CIS Endpoint Security Services (ESS) FAQ

 

CIS Endpoint Security Services (ESS) are available to U.S. State, Local, Tribal, and Territorial (SLTT) government entities, offered in partnership with CrowdStrike. CIS ESS is a solution deployed on endpoint devices to identify, detect, respond to, and remediate security incidents and alerts.

 

Overview

What is CIS Endpoint Security Services (ESS)?

CIS Endpoint Security Services (ESS) is a fully-managed and monitored solution deployed on endpoint devices to identify, detect, respond to, and remediate security events. The service offers host-level protection and response backed by our 24x7x365 Security Operations Center (SOC) to strengthen an organization’s cybersecurity program, and it provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity.

Organizations using CIS ESS benefit from a full-time cyber defense partner in the 24x7x365 CIS SOC. Our SOC continuously monitors and manages CIS ESS software, which includes analyzing malicious activity and escalating actionable threat detections for identified threats to the affected U.S. State, Local, Tribal, and Territorial (SLTT) organization. Upon identifying a threat event, this service can stop an attack in its tracks regardless of the network to which the endpoint is connected. As such, CIS ESS takes an active role in mitigating and remediating malicious activity affecting an organization’s devices by blocking malicious processes and quarantining malicious files or compromised endpoints.

What is included in the CIS Endpoint Security Services?

CIS Endpoint Security Services (ESS) offers Managed Detection & Response (MDR) solutions that provide U.S. State, Local, Tribal, and Territorial (SLTT) organizations with a full-time cybersecurity defense partner in the CIS Security Operations Center (SOC). As a function of our MDR solution, the CIS SOC offers continuous monitoring and management, including analyzing malicious activity and escalating actionable threats to the affected SLTT organization. The CIS SOC runs continuous operations 24x7x365 and is able to monitor SLTT endpoints even when an organization’s cybersecurity staff is not. The CIS SOC has one of the most complete data sets in the industry related to threats facing SLTT organizations, including non-public known threats, so SLTTs using CIS ESS benefit from a service specifically tailored for them.

The CIS ESS offering includes several modules that are installed into the endpoints as requested by the member. They are as follows:

  • Prevent: Next Generation Antivirus (NGAV)
  • Insight: Endpoint Detection & Response (EDR)
  • Discover: Asset and software inventory
  • Device Control: USB device monitoring
  • Firewall Control: Host-based firewall management

Additionally, CIS ESS provides access to a management portal that provides real-time view of detections triggered in your environment, information about sensors, asset inventories, user access monitoring, and more data.

CrowdStrike is CIS’s Selected Endpoint Security partner for CIS ESS http://www.crowdstrike.com

SLTT Enterprise Infrastructure

Who is eligible for CIS Endpoint Security Services?

The CIS Endpoint Security Services (ESS) is available to all U.S. State, Local, Tribal, and Territorial (SLTT) government members. Please contact us for pricing and more information. 

Additionally, the CIS Endpoint Detection & Response (EDR) Service is available at no cost to protect SLTT Election systems and a limited number of endpoints for members of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

Does CIS Endpoint Security Services replace any other CIS Services?

CIS Endpoint Security Services (ESS) complements other security measures, including the CIS Critical Security Controls (CIS Controls), intrusion detection systems (IDS) like Albert, and Malicious Domain Blocking & Reporting (MDBR).  

Adding CIS ESS to an organization’s defense-in-depth portfolio helps ensure a layered approach to cybersecurity while significantly increasing the time and complexity required for cyber threat actors (CTAs) to compromise their network.

Are the CIS Endpoint Security Services’ Terms and Conditions available to be reviewed by our legal department prior to accepting them?

Yes! The Terms and Conditions for CIS Endpoint Security Services (ESS) are available at https://www.cisecurity.or..g/terms-and-conditions-table-of-contents/cis-endpoint-security-services-via-crowdstrike.

How do I purchase CIS Endpoint Security Services?

Please complete this form: learn.cisecurity.org/Endpoint-Security-Services-ESS. A member of our team will reach out to you.

What do I need to do to get CIS Endpoint Security Services?

Once you complete this form: learn.cisecurity.org/Endpoint-Security-Services-ESS, a member of our Services team will reach out to you. The Services team will assist through the contract process. Once the contract is signed, you will receive an email requesting you to complete a Pre-Installation Questionnaire (PIQ) and Escalation Procedures.

How does onboarding for CIS Endpoint Security Services work?

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ) and Escalation Procedures, you will receive an email confirming that your account is setup. This email also includes step by step instructions on how to install sensors. Deployment set up calls are offered to further assist with the onboarding process. 

