Managed Security Services (MSS)

The Center for Internet Security® (CIS®), in partnership with Accenture, provides Managed Security Services (MSS) to help U.S. State, Local, Tribal, and Territorial (SLTT) organizations improve their cybersecurity. These services monitor SLTT devices for signs of malicious or anomalous activity, eliminate false positives, and escalate only actionable items as an alert.

MSS alleviates alert and log fatigue by filtering out all of the false positives and only “alerts” on what is impactful. The elimination of false positives saves an origination time and effort in reviewing potential threats. As a result, organizations spend more time focused on their core mission and less time worrying about cybersecurity.

 

How does MSS work?

CIS offers MSS for devices including, but not limited to, IDS/IPS, firewalls, switches & routers, servers, endpoints, and web proxies.

  1. A Log Collection Platform is established
  2. Accenture receives all logs and provides an initial, automated review
  3. CIS then receives the logs using a secure transmission, and they are analyzed by expert analysts using cyber threat intelligence specifically focused on SLTTs
  4. Events are analyzed and verified as legitimate or false positives
  5. If an event requires escalation, an alert is sent to the organization in accordance with pre-established escalation procedures if necessary
  6. Monthly reporting provided of all activity

 

mss-notification-diagram-v21.06-2400px