Announcing CIS Endpoint Security Services for SLTTs

U.S. State, Local, Tribal, and Territorial (SLTT) organizations face a stark challenge in mounting a proper cybersecurity defense against malicious actors whose attacks continue to increase in sophistication and volume. The trend toward persistent remote and hybrid work models further complicates an organization’s cybersecurity program, widening the attack surface as SLTT employees increasingly work from home, outside the protection of organizational networks.

CIS, in partnership with CrowdStrike, an industry leader in endpoint protection, is standing in the gap to offer SLTTs a fully-managed endpoint protection solution—CIS Endpoint Security Services (ESS).

Device-level Protection

CIS ESS is a solution deployed directly on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts. It includes various ways to protect endpoints, such as Next Generation Antivirus (NGAV), Endpoint Detection and Response (EDR), asset and software inventory, USB device monitoring, user account monitoring, and host-based firewall management. These capabilities can complement other security measures already in place within SLTTs’ defense-in-depth portfolios to significantly increase the time and complexity required for bad actors to compromise their networks.

By deploying directly on an organization’s endpoints, like workstations and servers, CIS ESS can mitigate threats that other measures may not. The MS- and EI-ISAC have more than 11,000 members, representing SLTT organizations using more than 14 million endpoints. There is no limit to the number of these endpoints that can be protected by CIS ESS.

CIS ESS provides optimal protection against cybersecurity threats in remote and hybrid work environments, protecting devices regardless of the network they are connected to. Through the software, devices connected to networks in homes, coffee shops, and other locations are still protected. CIS ESS protects devices and defends against cybersecurity threats wherever employees access the internet.

Endpoint Security Capabilities

Active Defense

CIS ESS provides active defense against cybersecurity threats, taking an active role in mitigating and remediating malware affecting an organization’s devices. It can stop an attack in its tracks upon identifying a threat on an endpoint. CIS ESS doesn’t just block malicious activity; it can kill or quarantine files through the Next Generation Antivirus (NGAV) component.

Protection Against Sophisticated Threats

With CIS ESS protecting an organization’s devices, it is not necessary to know about a threat in order to detect a threat. For adequate protection, organizations need to be able to block known (signature-based) and unknown (behavioral-based) malicious activity. CIS ESS can protect against unknown threats by looking for and detecting unusual behavior on devices. This ability to identify threats that have not yet been defined is critical as new threats arise on a regular basis.

Malicious actors operate with increasing sophistication, often encrypting ransomware and other malware in order to bypass an organization’s cybersecurity measures. CIS ESS can effectively defend against this encrypted malicious traffic. While network-based cybersecurity measures cannot “see” encrypted traffic, CIS ESS can detect and defend against such traffic once it becomes decrypted at the endpoint.

Managed Detection and Response (MDR) Solution

CIS ESS offers Managed Detection and Response (MDR) solutions that provide SLTTs with a full-time cybersecurity defense partner in the CIS Security Operations Center (SOC). As a function of our MDR solution, the CIS SOC will continuously monitor and manage CIS ESS software, including analyzing malicious activity and escalating actionable threats to the affected SLTT organization. The CIS SOC runs continuous operations 24x7x365 and is able to monitor SLTT endpoints even when an organization’s cybersecurity staff is not. The CIS SOC has one of the most complete data sets in the industry related to threats facing U.S. SLTT organizations, including non-public known threats, so SLTTs using CIS ESS benefit from a service specifically tailored for them.

Next Generation Antivirus (NGAV) represents the core capability within CIS ESS, and SLTT organizations can receive the benefit of managed threat hunting and remediation through our MDR solution. The various options within CIS ESS allow SLTT organizations of all sizes to tailor a protection profile to meet a limited cybersecurity budget.

Organizations using CIS ESS can also request the assistance of our Cyber Incident Response Team (CIRT) when they experience a cyber incident. Our CIRT analysts can reach directly into an affected system and conduct digital forensics remotely, acquiring evidence to uncover what happened and performing analysis to determine the root cause, the scope of the incident, attack methodologies, and more.

Cybersecurity defense at the endpoint is a vital component of an SLTT entity’s defense-in-depth strategy. CIS Endpoint Security Services offer a competitively-priced, fully-managed endpoint protection solution that is specifically tailored to meet the needs of the SLTT community.