Included in MS-ISAC Membership
The MS-ISAC Security Operations Center (SOC) analyzes cyber threat information from a variety of sources and shares this information with MS-ISAC members when necessary. Advisories can include important information about threats, vulnerabilities, exploits, attacks, and compromises. In addition to these advisories, the MS-ISAC provides its members with weekly threat reports, monthly situational awareness reports, and a monthly webcast. MS-ISAC members are also invited to schedule a conference call to discuss cyber threat concerns.
MS-ISAC analysts work with trusted affiliates to conduct research and gather intelligence about cyber threats (such as website defacement) targeting government or government-affiliated systems. Notices are sent to impacted MS-ISAC members based on predetermined escalation procedures. The MS-ISAC also provides recommended remediation steps and technical assistance.
For state, local, tribal, and territorial (SLTT) entities experiencing a targeted cyber threat (see "Threat Notification" above), the MS-ISAC provides a free network and web application vulnerability assessment. These assessments include a manual analysis and verification of vulnerabilities discovered, prioritized remediation steps, customized reporting, and remediation support.
Experiencing a cybersecurity incident? Even if your SLTT organization is not yet part of the MS-ISAC, you can reach out to us for help. Learn more about our incident response services.
Malicious Code Analysis Platform (MCAP)
MCAP is a web-based service which allows members to submit suspicious les, including executables, dlls, documents, quarantine les and archives for analysis in a controlled and non-public fashion. MCAP also enables users to perform threat analysis based on domain, IP address, URL, HASH, and various IOCs.
MCAP users are able to obtain the results from analysis, behavioral characteristics and additional detailed information which allows users to remediate the incident in a timely manner. This communication with our members provides the MS-ISAC with the situational awareness needed to assess the malware threat characteristics facing our SLTT government entities on a national level.
Vulnerability Management Program (VMP)
VMP notifies members on a monthly basis about any outdated software that could pose a threat to assets. A scripted GET request is sent to over 30,000 SLTT domains that the MS-ISAC maintains, to pull data on versioning information related to each domain.
In order to alert members of outdated software, the MS-ISAC collects server type and version (IIS, Apache, Nginx, etc., web programming language and version (PHP, ASP, etc.), and content management system and version (WordPress, Joomla, Drupal, etc.)
Following the analysis and review of the information returned, data will be broken out into two categories: vulnerable and not vulnerable systems. If the system is located in the ‘vulnerable’ le, an associated portion of that system is not up to date. Conversely, if the system is located in the ‘not vulnerable le, the system’s patch level is up to date. Systems identified as vulnerable include the CVE score and a link to the CVE.
Members should use this monthly notification to conduct further internal analysis to ensure that Internet facing systems are patched and running the most up to date software.
For questions regarding the domains that the MS-ISAC has on file for your organization, please contact the MS-ISAC. Domain listings can be edited at any point in time during your membership
Information Sharing, Cybersecurity Awareness, and Education
Through the Homeland Security Information Network (HSIN), MS-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.
Everything we do at CIS centers around collaboration with other cybersecurity experts. In the MS-ISAC, work groups comprised of dedicated MS-ISAC partners get together to share their ideas and experiences. Learn more about MS-ISAC Work Groups.
By working with MS-ISAC members and other cybersecurity partners around the country, MS-ISAC also provides:
- Cybersecurity table-top exercises
- Annual Best of the Web contest
- MS-ISAC Toolkit
- State & Local Cybersecurity Policies
- Weekly top malicious domains/IP report
- Annual National Cyber Security Awareness Month Poster Contest Guide
- Annual National Cyber Security Awareness Month Poster Contest Entry Form
On behalf of our MS-ISAC members, CIS coordinates a variety of DHS programs and initiatives:
- National webinar
- Nationwide Cyber Security Review (NCSR), an annual survey that helps SLTTs analyze their cybersecurity posture
- Security clearances for state Chief Information Security Officers
- Regional and national security exercises
- Cyber Resiliency Review, Fed VTE, NCATS, Stop.Think.Connect, and more via US-CERT
Additional Services (fee-based)
Network Security Monitoring (Albert)
One of our most popular services is the network monitoring solution known as Albert. Albert consists of an IDS sensor that gathers network data and sends it to the MS-ISAC for analysis.
MS-ISAC members are welcome to purchase a variety of consulting services, including:
- Infrastructure architecture review
- Internal systems assessment
- Social engineering (phishing exercises)
- Network penetration testing
- Web application penetration testing
Each of these consulting services can be customized by the purchasing organization. Services provided are based on a statement of work.
With both network and web application components, MS-ISAC members can purchase assessment services to identify critical system vulnerabilities. These assessments include a manual analysis and verification of vulnerabilities discovered, prioritized remediation steps, customized reporting, and remediation support. Vulnerability assessments can be scheduled on a monthly, quarterly, or yearly basis. Payment Card Industry (PCI) compliance scanning is also available.
Managed Security Services (MSS)
Managed Security Services (MSS) provide 24/7 monitoring, event analysis, and notifications for multiple security devices, including:
- IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
- Web proxies
- Switches/ Routers