Germany - Implementation of a SOC (system for centralized attack detection in the IT infrastructure)

Description

ÜSTRA Hannoversche Verkehrsbetriebe Aktiengesellschaft is classified as a critical infrastructure in some areas in accordance with the BSI Act. According to the requirements of the BSI, an attack detection system is required for these areas.

These areas are
- Rail network and signal boxes for public road passenger transport (ÖSPV)
- Control center of public transport

In addition, the system will also monitor large parts of the other IT infrastructure.

Target concept of co-managed SIEM and managed SOC:
The planned architecture includes a "Co-Managed SIEM" based on an Elastic solution, - an Elastic Stack hosted on-prem at the AG consisting of Elasticse-arch, Kibana and integrations (also known as ELK stack) in enterprise licensing,
the introduction of rules and use cases into this SIEM by the SOC partner and the coverage of 24/7 monitoring by the SOC partner (see schematic diagram below).
The SOC partner will introduce and maintain the rules from the jointly defined use cases and playbooks in the client's Elastic solution.
The client is responsible for connecting the log sources and operating the SIEM solution (Elastic) as a data lake (excluding SIEM rules).
An external managed SOC with a different SIEM/SOC target concept is currently in use, which is to be replaced.
As part of the tender, a SOC operator is to be selected, including the necessary data and information sources and analysis environment, in order to increase the security level of ÜSTRA and meet the requirements of the BSI.

Opportunity closing date

06 May 2024

Value of contract

to be confirmed