This request is for information only regarding Enterprise Cyber Analytics tools which support business and security operations in a multi-classification Department of Defense (DoD) architecture following the DoD Zero Trust (ZT) paradigm. The capabilities have been grouped into two categories: those supporting Analytics & Visualization and those supporting Automation & Orchestration. Failure to identify a capability in one category will not be identified as a failure in another category. Collaboration may be possible between industry partners to provide an integrated solution for Enterprise Cyber Analytics which meets regulatory requirements and desired functionality.

Current Federal and DoD regulations require logging and monitoring of enterprise information systems. These activities are leveraged for the purpose of improving network resilience, increased security, and improved operations through the application of an enterprise cyber analytics program. Through proactive use of captured data, analytics tools provide near real-time intelligence to support Security Operations Center (SOC) and Network Operations Center (NOC) teams. In the context of ZT, SIEM and SOAR tools are integrated to support Analytics, Visualization, and Automation objectives. While capabilities in Table 1 are divided into SIEM and SOAR, a response which answers one capability may be appropriate since the development of a holistic analytics program may consist of multiple integrated products. For example, solutions which efficiently address automation and integration with case management may marry with another solution providing efficient and economical logging, log retention, and log management to deliver an acceptable solution.