Request for proposal for Supply, Implementation and

Maintenance of SaaS based Web Security Solution for

PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
Clause in RFP
Sr
Clause in RFP Clarifications/ Changes made
No.
[A] Important Dates: [A] Important Dates:

Last Date of Submission of RFP Last Date of Submission of RFP

Response (Closing Date) Response (Closing Date)
1 03:00 PM on 04-04-2022 03:00 PM on 18-04-2022

Eligibility and Technical Bid Opening
Date
03:30 PM on 04-04-2022
Annexure 02 - Evaluation Terms
Eligibility cum Technical Bid
B. Financial
Eligibility and Technical Bid Opening
Date
03:30 PM on 18-04-2022
Annexure 02 - Evaluation Terms
Eligibility cum Technical Bid
B. Financial

The OSD must have registered
average annual turnover of Rs. 100
Crores or above (from Indian
Operations only) during the last three
2 completed financial years – 2018-19,
2019-20 and 2020-21* (Not inclusive of
the turnover of associate companies)
The OSD must have registered average
annual turnover of Rs. 100 Crores or
above (from Indian Operations only)
during the last three completed financial
years – 2018-19, 2019-20 and 2020-21*
(Not inclusive of the turnover of
associate companies)

The OSD must be net profit (after tax) The OSD must be net profit (after tax)
making entity (from Indian operations making entity (from Indian operations
only) continuously for the last three only) continuously for the last three
completed financial years – 2018-19, completed financial years – 2018-19,
2019-20 and 2020-21 2019-20 and 2020-21
Annexure 02 - Evaluation Terms Annexure 02 - Evaluation Terms
Eligibility cum Technical Bid Eligibility cum Technical Bid
A. General A. General
3
Bidder should have received ISO 9001 OEM/OSD should have received ISO
27001
Annexure 02 - Evaluation Terms Annexure 02 - Evaluation Terms
B. Technical Bid Evaluation B. Technical Bid Evaluation
** Implemented for Banking / PSU/ ** Implemented for Banking / PSU/ Gov.
Gov. Organization/Financial Institute Organization/Financial Institute/Pvt Co.
4
Clients in India. Copies of Work order / Clients in India. Copies of Work order /
client reference to be provided. client reference to be provided.
Documentary proof for go live of Documentary proof for go live of
implementation to be provided. implementation to be provided.
Annexure 13–Service Levels Annexure 13–Service Levels
Penalty at an incremental rate of 10% Penalty at an incremental rate of 5% of
of cost of monthly subscription charges cost of monthly subscription charges for
5 for every 0.1% lower than the every 0.1% lower than the stipulated
stipulated uptime. uptime.
The SLA charges will be subject to an The SLA charges will be subject to an
overall cap of 10% of the Monthly overall cap of 5% of the Monthly

Bank of Baroda Confidential Page 1 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
Sr
Clause in RFP Clarifications/ Changes made
No.
subscription Charges and thereafter, subscription Charges and thereafter,
Bank has the discretion to cancel the Bank has the discretion to cancel the
contract. contract.
Annexure 02 - Evaluation Terms Annexure 02 - Evaluation Terms
B. Technical Bid Evaluation B. Technical Bid Evaluation
Number of implementations carried out Number of implementations carried out
6 (in the last 3 years starting from date of (in the last 3 years starting from date of
RFP) ** RFP) **

