Center for Internet Security Confidence in the Connected World - - PowerPoint PPT Presentation

▶

Feb 10, 2023 15 likes •206 views

Center for Internet Security Confidence in the Connected World Northeast Headquarters 31 Tech Valley Dr., East Greenbush, NY 12061 Mid-Atlantic Headquarters 1700 North Moore St., Suite 2100, Arlington, VA 22209 Center for Internet Security 2

SLIDE 1

Northeast Headquarters 31 Tech Valley Dr., East Greenbush, NY 12061 Mid-Atlantic Headquarters 1700 North Moore St., Suite 2100, Arlington, VA 22209

Center for Internet Security

Confidence in the Connected World

SLIDE 2

2 TLP: WHITE

Center for Internet Security

SLIDE 3

3 TLP: WHITE

Multi-State Information Sharing and Analysis Center

The MS-ISAC has been designated by DHS as the key resource for cyber threat prevention, protection, response and recovery for the nation’s state, local, tribal, and territorial governments https://www.cisecurity.org/ms-isac/

SLIDE 4

4 TLP: WHITE

Members include:

50 State Governments
79 DHS-Recognized Fusion Centers
6 Territorial Governments
40 Tribal Governments
More than 1,600 local governments

State, Local, Tribal, and Territorial

Cities, counties, towns, airports, public education, police departments, ports, transit associations, and more

MS-ISAC: Who We Serve

SLIDE 5

5 TLP: WHITE

Support:

– Network Monitoring Services – Research and Analysis – Incident Response

Analysis:

– Threats & Trends – Vulnerabilities – Attacks & TTPs – Cyber Threat Actor Activity

Reporting:

– Cyber Alerts & Advisories – IP & Domain Monitoring – Automated Indicator Sharing – Strategic Intelligence

24x7 Security Operations Center

Central location to report any cybersecurity incidents To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@msisac.org

SLIDE 6

6 TLP: WHITE

MS-ISAC Advisories

Public Information

SLIDE 7

7 TLP: WHITE

Distributed in template form to allow for rebranding and redistribution by your agency

Monthly Newsletter

https://www.cisecurity.org/resources/newsletter/

Public Information

SLIDE 8

8 TLP: WHITE

IPs connecting to sinkholed

C2s

Compromised IPs
Indicators of compromise

from MS-ISAC network monitoring

Monitoring of IP Ranges & Domains

IP Monitoring Domain Monitoring

Notifications on

compromised user credentials, open source, and third party information

Vulnerability Management

Program (VMP) Send domains, IP ranges, and contact info to: soc@msisac.org

Any SLTT Government

SLIDE 9

9 TLP: WHITE

Incident Response
Malware Analysis
Computer & Network Forensics
Log Analysis

CERT

To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@msisac.org

Computer Emergency Response Team

Any SLTT Government

SLIDE 10

MS-ISAC Membership

SLIDE 11

11 TLP: WHITE

Free and Voluntary No Mandated Information Sharing Only an NDA Required

Benefits of MS-ISAC Membership

Benefits:

− Access to information, intelligence, products, resources, and webcasts − Insider access to federal information − Training and resource discounts − CIS SecureSuite discounts − HSIN Community of Interest (COI) − Cybersecurity exercise participation − Malicious Code Analysis Platform (MCAP)

https://learn.cisecurity.org/ms-isac-registration

MS-ISAC Membership

SLIDE 12

12 TLP: WHITE

Cyber Threat Intelligence

MS-ISAC Membership

24x7 Assistance

Tactics, techniques, and procedures

(TTPs), trends, and patterns

IOCs
Cyber Threat Actor information
Incident response and assistance
Answers to technical questions
Statistics
Intelligence Papers
Pointers to other resources and

introductions to other agencies

SLIDE 13

13 TLP: WHITE

Weekly Malware IPs and Domains

MS-ISAC Membership

SLIDE 14

14 TLP: WHITE

MS-ISAC Cyber Alerts

MS-ISAC Membership

SLIDE 15

15 TLP: WHITE

Network monitoring (Albert)
Web application vulnerability assessments
Network vulnerability assessments
Penetration testing
Phishing engagements
Security assessments

Fee Based Services

For more info on any of these contact:

info@msisac.org

Fee Based Services

SLIDE 16

16 TLP: WHITE

SLTT focus
24x7 research, analysis, and support
Signatures unique to SLTT governments
Integration of research on specific attacks and actors,

including nation-state actors (APT)

Real-time information sharing
Experienced cybersecurity

analysts who review each event minimizing the number of false-positive notifications

Network Monitoring (Albert)

Fee Based Services

SLIDE 17

17 TLP: WHITE

Be prepared

− Learn from others’ best practices − Gather intel to help you be proactive

Be willing to ask for help

− Identify other resources to augment what you are doing

Be a part of the solution

− Take part in information sharing

Share Information

SLIDE 18

18 TLP: WHITE

Who do I call?

To join or get more information:

https://learn.cisecurity.org/ms-isac-registration

Security Operations Center (SOC)

SOC@msisac.org - 1-866-787-4722

31 Tech Valley Dr., East Greenbush, NY 12061-4134 www.cisecurity.org

SLIDE 19

Eugene Kipniss

Sr. MS-ISAC Program Specialist

Center for Internet Security

Confidence in the Connected World

Center for Internet Security

Multi-State Information Sharing and Analysis Center

The MS-ISAC has been designated by DHS as the key resource for cyber threat prevention, protection, response and recovery for the nation’s state, local, tribal, and territorial governments https://www.cisecurity.org/ms-isac/

Members include:

State, Local, Tribal, and Territorial

Cities, counties, towns, airports, public education, police departments, ports, transit associations, and more

MS-ISAC: Who We Serve

24x7 Security Operations Center

Central location to report any cybersecurity incidents To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@msisac.org

MS-ISAC Advisories

Distributed in template form to allow for rebranding and redistribution by your agency

Monthly Newsletter

https://www.cisecurity.org/resources/newsletter/

C2s

from MS-ISAC network monitoring

Monitoring of IP Ranges & Domains

IP Monitoring Domain Monitoring

compromised user credentials, open source, and third party information

Program (VMP) Send domains, IP ranges, and contact info to: soc@msisac.org

Any SLTT Government

CERT

To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@msisac.org

Any SLTT Government

MS-ISAC Membership

Free and Voluntary No Mandated Information Sharing Only an NDA Required

Benefits of MS-ISAC Membership

Benefits:

https://learn.cisecurity.org/ms-isac-registration

MS-ISAC Membership

Cyber Threat Intelligence

MS-ISAC Membership

24x7 Assistance

(TTPs), trends, and patterns

introductions to other agencies

Weekly Malware IPs and Domains

MS-ISAC Membership

MS-ISAC Cyber Alerts

MS-ISAC Membership

Fee Based Services

For more info on any of these contact:

info@msisac.org

including nation-state actors (APT)

analysts who review each event minimizing the number of false-positive notifications

Network Monitoring (Albert)

− Learn from others’ best practices − Gather intel to help you be proactive

− Identify other resources to augment what you are doing

− Take part in information sharing

Share Information

Who do I call?

To join or get more information:

https://learn.cisecurity.org/ms-isac-registration

Security Operations Center (SOC)

SOC@msisac.org - 1-866-787-4722

Eugene Kipniss

518-880-0716 Eugene.Kipniss@cisecurity.org

MS-ISAC 24x7 Security Operations Center 1-866-787-4722 SOC@msisac.org