What Operating Systems does CIS Endpoint Security Services support?

The list of supported Operating Systems versions is available at https://www.crowdstrike.com/products/faq/; under Deployment section.

How much does CIS Endpoint Security Services cost?

Please contact us for pricing and more information.

The CIS Endpoint Detection & Response (EDR) Service is available at no cost to protect U.S. State, Local, Tribal, and Territorial (SLTT) Election systems and a limited number of endpoints for members of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

Who do I contact if I have further questions?

Please contact us for more information.

ESS Spotlight: Add-on Module

What is CIS Endpoint Security Services Spotlight?

CIS Endpoint Security Services (ESS) Spotlight is an add-on, cost effective module that allows for real-time, automated vulnerability assessment. It seamlessly integrates into the CIS ESS offering through a single scan-less, lightweight agent on the organization’s endpoints. CIS ESS Spotlight serves up vulnerability data in seconds via intuitive, user-friendly dashboards.

Can the CIS Endpoint Security Services Spotlight module be purchased on its own?

No, CIS Endpoint Security Services (ESS) Spotlight is a cost effective add-on module to the CIS ESS solution.

If you are a new CIS ESS customer, CIS ESS Spotlight can be purchased along with the CIS ESS solution.

If you are an existing CIS ESS customer, CIS ESS Spotlight can be added to your CIS ESS solution account.

Can I purchase the CIS Endpoint Security Services Spotlight module on only a portion of my endpoints?

No. When purchasing the CIS Endpoint Security Services (ESS) Spotlight module, it must be added to all endpoints. It cannot be segregated to only some endpoints on an account.

Can the Elections Infrastructure Information Sharing and Analysis Center members add the Spotlight module onto their CIS Endpoint Detection & Response account?

Yes, Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) members can purchase the cost effective Spotlight module. Please contact us for follow-up on any additional questions you may have.

How do I sign up for the CIS Endpoint Security Services Spotlight module?

Please complete this form: http://learn.cisecurity.org/Endpoint-Security-Services-ESS. A member of our team will reach out to you.

How much does the CIS Endpoint Security Services Spotlight add-on service cost?

Please contact us for pricing and more information.

Who do I contact if I have further questions?

Please contact us for more information.

ESS Mobile: Add-on or Standalone Module

What is CIS Endpoint Security Services Mobile?

ESS Mobile enables you to gain visibility into blind spots in threat detection on supported Android and iOS devices in real time, provides actionable insights on mobile threats, and mitigates cyber risk to mobile devices through automated threat protection – all with a privacy-centric design. CIS Endpoint Security Services (ESS) Mobile is a robust endpoint detection and response (EDR) solution tailored for mobile devices that is exclusively available to U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through the CIS and powered by industry leader CrowdStrike. 

What is included in the CIS Endpoint Security Services Mobile service?

CIS ESS Mobile provides continuous real-time monitoring on your iOS and Android devices. CIS ESS Mobile equips security teams with automated threat protection through endpoint detection and response (EDR) that blocks malicious phishing links, identifies vulnerable devices, and detects malicious and unwanted activity on business-critical mobile apps. This functionality facilitates rapid response to phishing attempts, leaky apps, insider threats, and more, thus protecting both device health and corporate data. With near-zero effect on battery life and bandwidth usage of the device, CIS ESS Mobile deploys easily in a high-performance lightweight app, all without compromising user privacy. 

Who is eligible for CIS Endpoint Security Services Mobile?

CIS ESS Mobile is available to all U.S. State, Local, Tribal, and Territorial (SLTT) government members. Please contact us for pricing and more information.

Can the CIS Endpoint Security Services Mobile module be purchased on its own?

Yes, CIS ESS Mobile is offered as an optional add-on or as a standalone feature. If you are a new CIS ESS customer, CIS ESS Mobile can be purchased along with the CIS ESS Core solution. If you are an existing CIS ESS Core customer, CIS ESS Mobile can be added to your CIS ESS Core account.

Can members of the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) add the Mobile module onto their CIS Endpoint Detection & Response account?

Yes, EI-ISAC members can purchase the CIS Endpoint Security Services (ESS) Mobile module. Please contact us for follow-up on any additional questions you may have.

How do I purchase CIS Endpoint Security Services Mobile?

Please complete this form. A member of our team will reach out to you.

What do I need to do to get CIS Endpoint Security Services Mobile?

Once you complete the form, a member of our CIS Services team will reach out to you. The CIS Services team will assist you through the contract process. Once the contract is signed, you will receive an email asking you to complete a Pre-Installation Questionnaire (PIQ).

