 Detailed Technical Specifications 36 The solution must offers multiple SDKs written on top of the API This seems to be specific OEM clause hence we request to Already Clarified above
for: remove this clause
Python
Java
JavaScript
PHP
Ruby
C#
25 Detailed Technical Specifications 36 The solution must assist in following use cases due to indexed This seems to be specific OEM clause hence we request to Already Clarified above
data leading to a high ROI and cross-department collaboration. remove this clause
Compliance
Fraud
IT Operations
Application Management
Web/Digital Intelligence
Business Analytics
Industrial Data and Internet of Things
26 Detailed Technical Specifications 38 The solution must be able to do full-text search on any field in the This seems to be specific OEM clause hence we request to Already Clarified above
indexed data based on: remove this clause
Keywords
Time ranges
Specific or relative time windows down to the
month/day/minute/second
Boolean logic (and, or, not, etc)
Regular expressions
Wild card syntax
Statistical analysis including:
Count of occurrences, distinct count of occurrences, sum
Most common values or least common values of a field
Minimum, maximum
Average, mean, mode, median
Standard deviation, variance
The identification of anomalous values in results that may be
irregular, or uncommon
The statistical correlation between fields
Clustering of events together based on their similarity to each
other as a single event
Truncate outlying numerical values in selected fields to assist in
statistical correlation
First and last seen value
Percentile
Predicted values (search that looks at historical data to
mathematically predict future values)
Perform a union, diff, or intersection of individual or multiple
search results
27 Detailed Technical Specifications 38 The solution must be able to do baselining and then apply the This seems to be specific OEM clause hence we request to Already Clarified above
above search logic to find outlier/anomalies from the baseline remove this clause
that may be advanced, non-signature based threats
Fir Shishir Jain: <[email protected]

Page no. Clause/ Content in the RFP Clarification sought/ Change Request
30 4. The solution must support auto discovery of assets that are The 'auto discovery of assets' is additional feature of specific Already Clarified above
being protected or monitored and automatically start accepting SIEM OEM but not a general SIEM functionality, hence this
events without any administrator intervention through an agent clause must be removed from the RFP
less solution
30 5 The solution should support automated classification of assets Please elaborate on 'classification of assets that are being Already Clarified above
that are being protected. protected', this seems value add feature of specific SIEM OEM
but not a general SIEM functionality, hence this clause must be
removed from the RFP
31 6. The solution should support high availability requirements in an Building high availability at different components is design Already Clarified above
embedded fashion at all layers including collection, normalization, aspect, it is not necessary the product must have it as
correlation and management and without the need for additional embedded fashion. This again an OEM specific product
3rd party software to provide 24x7 availability and fault tolerance. feature, request you to modify this as "the proposed SIEM
solution must provide high availability at all layers including
collection, normalization, correlation and management with
the need for additional 3rd party software"
31 6. The solution should support high availability requirements in an The "support high availability" is just a capability to be present Already Clarified above
embedded fashion at all layers including collection, normalization, in the solution, but Railtail want the bidder to provide SIEM
correlation and management and without the need for additional solution with high availability or stand-alone solution so that
3rd party software to provide 24x7 availability and fault tolerance. HA capability may be leveraged in future ?
31 13. The solution must maintain an externally accessible store or Scanning IT infra, discovering assets and maintaining inventory As per RFP
database of all assets discovered on the network. This asset data are features of "Asset Management Software" tools and may
should include important information about the asset as learned be value add feature of specific SIEM OEM but not a general
by the information collected (i.e. system attributes, network SIEM functionality. Hence this clause must be removed from
attributes, vulnerability state, etc.). The database must provide the RFP
the ability to edit attributes when they cannot be learned (i.e.
department, location, etc.). The user must be able to search this
database.
32 2 The system must provide Real-time remote indexing of data to Every SIEM Product have its way to manage the data integrity As per RFP
minimize the opportunity for alteration of audit trails on for the logs collected in real-time and near-real time. This
compromised hosts clause is specific feature of OEM Product, hence please
remove this or change this to "the system must perform
indexing for real-time data and maintain data integrity check
for both index and processed in a remote location for future
audit and compliance purposes"
4 The solution should block-signs events with a digital signature to

demonstrate integrity of the indexed data
5 The solution must provide event hashing at index time to
determine at search time if events have been tampered with
6 The solution must monitors its own configurations and usage to