For each Implementation 3 marks -- For each Implementation 5 marks --

Maximum 15 Marks Maximum 15 Marks
Annexure 02 - Evaluation Terms Annexure 02 - Evaluation Terms
Eligibility cum Technical Bid Eligibility cum Technical Bid
C. Experience and Support C. Experience and Support
Infrastructure Infrastructure
1. The bidder should have supplied 1. The bidder should have supplied and
and implemented SaaS based Web implemented SaaS based Web Security
7
Security Solution for minimum 1,000 Solution for minimum 1,000 PCs along
PCs along with operational support & with operational support & maintenance
maintenance in at least one in at least one commercial bank/
commercial bank/ Financial Institutions Financial Institutions / Govt.
/ Govt. Organizations in India in last 3 Organizations / Pvt Organization in
years (as on RFP date) India in last 3 years (as on RFP date)
Annexure 02 - Evaluation Terms Annexure 02 - Evaluation Terms
Eligibility cum Technical Bid Eligibility cum Technical Bid
C. Experience and Support C. Experience and Support
Infrastructure Infrastructure
2. The proposed OSD’s SaaS based 2. The proposed OSD’s SaaS based
Web Security Solution should be Web Security Solution should be
8 successfully implemented in minimum successfully implemented in minimum
two organization for a minimum 1,500 two organization for a minimum 1,500
PCs for each organization in PCs for each organization in
Commercial Banks / Financial Commercial Banks / Financial
Institutions / Govt. Organizations in Institutions / Govt. Organizations / Pvt
India in last 3 years (as on RFP date) Organization in India in last 3 years (as
on RFP date)
Anexure 10 | Letter of Undertaking Anexure 10 | Letter of Undertaking
from OEM from OEM
We ………………………… (Name of We ………………………… (Name of
the OSD / OEM) who are established the OSD / OEM) who are established
and reputable manufacturers / and reputable manufacturers /
developers of ………………………… developers of …………………………
9
having factories at ………, ……… and having development centers at
…………… do hereby authorize M/s ………, ……… and …………… do
……………………… (who is the Bidder hereby authorize M/s
submitting its bid pursuant to the ……………………… (who is the Bidder
Request for Proposal issued by the submitting its bid pursuant to the
Bank) to submit a Bid and negotiate Request for Proposal issued by the

Bank of Baroda Confidential Page 2 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
Sr
Clause in RFP Clarifications/ Changes made
No.
and conclude a contract with you for Bank) to submit a Bid and negotiate and
supply of conclude a contract with you for supply
………………………………………… of …………………………………………
Annexure 15 – Commercial Bid Annexure 15 – Commercial Bid
Annexure 14 – Masked Commercial Annexure 14 – Masked Commercial
Bid Bid
*Number of Agents in the contract *The qty (Number of Agents) mentioned
period is indicative maximum for are approximate & tentative in nature
10 calculation purpose. Actual utilization which will be considered for arriving at
may vary as per the requirement. TCO for all evaluation purposes.
Payment for the subscription cost will However, Bank may or may not order
be done on actual utilization basis, any no. of these quantities during the
based on the unit cost provided by the tenure of the Contract Period at its own
bidder discretion.
All other Terms & Conditions are same as per our RFP No. BCC:IT:PROC:114:07 dated
07-03-2022 for Supply, Implementation and Maintenance of SaaS based Web Security
Solution for PCs for a period of 5 Years.

Bank of Baroda Confidential Page 3 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
Annexure 12 – Project Details (Scope of Work)

REQUIREMENT BACKGROUND
Bank of Baroda has several branch offices for their existing customers, distributed across
multiple states in India. For each of these branch offices corporate endpoint assets are
provided to the bank employees for performing activities related to daily business
operations.
Now, Bank envisages to have computers (desktops) in each of these mentioned branch
offices with dedicated internet connectivity from the locally available service providers
which is different from the currently provided connectivity to datacenter. Although these
desktops will be used by the bank employees but these will not be a part of the existing
corporate domain polices, hence the bank will be having limited security controls that can
be applied and enforced.
The objective is to implement a SaaS based proxy solution to protect these endpoints
from any potential web threats such as anonymous proxy, botnets and other web-based
attacks that enables the bank to focus on strategic security, such as policy and
architecture, rather than on the operational tasks of managing network infrastructure.
BRIEF SCOPE OF WORK
The solution should be completely cloud managed and should work independently without
dependency on any third party or existing in use endpoint and network system/solution
available with the bank. The solution should work with single agent installation for all the
functionality & should consume low resources of endpoint devices. The solution should
support & work with MS windows client OS (Windows 10) & MAC OS. The solution should
be managed from single console / dashboard.
The SoW includes (but not limited to) the tasks overview to establish protection that is
best for banks environment as mentioned here:
 Availability of valid feature licenses of the proposed SaaS based proxy solution.
 Provisioning of cloud based proxy and configure / set up the access rules as desired
by the Bank.
 Install and maintain the agent on compatible desktop platforms enforcing internet
usage policies.
 For traffic forwarding using PAC file, testing connectivity to the cloud service.
 Solution deployment to be tested for full functionality, performance, and security
compliance on a few selected endpoints during the install phase before rolling out into
production. The full testing will be based on the mutually agreed test criteria.
 Software packages to be offered should be legally valid, licensed and latest version
along with the complete set of manuals along with the media.
 Solution to be deployed and configured as per best recommendation practices.
 Any performance issue observed during deployment/implementation or new feature
requests shall be treated as a regular incident and will be subject to OEM’s support
review and assistance.
 Handover to Bank/Managed Service Provider (MSP) with full functionality and
technical knowledge transfer to Bank & MSP
IMPLEMENTATION SCOPE OF BIDDER
This section of document describes the overall work that has to be done in regards to the
deployment and implementation of cloud proxy solution in the bank’s environment.
 The selected Bidder shall be required to understand the solution and based on this
understanding and the requirements specified in the RFP, shall propose and submit

