DAMBALLA FAILSAFE SECURITY SOLUTION

Trade Agreement: NONE
Tendering Procedures: Generally only one firm has been invited
to bid
Attachment: None
Non-Competitive Procurement Strategy: Exclusive Rights
Comprehensive Land Claim Agreement: No
Vendor Name and Address: 
Conexsys Communications Limited
6715 Millcreek Drive
Unit 5 & 6
Mississauga Ontario
Canada
L5N5V2
Nature of Requirements: 
Damballa Failsafe Security Solution
W7714-125679/A
Lessard, Peter
Telephone No. - (819) 956-5846
Fax No. - (819) 953-3703

REQUIREMENT:

Defence Research Development Canada (DRDC) has a requirement for
the provision of goods as specified under "Background" below.
The purpose of this Advance Contract Award Notice (ACAN) is to
signal the government's intention to award a contract for these
goods to Conexsys Communications Limited of Mississauga,
Ontario. Before awarding a contract, however, the government
would like to provide otherv suppliers with the opportunity to
demonstrate that they are capable of satisfying the requirements
set out in this Notice, by submitting a statement of
capabilities during the 15 calendar day posting period. 

If other potential suppliers submit a statement of capabilities
during the 15 calendar day posting period that meet the
requirements set out in the ACAN, the government will proceed to
a full tendering process on either the government's electronic
tendering service or through traditional means, in order to
award the contract.

If no other supplier submits, on or before the closing date, a
statement of capabilities meeting the requirements set out in
the ACAN, a contract will be awarded to the pre-selected
supplier.

BACKGROUND:

Defence Research Development Canada is seeking to enhance its
Network Security specifically in regards to malware and
persistent threat detection. DRDC believes that the most
efficient method to provide this detection is through hardware
appliances designed specifically for detection of malware and
persistent threats. 

Public Works and Government Services Canada, on behalf of its
Client, DRDC, intends to enter into a sole source contract with
Conexsys Communications Limited for the purpose of procurement
of the following:

Initial Requirement

1)	1 Damballa Failsafe Security Solution - 2,501 - 5,000
2)	1 Damballa G2 Management Console - Lease
3)	7 Damballa G2 Sensor - Lease

 
MINIMUM ESSENTIAL REQUIREMENTS

Any interested supplier must demonstrate by way of a statement
of capabilities that it meets all of the mandatory requirements
at Annex A

JUSTIFICATION FOR THE PRE-SELECTED SUPPLIER 

The reasons for single tendering are described at Annex A.

Section 6 of the Government Contract Regulations is being
invoked in this procurement as only one person or firm is
capable of performing the contract.

Articles 506.12(a) and 506.12(b) of AIT are applicable on the
basis of limited tendering due to compatibility with existing
products, to recognize exclusive rights, such as exclusive
licenses, copyright and patent rights, or to maintain
specialized products that must be maintained by the manufacturer
or its representative, and when there is an absence of
competition for technical reasons and the goods or services can
be supplied only by a particular supplier and no alternative or
substitute exists, respectively.

Articles 1016.2(b) and 1016.2(d) of NAFTA are applicable on the
basis of limited tendering due to reasons where, for works of
art, or for reasons connected with the protection of patents,
copyrights or other exclusive rights, or proprietary information
or where there is an absence of competition for technical
reasons, the goods or services can be supplied only by a
particular supplier and no reasonable alternative or substitute
exists, for additional deliveries by the original supplier that
are intended either as replacement parts or continuing services
for existing supplies, services or installations, or as the
extension of existing supplies, services or installations, where
a change of supplier would compel the entity to procure
equipment or services not meeting requirements of inter
changeability with already existing equipment or services,
including software to the extent that the initial procurement of
the software was covered by this Chapter, respectively.

PERIOD OF CONTRACT

The proposed contract is for the purchase a Damballa Failsafe
Security Solution including associated maintenance and support
services for a period of one (1) year from date of Contract
Award.  

The solution will be delivered within 10 days of any resulting
contract.

CLOSING DATE AND TIME FOR WRITTEN SUPPLIER RESPONSES CHALLENGING
THIS REQUIREMENT IS 2:00 p.m. EST, 28 MARCH 2012.


