CIS Endpoint Security Services (ESS) FAQ
CIS Endpoint Security Services (ESS) are available to U.S. State, Local, Tribal, and Territorial (SLTT) government entities, offered in partnership with CrowdStrike. CIS ESS is a solution deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts.
Overview
What is CIS Endpoint Security Services (ESS)?
CIS Endpoint Security Services (ESS) is a fully-managed and monitored solution deployed on endpoint devices to identify, detect, respond to, and remediate security events. The service offers host-level protection and response backed by our 24x7x365 Security Operations Center (SOC) to strengthen an organization’s cybersecurity program, and it provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity.
Organizations using CIS ESS benefit from a full-time cyber defense partner in the 24x7x365 CIS SOC. Our SOC continuously monitors and manages CIS ESS software, which includes analyzing malicious activity and escalating actionable threat detections for identified threats to the affected U.S. State, Local, Tribal, and Territorial (SLTT) organization. Upon identifying a threat event, this service can stop an attack in its tracks regardless of the network to which the endpoint is connected. As such, CIS ESS takes an active role in mitigating and remediating malicious activity affecting an organization’s devices by blocking malicious processes and quarantining malicious files or compromised endpoints.
What is included in the CIS Endpoint Security Services?
CIS Endpoint Security Services (ES)S offers Managed Detection & Response (MDR) solutions that provide U.S. State, Local, Tribal, and Territorial (SLTT) organizations with a full-time cybersecurity defense partner in the CIS Security Operations Center (SOC). As a function of our MDR solution, the CIS SOC offers continuous monitoring and management, including analyzing malicious activity and escalating actionable threats to the affected SLTT organization. The CIS SOC runs continuous operations 24x7x365 and is able to monitor SLTT endpoints even when an organization’s cybersecurity staff is not. The CIS SOC has one of the most complete data sets in the industry related to threats facing SLTT organizations, including non-public known threats, so SLTTs using CIS ESS benefit from a service specifically tailored for them.
The CIS ESS offering includes several modules that are installed into the endpoints as requested by the member. They are as follows:
- Prevent: Next Generation Antivirus (NGAV)
- Insight: Endpoint Detection & Response (EDR)
- Discover: Asset and software inventory
- Device Control: USB device monitoring
- Firewall Control: Host-based firewall management
Additionally, CIS ESS provides access to a management portal that provides real-time view of detections triggered in your environment, information about sensors, asset inventories, user access monitoring, and more data.
CrowdStrike is CIS’s Selected Endpoint Security partner for CIS ESS http://www.crowdstrike.com.
Who is eligible for CIS Endpoint Security Services?
The CIS Endpoint Security Services (ESS) is available to all U.S. State, Local, Tribal, and Territorial (SLTT) government members. Please contact us for pricing and more information at [email protected].
Additionally, the CIS Endpoint Detection & Response (EDR) Service is available at no cost to protect SLTT Election systems and a limited number of endpoints for members of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).
Does CIS Endpoint Security Services replace any other CIS Services?
CIS Endpoint Security Services (ESS) complements other security measures, including the CIS Critical Security Controls (CIS Controls), intrusion detection systems (IDS) like Albert, and Malicious Domain Blocking & Reporting (MDBR).
Adding CIS ESS to an organization’s defense-in-depth portfolio helps ensure a layered approach to cybersecurity while significantly increasing the time and complexity required for cyber threat actors (CTAs) to compromise their network.
Are the CIS Endpoint Security Services’ Terms and Conditions available to be reviewed by our legal department prior to accepting them?
Yes! The Terms and Conditions for CIS Endpoint Security Services (ESS) are available at https://www.cisecurity.or..g/terms-and-conditions-table-of-contents/cis-endpoint-security-services-via-crowdstrike.
How do I purchase CIS Endpoint Security Services?
Please complete this form: learn.cisecurity.org/Endpoint-Security-Services-ESS. A member of our team will reach out to you.
What do I need to do to get CIS Endpoint Security Services?
Once you complete this form: learn.cisecurity.org/Endpoint-Security-Services-ESS, a member of our Services team will reach out to you. The Services team will assist through the contract process. Once the contract is signed, you will receive an email requesting you to complete a Pre-Installation Questionnaire (PIQ) and Escalation Procedures.
How does onboarding for CIS Endpoint Security Services work?
Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ) and Escalation Procedures, you will receive an email confirming that your account is setup. This email also includes step by step instructions on how to install sensors. Deployment set up calls are offered to further assist with the onboarding process.
What Operating Systems does CIS Endpoint Security Services support?
How much does CIS Endpoint Security Services cost?
Please contact us for pricing and more information at [email protected].
The CIS Endpoint Detection & Response (EDR) Service is available at no cost to protect U.S. State, Local, Tribal, and Territorial (SLTT) Election systems and a limited number of endpoints for members of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).Who do I contact if I have further questions?
Please reach out to [email protected] with any additional questions about the service.
CIS Endpoint Security Services (ESS) Add-On Module: ESS Spotlight
What is CIS Endpoint Security Services Spotlight?
CIS Endpoint Security Services (ESS) Spotlight is an add-on, low-cost module that allows for real-time, automated vulnerability assessment. It seamlessly integrates into the CIS ESS offering through a single scan-less, lightweight agent on the organization’s endpoints. CIS ESS Spotlight serves up vulnerability data in seconds via intuitive, user-friendly dashboards.
Can the CIS Endpoint Security Services Spotlight module be purchased on its own?
No, CIS Endpoint Security Services (ESS) Spotlight is a low-cost add-on module to the CIS ESS solution.
If you are a new CIS ESS customer, CIS ESS Spotlight can be purchased along with the CIS ESS solution.
If you are an existing CIS ESS customer, CIS ESS Spotlight can be added to your CIS ESS solution account.
Can I purchase the CIS Endpoint Security Services Spotlight module on only a portion of my endpoints?
No. When purchasing the CIS Endpoint Security Services (ESS) Spotlight module, it must be added to all endpoints. It cannot be segregated to only some endpoints on an account.
Can the Elections Infrastructure Information Sharing and Analysis Center members add the Spotlight module onto their CIS Endpoint Detection & Response account?
Yes, Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) members can purchase the low-cost Spotlight module. Please reach out to [email protected] with any additional questions about the service.
How do I sign up for the CIS Endpoint Security Services Spotlight module?
Please complete this form: http://learn.cisecurity.org/Endpoint-Security-Services-ESS. A member of our team will reach out to you.
How much does the CIS Endpoint Security Services Spotlight add-on service cost?
Please contact us for pricing and more information at [email protected].
Who do I contact if I have further questions?
Please reach out to [email protected] with any additional questions about the service.