Bank of Baroda Confidential Page 4 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
the approach document explaining in detail the entire architecture (physical and
logical) of the solution, its integration with the other solutions of the Bank,
management & monitoring of the solution, and project plan (including the transition
plan with timelines).
 The Bidder shall be responsible for configuration and testing of the cloud proxy
solution in the branch office locations identified by the bank.
 The Bidder shall ensure that during various phases of implementation of the solution
and during the contract period, the performance, security, etc. of the existing
setup/network shall not be compromised.
 The Bidder shall be responsible for preparation and updating (periodically or as and
when there are considerable changes) of all the documents pertaining to the Solution
including (but not limited to) the following:
 Logical and physical architecture of the solution
 Low & High-Level Design
 Standard Operating Procedure (SOP) for various activities pertaining to the
management and configuration of the Solution
 User and Administrator Guide/manual
 The bidder shall commence the implementation of the solution only after the
acceptance of the proposal by the Bank.
IMPLEMENTATION STEPS
Following are the procedural steps to be followed for the easy implementation and
maximize the overall solution efficacy (but not limited to):
1. Verify if customer already has an account, else if needed create one for the proxy
deployment project.
2. Provisioning of the SaaS service with the procured cloud proxy feature licenses.
3. Identify the internet gateway public IP address to verify that traffic forwarded by users
to cloud is from customer's network.
4. Creation of hosted users (username & password) required for accessing internet via
the cloud proxy service.
5. Create access policies to filter traffic as per banks requirement and best practices
recommended by OEM.
6. Verification of compatible platforms mentioned on the OEM’s official documentation
portal.
7. Download the agent from the SaaS management console and install as per the
feasible local deployment methods.
8. Verify the working status of agent by:
 Icon in the system tray
 Agent's services are in started state

9. Test the connectivity and created policies by generating traffic from endpoints with
functional agents.
10. Monitor the console dashboard / access logs to verify web traffic status.
11. Confirm and validate the agent connectivity / filtering with the policy configurations.
12. Fine tune the configuration if required as based on above monitoring status.
13. Perform any additional integration task (ex. with SIEM) if required by the bank.
14. Generate / Schedule internet activity reports as per the bank’s requirement.

