Ddos Mitigation Service: Public Document 2 Aug 2013

DDOS Mitigation Service (Public Document)
Page 1 of 14
DDoS Mitigation Service
Call for Collaboration

Public Document 2 Aug 2013
nd
COPYRIGHT INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE, 2013
Page 2 of 14
TABLE OF CONTENT
TABLE OF CONTENT .......................................................................................................................... 2 1. INTRODUCTION........................................................................................................... ................ 3 2. IMPORTANT NOTICES ................................................................................................................ 3 3. BACKGROUND............................................................................................................ ................. 3 4. OBJECTIVES ................................................................................................................................. 4 5. DEFINITIONS ................................................................................................................................ 4 6. BROAD REQUIREMENTS OF THE DMS CFC .......................................................................... 4 7. PROJECT FUNDING ..................................................................................................................... 4 8. SCHEDULE .................................................................................................................................. .. 5 9. CFC BRIEFING .............................................................................................................................. 5 10. DISCLAIMERS .............................................................................................................................. 5 11. SUBMISSIONS .............................................................................................................................. 6 ANNEX A IMPORTANT NOTICES.................................................................................................. 7 ANNEX B - EXPRESSION OF INTEREST DOCUMENT ................................................................ 10
Page 3 of 14
1.
1.1
INTRODUCTION
The Info-communications Development Authority of Singapore ("IDA") is issuing a Call-forCollaboration ("CFC") to invite interested operators and service providers (participants) to submit proposals (Proposals) to provide a comprehensive and cost effective DDoS Mitigation Service (DMS) for websites for both industry and government. Participants who are interested in participating in this CFC shall submit an Expression of Interest response (EOI response). Upon receiving the EOI response, IDA reserves the right to determine the appropriate parties to issue the Non Disclosure Agreement (NDA), which the parties will have to sign in order to receive the DMS CFC Requirements Specifications document and to attend the CFC briefing. Upon receipt of the DMS CFC Requirements Specifications documents, participants may submit a proposal to participate in this CFC process. Each CFC Participant may form a consortium with other industry player(s), provided that the CFC Participant is the lead member. IDA may enter into discussions with shortlisted CFC Participants during the clarification sessions to refine the scope of their proposals, including, technical & operational requirements, timelines and milestones. Subsequently, IDA will approve selected proposal(s) for the award of a grant, provided that IDA and relevant CFC Participant(s) agree on the terms of the award.
1.2 1.3
1.3
1.4
1.5
2.
2.1
IMPORTANT NOTICES
For the avoidance of doubt, this Public Document for the DMS CFC shall be read with and shall be subject to the Important Notices as set out in Annex A.
3.
3.1 3.2
BACKGROUND
Globally, DDoS attacks are among the top 10 threats in the current cyber-threat landscape, increasing in both magnitude and sophistication, targeting both businesses and Government. Many countries have experienced a spike in the frequency of DDoS attacks, most of which originate from compromised machines (bots) within the country. Such attacks launched by local botnets can be massive and damaging. As DDoS attack patterns change, it is no longer sufficient just to augment a targets perimeter defences, e.g. firewalls, IPS, WAF, as such defences are usually constrained by bandwidth and capacity limitations and are easily overwhelmed during a large scale DDoS attack. What is needed is to push the mitigation upstream into the Internet, to provide automated access to sufficient resources to quickly scale to mitigate DDoS attacks, and to do so in a cost effective manner.
3.3
Page 4 of 14
4.
4.1
OBJECTIVES
The desired outcome for this DMS CFC is for the industry to provide a comprehensive DMS Service to protect Singapore websites against DDoS attacks in a cost effective manner.
5.
5.1
DEFINITIONS
DDoS refers to both a denial-of service attack (DoS attack) and distributed denial-of service attack (DDoS attack) and is a type of attack that is designed to make either the network or computer systems/services unavailable to its intended users. DDoS Mitigation Services is defined as any commercial services that are offered by the Participant that is used to mitigate or identify DDoS attacks. Government with respect to this CFC is defined as any of the organizations listed in the Government directory, including Ministries, Statutory Boards, Organs of State and Other Organizations (see www.sgdi.gov.sg website for full listing). Customers with respect to this CFC refers to all users that subscribe to the DMS service provided by the Participants.
5.2 5.3
5.4
6.
6.1 6.2 6.3
BROAD REQUIREMENTS OF THE DMS CFC