maintain a complete, digitally signed audit trail of who is
accessing the system, what searches they are running, what
reports they are viewing, what configuration changes they are
making, and more.
32 4 The solution must support industry log collection methods While the support of log collection methods is standard ask, As per RFP
(syslog-UDP (as detailed in RFC 3164) and TCP (as detailed in RFC but for exporting of offline log data or custom data may be
3195),DNS,DHCP, WMI, JDBC, XML,CSV,JSON,SNMP, Checkpoint supported differently by each SIEM OEM. Please modify this
LEA,FTP,S/FTP, ODBC, SDEE, Window event logs-agent based and clause to what RailTel wanted to achieve instead referring to
agent less etc., mail server, web server),directly pointing to log specific product feature of a OEM SIEM.
files over the network or on the indexer,Custom inputs which
includes scripted and modular inputs, vendor supplied universal
agents.
33 7 The system should provide adequate categorization and This is feature is specific to a SIEM OEM not general Already Clarified above
prioritization of the collected and aggregated events from the functionality of SIEM, hence remove this clause from RFP or
monitored log sources. This entails a deep understanding of the modify this to as per end objective that RailTel wanted to
event types and criticality associated with the events for the achieve.
supported log sources. E.g.: The categorization may by be HIGH,
MEDIUM, LOW or color coding.
34 10 The solution must support the ability to centrally deliver Delivering vulnerability/Asset reports and dashboards is Already Clarified above
vulnerability reports. feature provided by Vulnerability/Asset Management solution,
this requirement is a feature of specific to a SIEM OEM but not
a general SIEM functionality, hence this clause must be
removed from the RFP or modify as per end objective that
RailTel wanted to achieve.
11 The solution may support the ability to centrally deliver asset Already Clarified above
reports.
27 Dashboard should display asset list and capture details
including name, location, owner, value, IP address, platform
details
36 2 The solution must offers multiple SDKs written on top of the API These features apart from 'support of API for external As per RFP
for: integration' are specific to a SIEM OEM not general
functionality of SIEM, hence remove this clause from RFP or
modify this to as per end objective that RailTel wanted to
achieve.
2.1. Python
2.2. Java
2.3. JavaScript
2.4. PHP
2.5. Ruby
2.6. C#
3 The solution should offers hundreds of free, public Apps for
point products or use cases to create more value and accelerate
time-to-value
37 15 The solution may provide an out of the box mechanism to This is feature is specific to a SIEM OEM not general Already Clarified above
discover and classify assets by system type (i.e. mail servers vs. functionality of SIEM, hence remove this clause from RFP or
data base servers) to minimize false positives associated with modify to "the proposed SIEM must collect business context
poor asset classification. such as asset classification data and leverage in better incident
prioritization and reduction of false positives" or as per end
objective that RailTel wanted to achieve.
39 7 The solution must have the ability to directly search raw data This is feature is specific to a SIEM OEM not general Already Clarified above
(using existing search capabilities) stored externally in Hadoop functionality of SIEM, hence remove this clause from RFP
HDFS file systems and the results made available for advanced
visualizations
41 6 The solution must have ability to import raw data from Hadoop This is feature is specific to a SIEM OEM not general Already Clarified above
for indexing functionality of SIEM, hence remove this clause from RFP
33 8 The solution should support longterm access to detailed security Please provide the retention duration for long term and also Already Clarified above
event and, if available, network flow data. The system should be would it be offline or online retention ?
able to provide access to at least x months worth of detailed
information.
34 10 The solution must support the ability to centrally deliver This is an additional feature of specific SIEM OEM but not a Already Clarified above
vulnerability reports. general SIEM functionality, hence this clause must be removed
from the RFP
35 Dashboard should display asset list and capture details including Scanning IT infra, discovering assets and maintaining inventory Already Clarified above
name, location,owner, value, IP address, platform details are features of "Asset Management Software" tools is value
add feature of specific SIEM OEM but not a general SIEM
functionality, hence this clause must be removed from the RFP
42 1 Perform Full Packet Capture of network traffic with zero packet Please provide how no of network points at each location and Clarification: No. of
loss. Support the retrieval of relevant packets to a cyber security their link bandwidth to be covered by full packet capture interface is mentioned
incident solution in the RFP
6 Solution should be sized for traffic rate of 1Gbps or higher.
42 12 Should provide Regeneration and Playback functionality: This is feature is specific to a SIEM OEM not general Already Clarified above
Ability to create shadow networks. Regeneration and Playback: functionality of SIEM, hence remove this clause from RFP
Point and click to instantly regenerate traffic (at configurable
speeds) to a chosen NIC on a shadow network for further analysis
in 3rd party systems. Without interruption of regular services.
43 19 Should support Integration With Endpoint Detection and The purpose of EDR solution is to detect malicious As per RFP
Response (EDR) technology as proposed in the RFP which should software/activities on the endpoint which can't be detected by
remediate and blacklist the suspicious/malicious files in entire AV solution deployed on the same. When these two products
network with one click from same console. The AV and EDR must are from same OEM, it wont be of benefit ( depth in defense).
42 26 Solution must perform flow generation and analysis and must This is feature is specific to a SIEM OEM not general Already Clarified above
perform aggregation of all traffic pertaining to single session with functionality of SIEM, there is not a much value of flow data
a single flow records. when there Deep Packet Inspecting in place with Packet
Capture. Hence remove this clause from RFP
43 34 The solution provided for SSL decryption must support 78+ Please explain why is that SSL decryption must from the same Already Clarified above
Ciphers and TLS 1.3. The packet capyure tool and SSLVA must be OEM that supplies Packet Capture? Not every DPI/Packet
from same OEM. Capture OEM is not into SSL decryption products, and this may
be true for specific OEM. Therefore request you allow the
bidder to support Packet Capture and SSL decryption from
different OEMs.
Additional Points Changed