Bank of Baroda Confidential Page 5 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
BANK’S PROJECT TECHNICAL AND FUNCTIONAL REQUIREMENTS
Functional & technical scoring will be evaluated on following criteria as part of technical
evaluation
 Requirement available as part of solution (RA) – 2 Marks
 Requirement will be provided as customization (RC) – 1.5 Marks
 Requirement is feasible and to be developed (RD) – 1 Mark
Total Marking will proportionate to 50 marks and accordingly bidders “Product Demo”
marks will be calculated.
S. General Requirement Marking Bidders
No as per Remarks
RA/ RC/
RD
1 The proposed solution must provide protection
against full scope of web threats by having advanced
threat protection capabilities including anti-malware
with machine learning, web reputation, URL filtering,
application visibility and control and HTTP's
decryption to deploy gateways in the cloud—
protecting users no matter where they are.
2 The proposed solution must have a single,
centralized cloud-based management console to
define centralized policies across cloud-based
deployment instances to monitor web use in real time.
The management of policy shall be performed via
GUI based management console must not be
performed as command-line based tools (e.g. CLI,
SSH).
3 The proposed solution must not be declared End of
Life (EoL) or End of Support (EoS) for a period of 5
years from the date of commissioning of the solution.
In case, OEM declares their product’s end of life
during the contract period, Bidder should provide
upgraded version of the products without any
additional cost to the Bank.
4 The solution should be a dedicated web gateway
solution and should have capability from day 1 for
advanced L7 firewall for application filtering, IPS,
Anti-virus, anti-malware and zero-day attack
prevention
5 Solution shall not be a hardware appliance-based
offering.
6 The solution shall support mobile devices iOS,
Android, Windows, Mac OS, Chrome, Red Hat
Enterprise Linux, Ubuntu) to forward web traffic
from these devices to provide web protection.
7 6 The solution must support web filtering of roaming
endpoints / users which are not connected to
corporate network.
8 7 The solution should have security filtering engines
and technologies to provide customizable policies for

Bank of Baroda Confidential Page 6 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
scanning web traffic and protect your network from
advanced persistent threats and emerging unknown
threats.
98 The proposed solution shall provide an
agent/agentless option for client machines that
enforce the use of PAC file or dedicated end point
agent for traffic forwarding and automatically
deploying certificate to the supported browsers.
Agent must be supported for the below operating
systems: Microsoft Windows, Apple mac OS,
Android. The agent on the client machines should be
tamperproof and the agent on the client machines
should requires a password to prevent unauthorized
uninstallation of the agent.
10 The solution should work with the local breakout of
9 internet i.e. centralization of internet must not be a
prerequisite.
11 The solution should be capable to understand
10 Applications filter. irrespective of any ports/
protocols.
12 The solution should support custom application
signature for Bank's home-grown apps based on
port-protocol and matching data patterns
13 The solution should have local India region
gateways from day 1. However, since Bank of
Baroda has global presence, the same solution
should be upgradable, to cover locations across
18+ countries with local web content delivery, if
required in future.
14 The solution / cloud service should provide a
monthly uptime SLA of 99.999%. Bidder should
provide a link to public document from OEM
which confirms these SLAs.
15 The cloud web security solution should provide
an hourly Security Processing Latency of 10ms
with an SLA of 99.99%. Bidder should provide a
link to public document from OEM which
confirms these SLAs.
16 The solution should have flexibility to add native
11 Digital Experience Management integrated with
the same endpoint agent (for proxy) and same
management console. The Bank should be able to
add the same, if required in future, with just an
addition of a new subscription.
17 Solution should have Microsoft Networking
Partners Program (NPP) Certification to provide a
direct, efficient path for their users to Microsoft
365 products, ensuring an optimal user
experience in accordance with Microsoft
connectivity principles.

Bank of Baroda Confidential Page 7 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
18 Solution should have Daily Third-Party SaaS
Application Latency for APAC of max 75ms for
99.99% for applications like- Microsoft O365,
Google G Suite, Salesforce, Box and Slack.
Bidder should provide a link to public document
from OEM which confirms these SLAs.
19 The proposed solution provider must have cloud
service hosted in different geographical locations
with data centre’s based out of India region from
day1. Bank of Baroda has global presence,
hence, the same solution should be upgradable,
to cover locations across 70+ countries with local
web content delivery, if required in future.
20 The cloud security solution should be SOC2 Type II
12 certified.
21 The proposed solution shall support multiple
13 methods for traffic forwarding that includes:
• Direct Proxy Setup
• PAC files
• Port Forwarding
• Mobile VPN
22 The solution proxy shall have the capability to be
14 deployed via PAC or Direct Proxy FQDN.
23 The solution should have complete license for web
15 security, Antivirus, SSL, and content inspection. The
Solution should intercept user requests for web
destinations HTTP, HTTPs, HTTP2 for web
security and in-line AV scanning for FTP, IMAP,
POP3, SMTP and SMB protocols
24 The proposed solution shall be capable of decrypting
16 HTTPS traffic.
25 The solution shall be capable to setup policy to
17 decrypt HTTPS traffic by web category.
26 The solution shall be able to create multiple
18 decryption rules and to prioritize them to determine
which decryption rules take precedence when
applied.
27 The solution should provide an exception list to let
19 administrators add specific pages, links, or
subdomains they do not want to tunnel within the
trusted domains.
28 The solution shall be capable to support multiple root
20 CA for HTTPS decryption as defined in policies.
29 The solution shall be capability to import intermediate
21 root CA for HTTPS decryptions
30 Solution shall be capable to have action while a
server CA failed in validation. Failed case must
include non-trust CA, expired CA. Action must
include Block, Allow.