The DMS should be offered as a service to businesses/government in Singapore. The DMS service is expected to protect against Layers 1 to 7 DDoS attacks. The customers of the DMS Service should not be required to change their existing Internet Service providers in order to use the DMS Service.
7.
7.1
PROJECT FUNDING
The funding for selected proposal(s) will be determined upon assessment of the submitted proposal(s). All terms and conditions of such approved funding shall be an agreed between the awarded CFC participant(s) and IDA.
Page 5 of 14
8.
8.1
SCHEDULE
Timeline of Events (indicative) Date 2 Aug (Friday)
st nd
Event Issuance of DMS CFC Public Document Release of DMS CFC Public Document on IDA website Dateline for submission of EOI Response DMS CFC Briefing for qualified participants Clarification Session (optional) Dateline for DMS CFC Proposal submission Close of CFC Presentations and Clarifications of Proposals by Short listed Participants Announcement of Selected Proposals and award of grant
12 August (Monday) 28 Aug (Wednesday) 11

th th th
Sep (Wednesday)
7 Oct (Monday)
Oct 13 to Dec 13 Feb 14
9.
9.1
CFC BRIEFING
IDA will conduct a DMS CFC briefing to cover the details of the DMS CFC Requirement Specifications. To attend the DMS CFC briefing, Participants must have: Submitted an EOI Response to IDA by 12 August 2013, and Submitted 2 signed copies of the NDA by 23 August 2013 to IDA and received 1 copy of the NDA duly signed by IDA before the briefing.
rd th
10.
10.1
DISCLAIMERS
Due to the nature of the CFC, IDA may in its sole and absolute discretion determine whether a particular participant has been shortlisted.
Page 6 of 14
11.
11.1
SUBMISSIONS
Format of Submissions 11.1.1 Participants who wish to participate in the DMS CFC shall submit an EOI Response containing the following information: EOI Document found in Annex B Signed NDA by an authorised representative
11.1.2 Proposal submissions should be made using the DMS Call-For-Collaboration (Proposal Template) provided by IDA. Participants shall furnish all necessary information and documents as required in the template. All assumptions used should be stated clearly in the proposal. 11.1.3 The submission shall be submitted in English written in a clear and concise manner in typed single spacing with Arial font size 12. 11.2 Place and Time of Submission
Five (5) hardcopy and Two (2) softcopy (in a CD-ROM) of the DMS Proposal should reach IDA no th later than 7 October 2013 at 1800hrs. All Proposals must be clearly marked as DMS and addressed to: Infocomm Development Authority of Singapore 10 Pasir Panjang Road #10-01 Mapletree Business City Singapore 117438 11.3 11.4 11.5 IDA reserves the right not to accept late submissions. Proposals may also be submitted in person at the IDA reception desk on the 10th floor at 10 Pasir Panjang Road, Mapletree Business City, Singapore 117438. Contact Details
Enquiries regarding this CFC should be addressed to: The DMS Project Team DID: (65) 62111529 Fax: (65) 62112213 Email: IDA_DMS_CFC@ida.gov.sg
No further enquiries regarding this CFC will be entertained after 7 October 2013.
th
Page 7 of 14
ANNEX A IMPORTANT NOTICES

