The scope of work is to deliver the Cloud Detection & Response (CDR)/ Cloud Native Application Protection Platform (CNAPP) services using the Wiz CNAPP cloud native platform (Wiz CNAPP cloud)

Concepts

• horley
• security services
• cloud environments
• sgn cloud assets
• cloud permissions
• cloud assets
• cspm systems monitor cloud
• cloud misconfigurations
• cloud infrastructure entitlements management
• cloud detection

Location

Horley

Description

The scope of work is to deliver the Cloud Detection & Response (CDR)/ Cloud Native Application Protection Platform (CNAPP) services using the Wiz CNAPP cloud native platform (Wiz CNAPP cloud). CNAPP is a convergence of 3 different capabilities, which provide the foundations for an effective Cloud Detection and Response (CDR) capability which SGN does not currently have. This brings together the following three areas: Cloud Security Posture Management (CSPM) CSPM continuously monitors, identifies, alerts on, and remediates compliance risks and misconfigurations in cloud environments. Cloud misconfigurations are often exploited by threat actors. CSPM systems monitor cloud assets, then continually and automatically check for cloud misconfigurations that may result in data breaches. Cloud environments can be extremely complicated, and mistakes can be very hard to detect and manually Cloud Infrastructure Entitlements Management (CIEM) Monitors human and service identities; effective permissions; and exposed secrets across cloud environments. CIEM continuously analyses risk and generates least privilege access policies to efficiently remove any unused, risky, or excessive privileges. This mitigates the risk of escalation of privilege, lateral movement and ultimately data breaches in the cloud. IT currently does not have this level of visibility onto cloud permissions and identities. Cloud Workload Protection (CWP) CWP’s monitor workloads in the cloud, scan for vulnerabilities and provide information regarding those vulnerabilities. The Pricing Model for the SGN CDR/CNAPP solution and service is based on a combination of the service elements requested by SGN. The basis of pricing is outlined below and tailored to meet SGN’s requirements.

Total Quantity or Scope

1. Subscription and Product Support: a. Based on CNAPP SaaS platform services and based the volumes of SGN Cloud assets being monitored. b. Premium Wiz Platform support. 2. Initial Deployment / Onboarding: a. Phase 1 - Solution Design: b. Phase 2 - Enablement and Prioritization: c. Phase 3 – Integration, Testing and Go Live: d. Phase 4 - Training and Knowledge Transfer: 3. Training: The Supplier will provide a range of Knowledge Transfer to SGN Security and Admin/platform personnel as outlined in Initial Deployment/Implementation. As part of the Wiz service, SGN can have access to a range of online training material at Wiz Academy. Through the Premium Support, SGN can also receive enablement sessions to empower specific SGN roles (i.e. GRC) such as on setting compliance policies for reporting and alerting (as Ofgem requirements change). A solution is needed within the business to meet current and future cyber threats across its cloud infrastructure/environment. The CNAPP solution will allow SGN to overcome potential threats and exposure within the business.

Award Detail

CPV Codes

• 79710000 - Security services

Indicators