Existing Clause
The solution should have capability to integrate with SIEM to have Refer Corrigendum-II
unified visibility.

Query Response

Uploaded by

Copyright:

Available Formats

Query Response

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Query Response

Uploaded by

Copyright:

Available Formats

Tender No : RAILTEL/TENDER/OT/CO/DNM/2019-20/Security & Infra Solution of DC & DR /489 Dtd. 06.06.

Firm Name: Intech Infonet Private Limited vishal kaushik: [email protected]

FIRM-2: CIPL Sudipta Banerjee: [email protected]

Already Clarified above

FIRM-3: CISCO Vishal Prakash: [email protected]

FIRM-04: Vmware Tapan Johri: [email protected]

FIRM-05: Exato Technologies Pvt. Ltd. Varun Gupta: [email protected]

Fir Millennium Automation Amar Pratap: [email protected]

Page no Clouse no Existing Changes Required

Page no Clouse no Existing Changes Required Clarification

FIRM-3: DXC Technology [email protected]

10 resource of ISO 27001 Lead auditor

We suggest to have following clause -

The proposed solution should be able to handle 10,000 EPS&

We suggest to have software based solution for storing pcap

We request that the requirements from #27 till #34 be

SOR-C-iii Firwall Manager

FIRM-9: Check Point Software Anuj Madan: [email protected]

4 UTM appliance must have separate SYNC and

6 UTM/NGFW appliance should have at least 32 GB RAM or Already Clarified above

21 User authentication facilitated by services like LDAP and

25 Support configurable option for E-mail or SMS alerts (Via

34 The IPS should be able to inspect SSL sessions by

38 Signatures should have severity level defined to it so that

a) LDAP server entries

Support and Warranty

65 All the technical specifications mentioned above must be

SOR-C –iii – Firewall Manager:

17 The management platform support running on-demand and

FIRM-12: Hitachi Systems Jay ShankarSingh: [email protected]

SN RFP Page No. Point/Section No. RFP Clause Bidder's Remarks

FIRM-13: M/s. Barracuda Networks Vikas Pandey: [email protected]

SOR-B: Backup Solution:

SOR-A:Web Application Firewall:

15 The solution must be able to protect Yes As per RFP

16 The solution must be able to decrypt Yes As per RFP

FIRM-14: Micro Focus ARPIT GOEL: [email protected]

FIRM-15: Veritas Nasir Mir: [email protected]

FIRM-16: TREND MICRO Govind Singh: [email protected]

Clause Should Read as :

FIRM-21: Fortinet Saroj Kumar Das: [email protected]

FIRM-18: Network Bulls Pvt. Ltd. Debulina Biswas: [email protected]

We suggest to have following clause -

The proposed solution should be able to handle 10,000 EPS&

Fir Shishir Jain: <[email protected]

4 The solution should block-signs events with a digital signature to

6 The solution must monitors its own configurations and usage to

6 Solution should be sized for traffic rate of 1Gbps or higher.

Additional Points Changed

You might also like