CIS Endpoint Security Services (ESS) FAQ

CIS Endpoint Security Services (ESS) is a fully-managed and monitored solution deployed on endpoint devices to identify, detect, respond to, and remediate security events. The service offers host-level protection and response backed by our 24x7x365 Security Operations Center (SOC) to strengthen an organization’s cybersecurity program, and it provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity.

Organizations using CIS ESS benefit from a full-time cyber defense partner in the 24x7x365 CIS SOC. Our SOC continuously monitors and manages CIS ESS software, which includes analyzing malicious activity and escalating actionable threat detections for identified threats to the affected U.S. State, Local, Tribal, and Territorial (SLTT) organization. Upon identifying a threat event, this service can stop an attack in its tracks regardless of the network to which the endpoint is connected. As such, CIS ESS takes an active role in mitigating and remediating malicious activity affecting an organization’s devices by blocking malicious processes and quarantining malicious files or compromised endpoints.

CIS Endpoint Security Services (ESS) offers Managed Detection & Response (MDR) solutions that provide U.S. State, Local, Tribal, and Territorial (SLTT) organizations with a full-time cybersecurity defense partner in the CIS Security Operations Center (SOC). As a function of our MDR solution, the CIS SOC offers continuous monitoring and management, including analyzing malicious activity and escalating actionable threats to the affected SLTT organization. The CIS SOC runs continuous operations 24x7x365 and is able to monitor SLTT endpoints even when an organization’s cybersecurity staff is not. The CIS SOC has one of the most complete data sets in the industry related to threats facing SLTT organizations, including non-public known threats, so SLTTs using CIS ESS benefit from a service specifically tailored for them.

The CIS ESS offering includes several modules that are installed into the endpoints as requested by the member. They are as follows:

• Prevent: Next Generation Antivirus (NGAV)
• Insight: Endpoint Detection & Response (EDR)
• Discover: Asset and software inventory
• Device Control: USB device monitoring
• Firewall Control: Host-based firewall management

Additionally, CIS ESS provides access to a management portal that provides real-time view of detections triggered in your environment, information about sensors, asset inventories, user access monitoring, and more data.

CrowdStrike is CIS’s Selected Endpoint Security partner for CIS ESS http://www.crowdstrike.com. 

The CIS Endpoint Security Services (ESS) is available to all U.S. State, Local, Tribal, and Territorial (SLTT) government members. Please contact us for pricing and more information. 

Additionally, the CIS Endpoint Detection & Response (EDR) Service is available at no cost to protect SLTT Election systems and a limited number of endpoints for members of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

CIS Endpoint Security Services (ESS) complements other security measures, including the CIS Critical Security Controls (CIS Controls), intrusion detection systems (IDS) like Albert, and Malicious Domain Blocking & Reporting (MDBR).  

Adding CIS ESS to an organization’s defense-in-depth portfolio helps ensure a layered approach to cybersecurity while significantly increasing the time and complexity required for cyber threat actors (CTAs) to compromise their network.

Yes! The Terms and Conditions for CIS Endpoint Security Services (ESS) are available at https://www.cisecurity.or..g/terms-and-conditions-table-of-contents/cis-endpoint-security-services-via-crowdstrike.

Please complete this form: learn.cisecurity.org/Endpoint-Security-Services-ESS. A member of our team will reach out to you.

Once you complete this form: learn.cisecurity.org/Endpoint-Security-Services-ESS, a member of our Services team will reach out to you. The Services team will assist through the contract process. Once the contract is signed, you will receive an email requesting you to complete a Pre-Installation Questionnaire (PIQ) and Escalation Procedures.

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ) and Escalation Procedures, you will receive an email confirming that your account is setup. This email also includes step by step instructions on how to install sensors. Deployment set up calls are offered to further assist with the onboarding process. 

Please contact us for pricing and more information.

Please contact us for more information.

CIS Endpoint Security Services (ESS) Spotlight is an add-on, cost effective module that allows for real-time, automated vulnerability assessment. It seamlessly integrates into the CIS ESS offering through a single scan-less, lightweight agent on the organization’s endpoints. CIS ESS Spotlight serves up vulnerability data in seconds via intuitive, user-friendly dashboards.

No, CIS Endpoint Security Services (ESS) Spotlight is a cost effective add-on module to the CIS ESS solution.

If you are a new CIS ESS customer, CIS ESS Spotlight can be purchased along with the CIS ESS solution.

If you are an existing CIS ESS customer, CIS ESS Spotlight can be added to your CIS ESS solution account.

No. When purchasing the CIS Endpoint Security Services (ESS) Spotlight module, it must be added to all endpoints. It cannot be segregated to only some endpoints on an account.

Yes, Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) members can purchase the cost effective Spotlight module. Please contact us for follow-up on any additional questions you may have.

Please complete this form: http://learn.cisecurity.org/Endpoint-Security-Services-ESS. A member of our team will reach out to you.

Please contact us for pricing and more information.