Bank of Baroda Confidential Page 8 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
31 The solution should allow administrators to maintain
22 a list of trusted domains or URLs, who’s HTTPS traffic
will not be subject to policy rules, and always be
accessible by end users without being decrypted and
inspected.
32 The solution shall be capable of taking action while a
23 server CA failed in validation.
• The failed cases must include non-trusted CA and
expired CA.
• The actions must include choices for Block, Allow.
33 The solution should support SSL decryption for O365
24 web applications for granular control and threat
inspection
34 The solution shall be able to log the main domain of
25 auto-tunnelled website.
35 The proposed solution shall be capable to support
26 below protocol/method for user authentication
• Captive Portal
• Guest Logon
• SAML Based auth/ LDAP/ Local Database
36 Solution must have User Posture Assessment
built in which can perform Certificate check,
Domain check, AV agent check, BOB Custom
apps check, Patch management check, process
and registry check on endpoints
37 The solution shall have the capability to setup policy
27 based on:
• (Directory/Domain) user or group
• Traffic type (URL filtering category, Application
Control)
• File type (MIME, True File type, or File name)
• Scheduled date/time
• Action: Block and Allow
38 The solution shall be able to setup custom
28 categories as defined by domains or URLs for policy
configuration.
39 The solution must support URL filtering to restrict
29 users accessing by web categories
40 Proposed solution shall be application based and
not port-based and protocol based.
41 The solution must support at least 70+ pre-defined
30 web categories for URL filtering, and allow for adding
customized categories.
42 The solution must support "application control" to
31 restrict user access, known Internet applications.
43 The solution should support public cloud access and
32 DC corporate application access using single
management, configuration and reporting console
and single agent for endpoints, whenever required in
future, with just a license/subscription upgrade

Bank of Baroda Confidential Page 9 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
without the need of any additional/ separate VPN
solution
44 The solution should support bi-directional
communication for accessing the resources. For
e.g.- branch to branch, branch to DC/DR, DC/DR
to branch, branch to mobile users, mobile users
to mobile users, mobile users to branch, mobile
users to DC/DR, DC/DR to mobile users, DC to DR,
DR to DC etc.
45 Solution must protect user credentials by
preventing employees to submit their corporate
credentials to any unauthorised websites based
on URL categories. This functionality should be
inline without any need of 3rd party service or
agent
46 The solution must support ""application control""
33 through user/group-based policies with actions. The
policy actions must include Block, Warning,
Allow, and Continue options.
47 The solution must have out-of-box security templates
34 that contain configurable threat protection that are
used in creating access rules.
48 Solution shall be capable of detecting botnets through
35 as identified by URL and IP.
49 The solution shall be capable of detecting malicious
36 websites by the rating scores through some type of
Web Reputation Services.
50 Solution shall be capable of blocking malicious
37 websites by "web category".
• Minimum requirement of category must include:
Porn/Adult/Nudity, Terrorism, Command and control,
Phishing, Malware, peer-to-peer, newly registered
domains, crypto currency, high-risk, medium-risk and
low risk.
51 The solution shall be able to detect and block
38 content by MIME type, as well as true file type:
• Must support user-based, as well as group-based
policies.
• Must support actions by policy.
• Must support major below true file type like
documents, images, exe, compressed files, audio
video files etc. : EPS, CHM, GZ, RAR, SIT, TAR,
ZIP, FLV, M4A, MID, MOV, MP4, MP3, RA/RM,
SWF, AVI, COM, DLL, EXE, LNK, MSI, BMP, GIF,
JPEG, PNG, PSD, TIF, DOC/X, PDF, PPT/X, XLS/X

DISASTER RECOVERY MECHANISM

The proposed solution must be capable of and compatible for Disaster Recovery
Implementation. The successful bidder should describe the provisions for disaster
recovery and show that the proposed solution facilitates disaster recovery.

