Center for Internet Security Confidence in the Connected World

Transcription

1 Center for Internet Security Confidence in the Connected World Northeast Headquarters 31 Tech Valley Dr., East Greenbush, NY Mid-Atlantic Headquarters 1700 North Moore St., Suite 2100, Arlington, VA 22209

2 Center for Internet Security 2

3 Multi-State Information Sharing and Analysis Center The MS-ISAC has been designated by DHS as the key resource for cyber threat prevention, protection, response and recovery for the nation s state, local, tribal, and territorial governments 3

4 MS-ISAC: Who We Serve Members include: 50 State Governments 79 DHS-Recognized Fusion Centers 6 Territorial Governments 40 Tribal Governments More than 1,600 local governments State, Local, Tribal, and Territorial Cities, counties, towns, airports, public education, police departments, ports, transit associations, and more 4

5 24x7 Security Operations Center Central location to report any cybersecurity incidents Support: Network Monitoring Services Research and Analysis Incident Response Analysis: Threats & Trends Vulnerabilities Attacks & TTPs Cyber Threat Actor Activity Reporting: Cyber Alerts & Advisories IP & Domain Monitoring Automated Indicator Sharing Strategic Intelligence To report an incident or request assistance: Phone:

6 MS-ISAC Advisories Public Information 6

7 Monthly Newsletter Distributed in template form to allow for rebranding and redistribution by your agency Public Information 7

8 Monitoring of IP Ranges & Domains IP Monitoring IPs connecting to sinkholed C2s Compromised IPs Indicators of compromise from MS-ISAC network monitoring Domain Monitoring Notifications on compromised user credentials, open source, and third party information Vulnerability Management Program (VMP) Send domains, IP ranges, and contact info to: Any SLTT Government 8

9 CERT Computer Emergency Response Team Incident Response Malware Analysis Computer & Network Forensics Log Analysis To report an incident or request assistance: Phone: Any SLTT Government 9

10 MS-ISAC Membership

11 Benefits of MS-ISAC Membership Free and Voluntary No Mandated Information Sharing Only an NDA Required Benefits: Access to information, intelligence, products, resources, and webcasts Insider access to federal information Training and resource discounts CIS SecureSuite discounts HSIN Community of Interest (COI) Cybersecurity exercise participation Malicious Code Analysis Platform (MCAP) MS-ISAC Membership 11

12 Cyber Threat Intelligence 24x7 Assistance Tactics, techniques, and procedures (TTPs), trends, and patterns IOCs Cyber Threat Actor information Incident response and assistance Answers to technical questions Statistics Intelligence Papers Pointers to other resources and introductions to other agencies MS-ISAC Membership 12

13 Weekly Malware IPs and Domains MS-ISAC Membership 13

14 MS-ISAC Cyber Alerts MS-ISAC Membership 14

15 Fee Based Services Network monitoring (Albert) Web application vulnerability assessments Network vulnerability assessments Penetration testing Phishing engagements Security assessments For more info on any of these contact: Fee Based Services 15

16 Network Monitoring (Albert) SLTT focus 24x7 research, analysis, and support Signatures unique to SLTT governments Integration of research on specific attacks and actors, including nation-state actors (APT) Real-time information sharing Experienced cybersecurity analysts who review each event minimizing the number of false-positive notifications Fee Based Services 16

17 Share Information Be prepared Learn from others best practices Gather intel to help you be proactive Be willing to ask for help Identify other resources to augment what you are doing Be a part of the solution Take part in information sharing 17

18 Who do I call? Security Operations Center (SOC) SOC@msisac.org Tech Valley Dr., East Greenbush, NY To join or get more information: 18

19 MS-ISAC 24x7 Security Operations Center Eugene Kipniss Sr. MS-ISAC Program Specialist