Please contact us for more information.

ESS Mobile enables you to gain visibility into blind spots in threat detection on supported Android and iOS devices in real time, provides actionable insights on mobile threats, and mitigates cyber risk to mobile devices through automated threat protection – all with a privacy-centric design. CIS Endpoint Security Services (ESS) Mobile is a robust endpoint detection and response (EDR) solution tailored for mobile devices that is exclusively available to U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through the CIS and powered by industry leader CrowdStrike. 

CIS ESS Mobile provides continuous real-time monitoring on your iOS and Android devices. CIS ESS Mobile equips security teams with automated threat protection through endpoint detection and response (EDR) that blocks malicious phishing links, identifies vulnerable devices, and detects malicious and unwanted activity on business-critical mobile apps. This functionality facilitates rapid response to phishing attempts, leaky apps, insider threats, and more, thus protecting both device health and corporate data. With near-zero effect on battery life and bandwidth usage of the device, CIS ESS Mobile deploys easily in a high-performance lightweight app, all without compromising user privacy. 

CIS ESS Mobile is available to all U.S. State, Local, Tribal, and Territorial (SLTT) government members. Please contact us for pricing and more information.

Yes, CIS ESS Mobile is offered as an optional add-on or as a standalone feature. If you are a new CIS ESS customer, CIS ESS Mobile can be purchased along with the CIS ESS Core solution. If you are an existing CIS ESS Core customer, CIS ESS Mobile can be added to your CIS ESS Core account.

Yes, EI-ISAC members can purchase the CIS Endpoint Security Services (ESS) Mobile module. Please contact us for follow-up on any additional questions you may have.

Please complete this form. A member of our team will reach out to you.

Once you complete the form, a member of our CIS Services team will reach out to you. The CIS Services team will assist you through the contract process. Once the contract is signed, you will receive an email asking you to complete a Pre-Installation Questionnaire (PIQ).

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ), you will receive an email confirming that your account is set up. This email will also include step-by-step instructions on how to install the application to mobile devices using the Mobile Device Management (MDM) of your choice. Deployment setup calls are offered to further assist you with the onboarding process. 

CIS ESS Mobile supports iOS 15 and later as well as Android 9.0 and later.

CIS ESS Mobile leverages flexible architecture and is available on both iOS and Android platforms, providing a hassle-free integration process with pre-existing mobile device management (MDM) platforms. ESS Mobile is currently available for devices managed with Workspace ONE (formerly Airwatch) and Microsoft Intune Endpoint Manager (formerly Intune); compatibility with additional MDMs is on the product roadmap.

Please contact us for pricing and more information.

Please contact us for more information.

CIS ESS Multi-tenancy is an add-on feature geared toward organizations that oversee numerous subordinate organizations.

1. Organizations set up in the CrowdStrike Falcon Platform with parent accounts will have access to see the endpoint security activity of each subordinate organization.
2. Subordinate organizations will only be able to see their own endpoint security activity under CIS ESS Multi-tenancy.

Please complete this form. A member of our team will reach out to you.

There is an upfront, one-time onboarding fee. Please contact us for pricing and more information.

Once you complete the form, a member of our CIS Services team will reach out to you. The CIS Services team will assist you through the contact process. Once the contract is signed, you will receive an email asking you to complete a Pre-Installation Questionnaire.

Our data structure can only support one parent account.

Yes, each sub-organization can be given access to their own organization. You can customize roles, permissions, and escalation procedures in whatever way you find most effective for the organizations under your purview.

No, ESS Multi-tenancy does not have a limit on the number of subordinate organizations.

No, ESS Multi-tenancy can only be purchased as an add-on configuration to the CIS ESS solution.

1. If you are a new CIS ESS customer, ESS Multi-tenancy can be purchased along with the CIS ESS Core solution.
2. If you are an existing CIS ESS customer, ESS Multi-tenancy can be added to your CIS ESS Core account. Sensors in the existing ESS account can be migrated to the new ESS Multi-tenancy structure.

Parent accounts provide escalation procedures customization including:

1. Defining escalation contact call order and notification contacts for the parent account and subordinate organizations.
2. Defining whether subordinate organizations contacts get access to the CrowdStrike Falcon platform.
3. Defining whether subordinate organizations contacts are added to notifications.

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ), you will receive an email confirming that your account is set up. This email will also include step-by-step instructions on how to install new sensors or migrate existing hosts to the new subordinate organizations. Deployment setup calls are offered to further assist you with the onboarding process.

Yes, if hosts are linked to your CIS ESS Core account, hosts can be migrated from existing accounts to new subordinate organizations if the sensor versions are supported for host migration. If your hosts are not in an account managed by CIS, please contact us for more information.

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ), you will receive an email confirming that your account is set up. This email will also include step-by-step instructions on how to migrate existing hosts to the new subordinate organizations.

CIS ESS Multi-tenancy supports Windows 7.17 and newer, as well as Mac/Linux 7.16 and newer.