Bank of Baroda Confidential Page 10 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
52 The cloud sandboxing shall be capable to detect
39 malware with following File sizes:
PE/ Executables - upto 15 MB,
APK upto 10MB,
PDF - upto 3 MB,
MS office - uptp 16 MB,
JAR/Flash - 5MB,
Archive file upto 50 MB
53 The solution must use advanced machine learning,
40 static, dynamic and bare metal analysis in the cloud
sandboxing environment to detect emerging
unknown security risks and prevent the threat from
continuing to spread across your network
54 The solution shall be capable to detect exploitable
41 documents.
• The supported file types must include Microsoft
Office documents and PDF file.
• All critical CVE based exploits on these files must be
detected
55 The solution should have capabilities to inspect
42 malware embedded in PDF, word, PPT files.
56 The solution must support different types of
43 compression algorithms and scan nested
compressed files.
57 DNS Based attacks of following types should be
covered for protection
- Domain Generation Algorithm (DGA)
- Dictionary DGA
- DNS Tunnelling
- Ultra-Slow DNS Tunnelling
- Dangling DNS Attacks
- Malicious Newly Registered Domains (NRD)
- Ultra-Slow DNS Tunnelling
- Fast Flux Domains
58 Cloud sandboxing for zero-day attack prevention
44 should be supported for following file types
- Android application package (APK) files
- Adobe Flash files
- Java Archive (JAR) files
- Microsoft Office files
- Portable executable (PE) files
- Links contained in emails
- Mac OS X files
- Linux (ELF) files
- Archive (RAR and 7-Zip) files
- Script (BAT, JS, VBS, PS1, Shell script, and HTA)
files
Please mentions if there are any exclusions
59 The solution should have efficient anti-malware
45 engines

Bank of Baroda Confidential Page 11 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
60 The solution should be capable of providing AV and
46 Sandboxing capabilities for all traffic (all ports /
protocols, Web & Non-Web, Non-standard ports
etc.) and all destinations (Data Centre, Public Cloud,
SaaS, Internet)
61 Av and Malware signatures should not be limited to
47 hash-based signatures. Solution should support
payload-based signatures
62 All threat prevention services - AV, IPS, URL filtering,
48 Sandboxing, DNS security should be from the OEM
itself proposing this solution and should not be
licensed from 3rd parties
63 Solution must have ability to auto-integrate various
49 threat prevention services at the backend. For
example, if new malware is found in cloud sandboxing
which has new malicious url or c2, solution should
automatically update the url categories, c2 database
giving better coverage for unknown threats
64 The solution should support dynamic URL
50 Categorization technology to perform real time
categorization of the website based on the website
content and HTTP URL.
65 The solution shall provide customized URL
51 categories to add URLs that are not part of the
predefined categories to be referenced in access
rules.
66 The solution should have strong URL filtering
52 database to real time threats updates, new signatures
and URL database like Phishing, Malicious sites,
Porn sites, Weapons, Financial services, Coin
miners, social networking, Software downloads,
Religion based sites, Gambling sites, Proxy
avoidance and anonymizer, command and
control, advanced malware payloads, C& C,
ransom ware detection, etc. Also, in-addition
solution should have ability to configure custom
categories for the organization.
67 The solution shall integrate with popular search
53 engines and online services, including Google,
Yahoo, Bing, and YouTube, to leverage their search
safety feature.
68 The solution shall support URL's to approved/blocked
54 URL list by match methods like
website/keyword/string. Additionally, provision shall
be provided to import to Approved or Blocked URL's
list.
70 The solution should have a large number of
55 applications in its application category groups and'
should have pre-defined categories like Web,
Webmail, Audio/Video, Game, Instant Messaging,

