CITY COUNCIL AGENDA ITEM
ACTION REQUESTED:
title
Approve the award of Cooperative Procurement 25-202, Rapid7 Managed Detection and Response, to Carahsoft Technology Corporation for an amount not to exceed $380,160 and for a three-year term
body
DEPARTMENT: Information Technology
SUBMITTED BY: Jacqueline Nguyen, Director
BOARD/COMMISSION REVIEW:
N/A
BACKGROUND:
According to an article published by Microsoft, the top five cybersecurity challenges facing organizations are:
1. Managing the increased risk of ransomware/cyber-extortion
2. Ensuring cloud resources, workloads, and apps are securely configured
3. Gaps in protection across hybrid, multi-cloud, and multi-platform environments
4. Challenges in recruiting qualified security professionals
5. Enabling end-user productivity without sacrificing security
To help address these and other cybersecurity challenges, the Information Technology (IT) Department has procured Managed Detection Response (MDR) service from Rapid7 for several years. The City has benefited from the additional on-call and day-to-day assistance provided by industry experts on cybersecurity issues.
DISCUSSION:
The purpose of this procurement is to renew MDR services from Rapid7.
Rapid7’s MDR service brings the technology and experience needed to detect and respond to targeted interactive threats using leading threat detection methodologies. Once a potential threat is identified through technology or analysis, Rapid7’s 24/7 Security Operations Center (SOC) validates the event before generating an alert detailing the event in the City’s environment. When the event is an interactive breach, the Rapid7 Incident Escalation team is ready to investigate immediately.
Additionally, the City gains access to Rapid7’s experts for day-to-day activities, and staff can benefit from collaborating with these experts on issues and potential threats. This is where MDR differs from the City’s Incident Response Retainer (IRR) with Cisco. MDR is designed primarily to support and address the day-to-day security operations with third-party experts. The IRR is designed primarily to enable an overwhelming response of third-party experts to a known security incident.
The City partners with a Rapid7 Customer Advisor team who learn about the environment, sensitive data, and incident response processes. This enables Rapid7’s team to better operate as an extension of the City’s security team.
Staff has identified an approved cooperative contract, NASPO Master Contract Number: AR2472, through Carahsoft Technology Corporation for this purchase.
The term of the contract is from October 19, 2025, to October 18, 2028, with an annual fixed price of $126,720.
FISCAL IMPACT:
CIP: N/A
Rapid7 Managed Detection and Response is expensed to the Other Professional Services account listed below. The annual award amount is $126,720, which is less than the 2025 budget amount of $150,000 for this expense. Future years will be budgeted according to the actual award amount.
|
Account Number |
Fund Description |
Total Budget Amount |
|
16101100-531309 |
General Fund |
$1,167,481.00 |