How does onboarding for CIS Endpoint Security Services Mobile work?

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ), you will receive an email confirming that your account is set up. This email will also include step-by-step instructions on how to install the application to mobile devices using the Mobile Device Management (MDM) of your choice. Deployment setup calls are offered to further assist you with the onboarding process. 

What Operating Systems does CIS Endpoint Security Services Mobile support?

CIS ESS Mobile supports iOS 15 and later as well as Android 9.0 and later.

What Mobile Device Management platforms does CIS Endpoint Security Services Mobile support?

CIS ESS Mobile leverages flexible architecture and is available on both iOS and Android platforms, providing a hassle-free integration process with pre-existing mobile device management (MDM) platforms. ESS Mobile is currently available for devices managed with Workspace ONE (formerly Airwatch) and Microsoft Intune Endpoint Manager (formerly Intune); compatibility with additional MDMs is on the product roadmap.

How much does the CIS Endpoint Security Services Mobile module cost?

Please contact us for pricing and more information.

Who do I contact if I have further questions?

Please contact us for more information.

ESS Multi-Tenancy: Add-on Feature

What is CIS Endpoint Security Services Multi-tenancy

CIS ESS Multi-tenancy is an add-on feature geared toward organizations that oversee numerous subordinate organizations.

  1. Organizations set up in the CrowdStrike Falcon Platform with parent accounts will have access to see the endpoint security activity of each subordinate organization.
  2. Subordinate organizations will only be able to see their own endpoint security activity under CIS ESS Multi-tenancy.

How do I purchase CIS Endpoint Security Services Multi-tenancy?

Please complete this form. A member of our team will reach out to you.

How much does CIS Endpoint Security Services Multi-tenancy cost?

There is an upfront, one-time onboarding fee. Please contact us for pricing and more information.

What do I need to do to get CIS Endpoint Security Services Multi-tenancy?

Once you complete the form, a member of our CIS Services team will reach out to you. The CIS Services team will assist you through the contact process. Once the contract is signed, you will receive an email asking you to complete a Pre-Installation Questionnaire.

Can I have multiple Parent accounts?

Our data structure can only support one parent account.

I have a significant number of sub-organizations under my own. Can these organizations have their own access and filters up to me?

Yes, each sub-organization can be given access to their own organization. You can customize roles, permissions, and escalation procedures in whatever way you find most effective for the organizations under your purview.

Is there a limit on the number of subordinate organizations under the Multi-tenancy structure?

No, ESS Multi-tenancy does not have a limit on the number of subordinate organizations.

Can I purchase CIS Endpoint Security Services Multi-tenancy on its own?

No, ESS Multi-tenancy can only be purchased as an add-on configuration to the CIS ESS solution.

  1. If you are a new CIS ESS customer, ESS Multi-tenancy can be purchased along with the CIS ESS Core solution.
  2. If you are an existing CIS ESS customer, ESS Multi-tenancy can be added to your CIS ESS Core account. Sensors in the existing ESS account can be migrated to the new ESS Multi-tenancy structure.

What are Parent accounts able to do?

Parent accounts provide escalation procedures customization including:

  1. Defining escalation contact call order and notification contacts for the parent account and subordinate organizations.
  2. Defining whether subordinate organizations contacts get access to the CrowdStrike Falcon platform.
  3. Defining whether subordinate organizations contacts are added to notifications.

How does onboarding for CIS ESS Multi-tenancy work?

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ), you will receive an email confirming that your account is set up. This email will also include step-by-step instructions on how to install new sensors or migrate existing hosts to the new subordinate organizations. Deployment setup calls are offered to further assist you with the onboarding process.

Can hosts be migrated from existing accounts to new subordinate organizations?

Yes, if hosts are linked to your CIS ESS Core account, hosts can be migrated from existing accounts to new subordinate organizations if the sensor versions are supported for host migration. If your hosts are not in an account managed by CIS, please contact us for more information.

How can sensors be migrated from existing accounts to new subordinate organizations?

Once the contract is signed and you complete your Pre-Installation Questionnaire (PIQ), you will receive an email confirming that your account is set up. This email will also include step-by-step instructions on how to migrate existing hosts to the new subordinate organizations.

What sensor versions are supported for host migration?

CIS ESS Multi-tenancy supports Windows 7.17 and newer, as well as Mac/Linux 7.16 and newer.

CIS_Services

Ready to improve your cybersecurity posture with CIS Endpoint Security Services (ESS)? Click below for more information.

Learn More