Bank of Baroda Confidential Page 12 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
Network Service, Application service, peer-to-Peer,
File server, File transfer, Forum.
71 The solution should have centralized architecture for
56 monitoring, reporting, notification, maintaining and
policies through single cloud-based web
management console.
72 The solution should be able to provide dashboards to
57 monitor web activities that can show top "x" items to
display for application categories, Malwares,
malware, URL categories, ransom ware domains.
73 The solution shall be able to generate alerts to
58 administrators which can turned on/off as per
requirement.
74 The solution should be provided default notification
59 pages and also able to customizable user notification
as necessary.
75 The solution shall be capable to define PAC/Agent in
60 one console. The PAC/Agent shall be editable via
GUI based management console.
76 The solution shall backup and restoration all created
61 policies, up to 10 minimum of 5 backup files shall be
supported.
77 The solution should support real time graphical and
62 chart-based dashboard for the summary of activities
over Web.
78 The solution should be able to schedule reports and
63 also provide the flexibility to generate on-demand or
scheduled reports in daily/weekly/monthly/ or specific
range (by day and time) to help analyse threats and
security-related events.
80 The solution should be able to provide log analysis to
64 identify resources at a higher risk of infection or
attack. Administrators can query logs for at least last
30 days. as long as 31 days from the past 180
days.
81 The solution should be able to provide audit logs that
65 helps to track the changes made by administrators.
Administrators can query audit logs for at least last
30 days. as long as 31 days from the past three
years.
82 The solution shall provide selection of columns
to log item to be displayed in table, the columns
should include but not limited to Time, User
Name, Active Directory Domain, Reason for
Action, Profile/Template Name, Rule Name,
Action, Malware Name, App Name, Server IP,
Client/Server IP, MIME Type, Domain, URL
84 The solution shall be capable to show statistics
of the last minimum 7 days on the dashboard.

Bank of Baroda Confidential Page 13 of 14

 Request for proposal for Supply, Implementation and
Maintenance of SaaS based Web Security Solution for
PCs for a period of 5 Years.
RFP Reference: BCC:IT:PROC:114:07 dated 07-03-2022
Addendum dated 04th April 2022
85 The solution should support forwarding access and
66 audit logs to Syslog or SIEM functions.
84 The solution shall be capable to export raw access
67 logs with Syslog protocol. Minimum support: Syslog
or CEF
86 The solution shall be capable to let administrator to
68 define the SIEM Key and Value for secure exporting
of logs.
The bidder needs to submit the technical architecture relating to data/Configuration
replication between primary and secondary site.
TRAINING
The successful bidder needs to provide advanced training for 3 banks officials (Training
& Certification) by OEM certified trainer and one administrator training for 2 officials in DC
and DR site.
SERVICE LEVELS AND UPTIME GUARANTEE
For details, please refer to Annexure that provides the service levels for the Solution.
DELIVERY
All the Services / Resource(s) should be delivered within -02- months from the date of
purchase order. Any deliverable has not been supplied or not operational on account of
which the implementation is delayed, will be deemed/treated as non-delivery thereby
excluding the Bank from all payment obligations under the terms of this contract.
Bidder will have to pay late delivery charges to Bank of Baroda @ 1% of Total Contract
Value inclusive of all taxes, duties, levies etc., per week or part thereof, for late
implementation beyond due date of implementation, to a maximum of 5% of total contract
value. If delay exceeds beyond two weeks from due date of delivery, Bank of Baroda
reserves the right to cancel the entire order.
The bidder must strictly adhere to the delivery dates or lead times identified in their
proposal and as agreed by the Bank. Failure to meet these delivery dates, unless it is
due to reasons entirely attributable to the Bank, may constitute a material breach of the
Bidder’s performance. In the event that the Bank is forced to cancel an awarded contract
(relative to this tender document) due to the Bidder’s inability to meet the established
delivery dates or any other reasons attributing to the bidder then that bidder will be
responsible for any re-procurement costs suffered by the Bank. The liability in such an
event could be limited to the differential excess amount spent by the Bank for procuring
similar deliverables and services.

Bank of Baroda Confidential Page 14 of 14