Companies or consortias submitting proposals in response to the DDoS Mitigation Service Call for Collaboration (Participants) are deemed to have read and understood the following provisions: 1. Interpretation 1.1 The following words and expressions shall have the meanings hereby assigned to them except where the context otherwise requires: Call for Collaboration or CFC shall mean the invitation issued by IDA on 2 August 2013 to companies to collaborate with IDA and other partners to deploy and maintain a comprehensive and cost effective DDoS mitigation solution for Government and businesses. IP shall mean intellectual property, including but not limited to patents, copyright, industrial design and integrated circuit topography. IDA shall mean the Info-communications Development Authority of Singapore, a statutory board created pursuant to the Info-communications Development Authority of Singapore Act (Chapter 137A) of the laws of the Republic of Singapore with its principal office at 10 Pasir Panjang Road, #10-01 Mapletree Business City, Singapore 117438. Proposal shall mean any and all documents and information submitted by the Participant in response to the Call for Collaboration. 1.2 Words importing the singular shall also include the plural and vice versa where the context requires.
nd
2. 2.1
Disclaimers This Call for Collaboration (CFC) is merely an invitation to treat and is not intended to create or impose any binding legal obligations whatsoever on IDA, whether express or implied and whether contractual or otherwise. Without prejudice to the generality of the foregoing, each Participant acknowledges and agrees that IDA shall be under no duty or obligation to act fairly or equally towards the Participant in relation to IDAs evaluation of its Proposal or with regard to any process adopted by IDA under this CFC. Nothing in this CFC shall constitute a contract between IDA and any Participant. Any Participant selected pursuant to this CFC for participation in the project shall be required to enter into a legally binding agreement with IDA (Agreement), the terms and conditions of which shall be agreed between the parties at a later date. All submissions of Proposals, clarifications, discussions and presentations relating to this CFC are made entirely at the risk of the Participant.
2.2
2.3
Page 8 of 14
2.4
IDA does not make any representation or warranty, whether express or implied, or accept any liability for the completeness, relevancy, accuracy and/or adequacy of the information provided by IDA in relation to this CFC. IDA does not make any representation of fact or promise to the future in respect of any project contemplated by IDA relating to this CFC. IDA accepts no liability or obligation in relation to any Proposal submitted pursuant to this CFC and/or any subsequent clarifications, discussions or presentations thereon, whether requested by IDA or otherwise. The Participant shall bear all costs and expenses associated with the preparation and submission of its Proposal, and any subsequent clarifications, discussions or presentations thereon. IDA will, under no circumstances, be responsible for reimbursing any costs incurred by the Participant during the process, regardless of the conduct or outcome of the evaluation and selection process. IDA shall have the absolute discretion to accept or reject any Proposal, whether in whole or in part, without giving any reason whatsoever. The receipt by IDA of any Proposal pursuant to this CFC shall under no circumstances impose any form of obligation or amount to an acceptance of or an agreement to abide by any terms or conditions stated therein or elsewhere on the part of IDA. IDA shall have the absolute discretion, at any time, to terminate this CFC or to change the nature, scope, procedures or timelines for the CFC, including the proposal selection process and criteria. Under no circumstance shall IDA incur any liability in respect of such termination or changes. IDA shall not owe any liability to any party for any loss or damage whatsoever (including loss of profit, savings, business contracts, or revenues, and all other forms of actual, direct, special, incidental, or consequential loss or damage) arising from or related to any response to this CFC, including but not limited to the submission of Proposals.
2.5 2.6
2.7
2.8
2.9
3. 3.1
Ownership of Documents and Intellectual Property All proposals and other documents or materials submitted to IDA pursuant to this CFC shall become the property of IDA. Notwithstanding the foregoing and without prejudice to any subsequent agreement with IDA to the contrary, any IP contained in any Proposal and/or such other document submitted to IDA shall not be transferred to IDA. For the avoidance of doubt, all IP in any documents issued by IDA pursuant to this CFC shall remain vested in IDA.
3.2
4. 4.1
Confidentiality of Information IDA may require any party receiving confidential information from IDA in relation to or arising from this CFC to sign a written non-disclosure agreement setting out such partys confidentiality obligations in relation to such confidential information.
Page 9 of 14
4.2
IDA accepts no liability or obligation in relation to any confidential information disclosed to IDA by a Participant pursuant to this CFC unless otherwise agreed by IDA in a written nondisclosure agreement setting out IDAs confidentiality obligations in relation to such confidential information.
5.
IDAs Right to Seek Recovery
Nothing herein shall prejudice or limit IDAs right to seek recovery from the Participant for any loss, damage, costs, expenses, or liability incurred by IDA and/or its officers, directors and employees, directly or indirectly arising out of or relating to the submission of the Proposal by the Participant and IDAs retention and use thereof, including but not limited to any claim that the Proposal infringes any third partys IP rights.
Page 10 of 14
ANNEX B - EXPRESSION
OF INTEREST DOCUMENT
Please tick the box if the applicant intends to express interest in participating in IDAs DMS CFC and in attending the DMS briefing to be conducted by IDA. If this box is ticked, please complete the information as requested in this ANNEX B
1.
Company Information
AhnLab, Inc.
Company Name Mailing Address (if different from registered address) Telephone Country of Incorporation ACRA Reg. No* Paid up Capital (S$)**
+82-31-722-8000 South Korea
Fax Carporate Web Site URL
+82-31-722-8901 global.ahnlab.com
N/A S$ 74,356,492.04
Date of Registration
March 15, 1995
*Please attach a copy of the latest updated ACRA search. ** Please provide certified copies of 3 years of FULL set of the latest audited financial / management report.
Company Registration: (please tick one)
Sole Proprietorship Partnership Private Limited (non-exempt limited by shares)

Public Limited (limited by shares)
Research Institute / Institute of Higher Learning
Page 11 of 14
Others (please specify):

2. Contact Person for Future Correspondence
Name Designation DID Mobile No.
Michael Cho Sales Manager +82-31-722-7636 +82-10-6264-0211

Fax Email Address
+82-31-722-8901 michael.cho@ahnlab.com
3.
Company Structure
(Please attach organisational chart and operational chart if available)
Total number of full time employees : Number of technical personnel biography if available):
Nam e Designation
[ 849 ] [ 344 ]
Key Management Personnel who will be involve in the DMS CFC: (Please attach
Years of Related Experie
Professional/Aca demic Qualificat
Hong Sun Kim Ki In Kim Si Haeng Cho
CEO CFO CTO
23 Years 24 Years 29 Years
Ph.D from Purdue Univ. B.A. from Sogang Univ. B.A. from Hanyang Univ.
3-1. Company Overview

