File #: A 16-112    Name: Agreement with Sable
Type: BoS Agreement Status: Passed
File created: 4/29/2016 In control: Board of Supervisors
On agenda: 6/28/2016 Final action: 6/28/2016
Title: a. Approve and authorize the Contracts Purchasing Officer to execute, on behalf of the County of Monterey, Information Technology Department, a standard agreement with Sable Computers Inc., dba KIS, for the purchase of licenses, support and maintenance for Carbon Black, a threat detection and response platform, in the total amount of $285,039.00 for the three-year period of July 1, 2016 through June 30, 2019; and b. Authorize the Contracts Purchasing Officer to sign purchase orders on an as-needed basis as recommended by the Director of Information Technology.
Attachments: 1. Board Report, 2. Agreement with Sable Computers Inc., dba KIS, 3. Exhibit A Scope of Work Sable Computers Inc., dba KIS, 4. Exhibit B Sole Source Sole Brand Justification, 5. Completed Board Order, 6. Fully Executed Agreement between the County of Monterey and Sable Computers, Inc., dba KIS

Title

a. Approve and authorize the Contracts Purchasing Officer to execute, on behalf of the County of Monterey, Information Technology Department, a standard agreement with Sable Computers Inc., dba KIS, for the purchase of licenses, support and maintenance for Carbon Black, a threat detection and response platform, in the total amount of $285,039.00 for the three-year period of July 1, 2016 through June 30, 2019; and

b. Authorize the Contracts Purchasing Officer to sign purchase orders on an as-needed basis as recommended by the Director of Information Technology.

Report

RECOMMENDATION:

It is recommended that the Board of Supervisors:

a.                     Approve and authorize the Contracts Purchasing Officer to execute, on behalf of the County of Monterey, Information Technology Department, a standard agreement with Sable Computers Inc., dba KIS, for the purchase of licenses, support and maintenance for Carbon Black, a threat detection and response platform, in the total amount of $285,039.00 for the three-year period of July 1, 2016 through June 30, 2019; and

b.                     Authorize the Contracts Purchasing Officer to sign purchase orders on an as-needed basis as recommended by the Director of Information Technology.

 

SUMMARY/DISCUSSION:

The County Information Security Team, within the Information Technology Department, is continually working to actively defend the security of the County’s network. A significant portion of the security team’s work is responding to information security incidents.  This includes the containment and eradication of malware and ransomware.  Because a large amount of today’s malware bypasses traditional anti-virus solutions, the Information Technology (IT) Security Staff have recommended that Carbon Black be added to the County’s security resources.

 

Carbon Black is an “endpoint” (workstations, computers, laptops, and other mobile devices) threat detection and response platform that enables Security Operations Centers and Incident Response Teams to prepare for a data breach through continuous endpoint recording, customized detection, live response, instantaneous isolation, remediation, and threat banning. Carbon Black makes threats easier to see and faster to stop by empowering security and incident response teams to arm their endpoints more effectively.  These capabilities do not exist currently with the County’s existing tools.

 

Carbon Black underwent a one-month proof-of-concept trial on County workstations, and the results were very successful. Information Security Officers from each County department were impressed with its capabilities, including the ability for Information Security to respond to an endpoint incident more quickly and contain and isolate the system instantly.  This equates to more quickly halting the spread of malware and containing its damage, thereby decreasing the downtime of County business.

 

Carbon Black is the number one endpoint detection and response solution according to a recent SANS survey of security incident response professionals. The SANS Institute is the primary resource for the County of Monterey’s Information Technology Security Team for resources and training.

 

The Carbon Black solution will be provided through an authorized value added reseller (VAR), KIS.  KIS is recommended because it offered the lowest price quote for the software and because it agreed to the County’s standard contract terms.

 

OTHER AGENCY INVOLVEMENT:

County Counsel has reviewed and approved the Agreement with KIS for purchase of the Carbon Black product as to form.  This is a sole source contract in that Carbon Black offers security capabilities that are not available in any other security product.  Purchase of Carbon Black on a sole source basis has been approved by the Contracts/Purchasing Department.

 

FINANCING:

The funds for payment of this Agreement have been included in the FY 2016-17 Recommended Budget for the Information Technology Department, ITD 1930, Unit 8437, Appropriations Unit INF002.  Transactions relating to future fiscal years will be included in each respective Recommended Budget.  Should funding be reduced and/or terminated, the County may terminate this agreement by giving thirty (30) days written notice of such action to the Contractor.

 

Prepared by: Elizabeth Crooke, Management Analyst III, 755-5108

 

Approved by: Dianah Neff, Director of Information Technology, 759-6923

 

 

___________________________________________                  _______________

Dianah Neff, Director of Information Technology                                      Date

 

Attachments:

 

Agreement

Exhibit A Scope of Work

Exhibit B Sole Source Sole Brand Justification