OPERS is pursuing a co-managed detection, response, and SIEM partnership that expands our current cybersecurity program with additional expertise, depth, and 24x7 remote monitoring. This partnership anticipates that the selected service provider will leverage OPERS SIEM data (i.e. Splunk) in real-time allowing them to bring threat hunting, detection and intelligence services around the clock. When threats are detected, the selected service provider will prioritize and investigate the situation and instigate appropriate, integrated response plans when warranted. OPERS anticipates that the selected service provider will have the expertise and ability to respond through the existing OPERS IT security architecture and products, such as Microsoft Defender. The selected service provider should plan and lead the initial installation and integration necessary to establish the hybrid, co-managed SOC. This includes, but is not limited to, technology configuration, roles and responsibilities, response playbooks, and operating procedures. OPERS is also interested in ongoing consulting services with regards to vulnerability assessments, program tuning, and hardening protections as the cyber-threat landscape continues to evolve. Should the situation present itself, the selected service provider should bring digital forensics capabilities to the situation.