ANNEX A

The reasons for sole source justification for the required
malware and persistent threats Solution are detailed below. DRDC
requires the solution to be compliant with the following
functionalities:

1.) The product must detect suspicious files (potential malware)
entering the network, and analyze them to determine whether they
are malicious. 

   a. Analysis must be configurable so that either it happens
automatically, or files can be chosen for analysis.

   b. Analysis must be done using cloud-based systems instead of
equipment on customer premises (in order to avoid scalability
issues).

   c. Analysis must not be done using only virtualized systems
(in order to avoid difficulties related to the combinatorial
explosion of software packages and versions, and the complexity
of upgrading multiple virtual configurations).

2.) The product must detect infected systems based on their
attempts to communicate with malicious domains.

3.) The threat intelligence used to recognize malicious domains
must not be based on a simple "trusted source" list but rather
on a reputational system derived from analysis of global DNS
activity and updated continuously.

4.) The product must detect the use of Domain Generation
Algorithms (which get around blacklisting) by observing DNS
queries.

5.) Analysis must be domain-based, rather than IP-based (in
order to increase accuracy and avoid false positives).

6.) The product must, whenever possible, identify the specific
criminal operator groups that are related to the infections
discovered on machines in the network.
7.) The product must operate out-of-line with respect to normal
traffic flow within the network, so that there are no issues
related to latency or single points of failure.

8.) The product must be able to mitigate the threats posed by
infected systems in two ways:

   a. Using TCP resets to block communications with malicious
sites

   b. Spoofing responses from DNS servers so that infected
systems are directed somewhere else, instead    of to malicious
sites.

9.) The product must correlate evidence of infections, and
present it accurately and clearly.  Alerts must NOT be issued
for each piece of evidence observed; they must be issued only
when there is overwhelming evidence of an infection.

10.) The product must record the communications between a
possibly infected machine and the malicious sites that it tries
to communicate with, so that forensic analysis can be done.

11.) Because the threat landscape is constantly changing, the
product must operate based on threat intelligence that is
re-evaluated and updated daily.  In particular, the product
should avoid using simple blacklisting or whitelisting
approaches.

12.) The product must operate using timely and accurate threat
intelligence that is derived from sources including-but going
beyond-analysis of malware samples.  The vendor should have a
proven record of thought leadership in the advanced cyber threat
discipline, and should have a history of publishing new research
and participating in industry research groups and academia.  The
vendor's research methodology must have been proven through
publication in peer-reviewed academic journals.

13.) The product should operate effectively out of the box,
without extensive tuning.


You are hereby notified that the Government intends to solicit a
bid and negotiate with one firm only as identified above.
 
If you wish to submit a written response showing that you are
capable of meeting this requirement, it must be done not later
than the specified closing date and time. The file number,
contracting officer's name, and the closing date of the ACAN
must appear on the outside of the envelope in block letters or,
in the case of a facsimile transmission, on the covering page.
As it is intended to proceed in a timely manner, responses
received after the closing date will not be considered.

Responses received on or before the closing date will be
considered solely for the purpose of deciding whether or not to
conduct a competitive procurement. Information provided will be
used by the Crown for technical evaluation purposes only and is
not to be construed as a competitive solicitation. Your written
response must provide sufficient evidence (e.g. specifications,
technical data, drawings, or any other proof) that clearly
demonstrates that your product or service is capable of
fulfilling this requirement.
Suppliers that have submitted a response will be notified in
writing of PWGSC's decision to continue with the non-competitive
procurement or to compete the requirement.


Delivery Date: Above-mentioned

You are hereby notified that the government intends to negotiate
with one firm only as identified above. Should you have any
questions concerning this requirement, contact the contracting
officer identified above.

An Advance Contract Award Notice (ACAN) allows departments and
agencies to post a notice, for no less than fifteen (15)
calendar days, indicating to the supplier community that it
intends to award a good, service or construction contract to a
pre-identified contractor. If no other supplier submits, on or
before the closing date, a Statement of Capabilities that meets
the requirements set out in the ACAN, the contracting authority
may then proceed with the award.  However, should a Statement of
Capabilities be found to meet the requirements set out in the
ACAN, then the contracting authority will proceed to a full
tendering process.

Suppliers who consider themselves fully qualified and available
to provide the services/goods described herein, may submit a
statement of capabilities in writing to the contact person
identified in this Notice on or before the closing date of this
Notice. The statement of capabilities must clearly demonstrate
how the supplier meets the advertised requirements.

The PWGSC file number, the contracting officer's name and the
closing date of the ACAN must appear on the outside of the
envelope in block letters or, in the case of a facsimile
transmission, on the covering page.

The Crown retains the right to negotiate with suppliers on any
procurement.

Documents may be submitted in either official language of Canada.