If you work in an eligible organization, you may have heard about the Multi-State Information Sharing and Analysis Center (MS-ISAC) and wondered if you should enroll your organization. Is it worth it to sign up to be an MS-ISAC member?
The short answer is – Yes, go for it.
Join me below to see why it’s worth it.
Table of Contents
What Organizations Are Eligible?
Just to be sure we’re on the same page, eligible organizations include:
- Federal organizations (civilian and governmental)
- State, Local, Territorial, and Tribal Governments
- Public K-12 Education
- Public Institutions of Higher Education
- Authorities
- Non-Federal public entities in the U.S.
Contact their support if you are affiliated with an eligible organization or have questions on whether your organization is eligible to be an MS-ISAC member. Otherwise, sign up on their MS-ISAC registration page.
What Do Eligible Organizations Get?
- 24/7 Security Operations Center
- Incident response and digital forensics services
- Monitoring of your public IP ranges and domains for possible compromises
- Access to Malicious Code Analysis Platform (MCAP)
- Weekly top-malicious domains and IPs report
- Vulnerability Management Program (VMP)
- Access to cybersecurity table-top exercises
What if You’re Not Eligible? Is it Possible to Participate?
If you’re one in the list below, you have options:
- Employees of for-profit companies or non-profits
- Consultants
- Private citizens who are unaffiliated with an eligible entity
What Do Non-Eligible Organizations Get?
- Free advisories on known vulnerabilities
- National webcasts
- End-user-focused cybersecurity newsletters
This is made available by enrolling in their general subscription.
One of My Favorite Offerings
I love the cybersecurity tools they offer. One of my favorites is their network monitoring solution, Albert.
This service has an annual cost, but it’s much cheaper than most MSPs will give you.
It’s also worth mentioning that it’s only available to U.S. SLTTs. This makes sense, as it’s tuned to provide the most value to these organizations.
However, I will say that leveraging their SOC has been invaluable in network visibility initiatives.
Once the Albert sensor is in production and providing IDS services for your network, you’ll get a follow-up meeting within a few months. This follow-up meeting will kick off tuning the quantity and quality of incidents the sensor generates.
Another Great Offering
Another great offering is their newsletter and security awareness materials. They offer calendars, posters, and other materials to help bolster your information security awareness program.
I’ve based several articles on their newsletters and alerts at my workplace. It’s concise and valuable.
The webinars are also good, but I’ve only attended 2 so far, so I can’t discuss the normal types of content besides monthly wrap-ups and best practices of using free tools like DMARC.
Testing Their Feed Services
Besides feeds to their blog posts, they also offer other automated syndication solutions.
You can customize which part of the feed you want to collect to help produce dynamic content for your website or employee portal. This is great for spreading security awareness.
They offer 4 different types of feeds:
Update 12/22: There used to be a Cyber Tips feed (https://www.cisecurity.org/feed/tip), however, this appears to no longer exist.
In addition to the feeds, you can leverage their alert level system. They offer scripts so you can include a threat map on your website. It’s not as useful as their information feeds, but it’s still cool nonetheless.
Threat Feed Sample
As an example, you can get the alert-level script to embed in your website or web application by using the following code:
<div id="display-me"> </div>
<script type="text/javascript">
msisac_graphic_divid = "display-me";
msisac_graphic_size = "300x300";
msisac_graphic_fontColor = "#CECECE";
</script> <script type="text/javascript" src="https://feeds.cisecurity.org/js/alertlevel.js"></script>
The code will display this map:
I tried to play with the msisac_graphic_style
but you can’t pass anything through it.
By default, the map is surrounded by a thick blue border. You can choose not to display the border with this style:
#msisac-map { border: none !important; }
Note: You have to force no border through CSS with the !important
designation to get it to work.
Div id msisac-map
and the custom div id from msisac_graphic_divid
don’t work with each other.
For more customizations and help documentation, check out CIS’s Text Feed Help page.
Conclusion
Besides the network monitoring, what’s the initial price of enrollment?
Don’t worry the membership price is right. It’s free to become an MS-ISAC member.
I definitely recommend joining. My organization has been a member for years and finds it to be a valuable security information resource. Their SOC is great.
If you have a state GISA program or conference you can join, you’ll also find CIS (MS-ISAC) folks there.
There’s more to the membership that we haven’t yet gotten to, namely their CIS-CAT and trending malicious activity. But overall, it’s great stuff.
If you like this service, you might also be interested in the FBI’s Infragard service. That is another valuable Cyber/IT Security resource and is also free.
You can also check out DHS CISA’s Information Sharing and Awareness page to find other collaborative efforts to share information.
What do you think? Are you interested in the MS-ISAC program, or have you already joined their service? Let me know what you think n the comments below!