OAGITM Members: FYI - - if you're interested - - please take advantage of this aggregate buy opportunity. Regards, Theresa A. Masse State Chief Information Security Officer Department of Administrative Services Enterprise Security Office 503-378-4896 Data Classification 2 - Limited Confidentiality Notice: This message, including any attachments or links, may contain privileged, confidential and/or legally protected information. Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to this message and then delete all copies of the original communication, including any attachments and/or links. From: Julie Evans [mailto:Julie.Evans@xxxxxxxxxxxxxx] Sent: Monday, April 30, 2012 11:43 AM To: Julie Evans Cc: Christina Carr Subject: MS- ISAC Aggregate Procurement Opportunity: Secunia Corporate Software Inspector (CSI) Hello all MS-ISAC Members and interested partners: Just a reminder about the current aggregate procurement window that is open from April 1 - June 1, 2012 for Secunia's Corporate Software Inspector (CSI 5.0), an authenticated vulnerability and patch scanner which identifies installed programs and missing security patches and integrates with Microsoft WSUS & SCCM for deployment of 3rd party updates. It works for Microsoft and Apple Mac operating systems. If you missed the webcasts and need more information about CSI 5.0, please contact us (either Ryan Spelman or Christina Carr at CIS/MS-ISAC, 518-266-3460 or email contact@xxxxxxxxxxxxxx). We can email a portion of the webcast as needed. Additionally, Secunia will provide one-on-one sessions with those that need more information. I have included my original email below that contains details and pricing. Also attached is a FAQ to assist in answering some questions that you may have. One update regarding the pilot program that Secunia is offering for a free trial through June 1: Although Secunia would like to publish your pilot as a case reference and quote a testimonial from you, this is not required. For more information about the pilot program (POC), see the attached brochure or contact Meaghan McKeown at mmckeown@xxxxxxxxxxxx We need to reach commitment (via a Letter of Intent) for 250,000 hosts by June 1, 2012 in order for this aggregate procurement to proceed. After that entities will have from June 1 until July 31, 2012 to process their payment/PO. CIS/MS-ISAC will act a reseller for Secunia so payment will be to CIS but the license agreement will be with Secunia. If you have any other questions about this procurement, feel free to contact Ryan Spelman or Christina Carr at CIS/MS-ISAC, 518-266-3460 or email contact@xxxxxxxxxxxxxxx Julie Evans, CISA, CISM Center for Internet Security Chief Operating Officer 31 Tech Valley Drive, Suite 2 East Greenbush, NY 12061 (518) 266-3460 Julie.evans@xxxxxxxxxxxxxx From: Julie Evans <julie.evans@xxxxxxxxxx> Date: Fri, 30 Mar 2012 16:19:52 -0400 To: Julie Evans <Julie.Evans@xxxxxxxxxxxxxx> Subject: MS- ISAC Aggregate Procurement Opportunity: Secunia Corporate Software Inspector (CSI) Hello all MS-ISAC Members: As discussed on the last two monthly webcasts/calls, the MS-ISAC and Secunia have a new partnership agreement which will offer aggregate purchasing opportunities for all state, local, territory and tribal entities during 2012. MS-ISAC can aggregate purchases of all members to obtain the following volume discounted prices: * Secunia's Corporate Software Inspector (CSI 5.0) (an authenticated vulnerability and patch scanner which identifies installed programs and missing security patches; it integrates with Microsoft WSUS & SCCM for deployment of 3rd party updates. Works for Microsoft and Apple Mac operating systems.) * Discounted pricing: $10.25 - $11.25 depending upon number of hosts * 0-29,999 Hosts = $11.25 per host for 3 year license * 30-59,999 Hosts = $10.75 per host for 3 year license * 60,000+ Hosts = $10.25 per host for 3 year license * Extended license period will be earned if the total aggregate number of hosts exceeds 500,000 500,000-999,999 total Hosts: 3 1/2 year license 1,000,000+ total Hosts: 4 year license There is a minimum volume (250,000 host licenses) that we must reach in the aggregate to receive these prices, so we need to spread the word. In order to do that, we are offering a number of ways for MS-ISAC members to share this information: 1. The Feb. 28th special webcast held after the MS-ISAC monthly webcast/call with detailed information regarding this opportunity will be repeated on: April 4th 4pm ET and again on April 11th 10:30am. MS-ISAC members are encouraged to invite state agencies, local governments and educational institutions to these sessions. 2. If folks cannot make either webcast, a pre-recorded presentation by Secunia regarding the Corporate Software Inspector product is available at: https://ca.secunia.com/SCF14cniBcpaP73DEc5M/Secunia-MSISAC-Presentation. zip (123MB). 3. Members are welcome to forward this message or cut and paste from it as well. This is a time limited aggregate opportunity. There is a 60 day aggregate commitment window from April 1 - June 1, 2012 during which time each purchasing state, local, territory or related entity must submit a letter of intent to CIS/MS-ISAC at contact@xxxxxxxxxxxxxx or fax to 518-283-3216. Letters of Intent should include: * Number of host licenses to be purchased * Name and contact information (address, email, phone) for the main technical contact * Name and contact information (address, email, phone) for the billing contact * Form of payment that will be used (PO, check, credit card) * Signed by authorized purchaser Purchasing entities will have from June 1 until July 31, 2012 to process their payment/PO. CIS/MS-ISAC will act a reseller for Secunia so payment will be to CIS but the license agreement will be with Secunia. If we do not reach the 250,000 minimum by June 1, 2012, the procurement will not proceed. You can purchase the product in two ways - group with MS-ISAC or purchase individually: If purchased as a group with MS-ISAC, you have the option to allow MS-ISAC to see your data: * If MS-ISAC is allowed to see your data, the MS-ISAC can send you targeted advisories for software that is running on your system * If a new vulnerability is found on a piece of software running on your environment, MS-ISAC can also offer you workarounds and alternatives * You can be notified on APT like activities by performing md5 comparison on malware that is used in previous but not public attacks. (mostly ongoing law enforcement cases) * It would allow MS-ISAC to get an accurate software inventory of all participating states resulting in more group buy opportunities If individual purchase is made: * Still benefit from the group buy * Cannot benefit from the targeted advisories or other customized services More Information: Secunia has set up a webpage with links to information about the Corporate Software Inspector (CSI) product at: http://secunia.com/ms-isac. Additionally, Secunia will answer all technical questions within one business day - email your questions to isacsupport@xxxxxxxxxxxx Secunia is offering a pilot program where you can get up to a 60 day free trial. During the trial, everything from set-up to operations will be implemented for you. In return, Secunia is asking you to agree to allow them publish the pilot as a case reference and quote a testimonial from you. For more information about the pilot program (POC), see the attached brochure. If you are interested, contact Meaghan McKeown at mmckeown@xxxxxxxxxxxx Feel free to forward this email, as is or in your own format, to your state agencies, local governments, educational institutions and other government related partners for their information and potential participation. If you have any other questions about this procurement, feel free to contact Ryan Spelman or Christina Carr at CIS/MS-ISAC, 518-266-3460 or email contact@xxxxxxxxxxxxxxx Julie Evans, CISA, CISM Center for Internet Security Chief Operating Officer 31 Tech Valley Drive, Suite 2 East Greenbush, NY 12061 (518) 266-3460 This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.