Dragos Brand Name or Equal

Summary (Newest Update)

Background The Marine Corps Installations East (MCIEAST) Regional Contracting Office (RCO) is conducting a Sources Sought Synopsis for market research purposes. The goal is to identify sources capable of providing a Brand Name or Equal requirement for a Dragos or equivalent Industrial Control Systems (ICS) / Operational Technology (OT) cybersecurity platform. This solution is intended to enhance the Marine Corps' critical infrastructure and facilities-related control systems environments by providing asset identification, threat detection, and incident response capabilities. Work Details The requirement is based on the Dragos Platform, with the following salient characteristics: 1. Passive Asset Discovery: Must passively identify and inventory ICS/OT assets, including controllers (PLCs, RTUs, etc.) and network devices, without active scanning that could disrupt operations. 2. ICS-Specific Threat Intelligence: Must provide access to a continuously updated, proprietary threat intelligence feed focused on adversary groups, malware, and vulnerabilities targeting global ICS/OT environments. 3. Deep Packet Inspection (DPI) for Industrial Protocols: Must perform DPI on various vendor-specific and open-source OT protocols (e.g., Modbus, DNP3, Ethernet/IP, S7) to identify anomalous behavior and threats within command-and-control traffic. 4. Baseline and Anomaly Detection: Must baseline normal network behavior within the OT environment and detect deviations, policy violations, and potential threat activity. 5. Forensic Investigation & Response Playbooks: Must include built-in workflows and investigative playbooks that guide analysts in responding to threat detections specific to ICS environments. 6. Air-Gapped & Intermittent Connectivity Support: Must function fully in air-gapped environments or those with limited or intermittent connectivity for updates and data transfer.