Company Name Foundation Date Location of Corporate Headquarters Revenue KOSDAQ-listing date CEO AhnLab, Inc. March 15, 1995 673, Sampyeong-dong, Bundang-gu, Seongnam-si, Gyeonggi-do 464-400, South Korea 123 (Million USD) _2012year Sep 13, 2001 Kim, Hong Sun
Page 12 of 14
Global Operating Locations
China, Japan, USA - Endpoint Security for Enterprises and Consumers - Network Appliances Solutions - Web Security Solutions - Transaction Security Solutions - Security Services (ASEC, A-FIRST, CERT, Consulting) +82-31-722-8000 /FAX: +82-31-722-8901
Business Portfolio
Main Line
3-2. Financial Summary (Unit : Million SGD / 1$=884.54KRW)

Balance Sheet
Items Assets 1. Current Assets (a) Cash & Equivalent (b) Others 2. Fixed Assets (a) Investment Assets (b) Tangible Assets (c) Others Liabilities 1. Short-term Liabilities 2. Long-term Liabilities Equity 1. Capital Stock 2. Capital Surplus 3. Capital Mediate 4. Profit Surplus
Income Statement
End of 2012 210.40 114.72 11.39 103.33 95.68 2.75 84.25 8.67 50.26 46.53 3.74 160.14 5.90 77.61 -24.55 101.17
End of 2011 196.08 102.64 12.72 89.92 93.44 2.34 82.85 8.25 48.75 44.74 4.01 147.33 5.90 77.60 -24.53 88.37
Items Sales Gross Profit Operating Profit Net Profit
2012 149.83 100.66 14.60 15.98
2011 117.14 82.62 11.00 10.67
Page 13 of 14
4.
Company Summary
Please provide an executive summary of your company and demonstrate and elaborate on the companys domain experience in relation to the DMS project. Founded in 1995, AhnLab has developed industry-leading information security solutions and services. Headquartered in South Korea, the worlds most wired country, we successfully have been dealing with the skyrocketing number of cyber threats and became the leading innovator of dynamic security solutions. AhnLab's cutting-edge technologies and services ensure business continuity for our clients and contribute to a safe computing environment for all. The combination of advanced alerting technology, well-trained and experienced security experts, and a massive, globally dispersed infrastructure offers companies a flexible, economic solution while providing the scale to handle tomorrow's attacks today. AhnLab delivers best-of-breed threat prevention that scales easily for high-speed networks, by combining cloud analysis with endpoint and server resources. AhnLab's multidimensional approach combines with exceptional service to create truly global protection against attacks that evade traditional security defenses. With Systematic response process, AhnLab can provide the overall services to minimize the damages from DDoS attacks. In 2009 and 2011, AhnLab has experienced different forms of DDoS attacks which are 3'4 DDoS (2009) and 77 DDoS(2011) and successfully minimized the attacks with advanced response. AhnLab is operating a central threat analysis system which consists of CERT* and ASEC**. CERT is security operation center which is monitoring all the network threat and behavior. And ASEC is malware analysis center. AhnLab is one of solution companies who have these core infrastructure at the same time in a single organization. All our solution and services are based on this system, which can make AhnLab protect customers proactively from the recent sophisticated and advanced DDoS attack. We have many relationships with external organization like government, customers, partners, data center, and service providers that we can collect security related information from these partners and analyze them and then accumulate engines, signatures and databases. These useful information can be shared and AhnLab can support customer so that they can protect their system from any advanced threat in real-time. We have been collecting more than 350M files from end users and we are updating the latest engines and signatures based on our architecture. * ASEC (AhnLab Security Emergency Response Center) ASEC is AhnLabs dedicated security research group, formed by professional virus analysts and security experts. ASEC monitors network around the clock for threats, collects and analyzes malicious codes, and develops new virus signatures and responses. The teams deep insight into todays security environment and constant availability gives AhnLab the capability to quickly mitigate complex and evolving security issues. **CERT (AhnLabs Computer Emergency Response Team) CERT provides dedicated threat monitoring and response services, including managed services for enterprise customers. The group helps customers reduce the burden of managing their network security and ensures highly-skilled, rapid responses to emerging threats.
Page 14 of 14
Signed for and on behalf of :
[AhnLab, Inc.]
Name: Michael Cho Designation: Sales Manager Date: August 12, 2013

Ddos Mitigation Service: Public Document 2 Aug 2013

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ddos Mitigation Service: Public Document 2 Aug 2013

Uploaded by

Copyright:

Available Formats

DDOS Mitigation Service (Public Document)