Title
Information Technologies Department recommending the Board:
1) Make findings in accordance with Procurement Policy C-17, Section 3.4 (2) (f) that continuity of providers will provide efficiency or critical knowledge that couldn’t be provided by other providers;
2) Authorize the Purchasing Agent to amend Purchase Contract 9896 by $29,180.65 to increase Security Information and Event Management capacity, increasing the total compensation amount not to exceed $240,194.46; and
3) Authorize the Purchasing Agent to accept and execute Crowdstrike quote Q-1642113, contingent upon County Counsel and Risk Management approval, as applicable.
FUNDING: General Fund.
Body
DISCUSSION / BACKGROUND
Since January 2018, the Information Technologies (IT) Department has used Crowdstrike Falcon advanced breach and endpoint protection services with Antivirus, Threat Intelligence, USB Device Control, and Threat Hunting capabilities. In March 2022, IT upgraded to Falcon Complete managed detection and response (MDR) services, which delivers 24/7 expert management, monitoring, and response for the Crowdstrike Falcon platform. The Crowdstrike Falcon security solution is an industry leader to stop advanced threats, including next-gen antivirus, endpoint detection through Falcon Insight, and threat protection with Falcon Identity. The Crowdstrike Falcon Complete team, available 24/7, uses Overwatch to manage threat hunting and ensures comprehensive security for our El Dorado County IT assets, remediating security incidents in minutes to minimize impacts to the County.
In January 2026, the IT Department began using Crowdstrike to also provide Security Information and Event Management (SIEM) services for the IT Security Operations Center (SOC) by offering real-time analysis of the County's infrastructure and providing continuous monitoring of cyber threats through their Falcon Next-Gen SIEM services, including 365-day log retention and essential support services. As the conversion from Foresite, our previous SIEM provider occurred, it was discovered that the County required additional Ingestion and Retention Falcon Next-Gen SIEM support for all the data being processed. Multiple data sources feed into the SIEM, and Falcon Complete uses all of this data when investigating and understanding a situation. If the County is unable to pass all data sources into the SIEM, missing data could cause Crowdstrike to miss or overlook potential security events.
IT is requesting an amendment to Purchase Contract 9896 in the amount of $29,180.65 per quote Q-1642113 to increase the Falcon Next-Gen SIEM services by an additional 30 gigabytes over the period of May 1, 2026, to Jan 15, 2027, to co-term with our current agreement. This will increase the NTE for Purchase Contract 9896 to $240,194.46. Funds are available within the IT Fiscal Year (FY) 2025-26 Budget for this fiscal year's expenses and appropriations will be included in the FY 2026-27 Budget request to continue services.
Procurement Policy C-17 allows for the exemption from competitive bidding when continuity of providers will provide efficiency or critical knowledge that couldn’t be provided by other providers. This request is an amendment to a renewal for existing established and approved services and licenses. While Crowdstrike Falcon and SIEM services are available through resellers, we have been partnering directly with Crowdstrike to procure licenses and Falcon Complete security services (since 2020 and 2022, respectively). The direct procurement of licenses allows for better pricing than through competitively bid NASPO contract AR2472 for CrowdStrike Falcon Complete.
ALTERNATIVES
The Board could choose to decline this request, which would impact our countywide cyber security monitoring services and SIEM support and the County would need to determine an alternative way to provide complete coverage.
PRIOR BOARD ACTION
Legistar file 22-0850 - May 24, 2022 - Board authorized the Purchasing Agent to issue a Purchase Order in the amount of $32,775.52 for the period of June 5, 2022, to March 3, 2023 for additional licenses for necessary security endpoint protection and authorized the Purchasing Agent to accept and execute Crowdstrike quote Q-441989.
Legistar file 23-0082 - February 14, 2023 - Board authorized the Purchasing Agent to issue a Purchase Order in the amount of $148,455.80 for the period of March 4, 2023, through March 3, 2024, for Falcon Complete endpoint protection and authorized the Purchasing Agent to accept and execute Crowdstrike quote Q-579846.
Legistar file 24-0185 - February 27, 2024 - Board authorized the Purchasing Agent to issue a Purchase Order in the amount of $155,878.90 for the period of March 4, 2024, through March 3, 2025 for Falcon Complete endpoint protection and authorized the Purchasing Agent to accept and execute Crowdstrike quote Q-823645.
Legistar file 24-1582 - October 15, 2024 - Board approved an updated warranty document for our current term through March 3, 2025.
Legistar file 25-0124 - February 25, 2025 - Board approved the Purchasing Agent to issue a Purchase Order in the amount of $163,673.79 for the period of March 4, 2025 through March 3, 2026 for Falcon Complete endpoint protection and authorized the Purchasing Agent to accept and execute Crowdstrike quote Q-1132474.
Legistar file 25-1683 - December 9, 2026 - Board approved the Purchasing Agent to issue Purchase Contract 9896 in the amount of $211,013.81 for the period of January 16, 2026, through January 15, 2027, for Falcon Complete endpoint protection and Security Information and Event Management Services.
OTHER DEPARTMENT / AGENCY INVOLVEMENT
Procurement and Contracts
CAO RECOMMENDATION / COMMENTS
Approve as recommended.
FINANCIAL IMPACT
Funds are available within the FY 2025-26 Budget for this fiscal year's expenses and appropriations will be included in IT’s FY 2026-27 Budget request to continue services.
CLERK OF THE BOARD FOLLOW UP ACTIONS
N/A
STRATEGIC PLAN COMPONENT
N/A
CONTACT
Amanda Earnshaw, Chief Information Officer