Community Services

Community Services is a group of companies/organizations (a.k.a Community Leaders) who embrace the Health-ISAC mission and are prepared to make an investment for the betterment of the entire Health-ISAC community.  Scroll down to learn more about the solutions and resources availale to you as part of your membership!

Establish a Cyber Fusion Center and stay ahead of threats with Cyware’s intelligence, threat response, and security automation solutions. 

CSAP (Situational Awareness Platform)

CTIX (Threat Intelligence eXchange)

CTIX Lite 

CSOL (Security Orchestration Gateway) 

CFTR (Fusion & Threat Response)



Threat intelligence platform

Automate your feeds with intelligent security.

Whether you are just getting started with threat detection and alerting, looking to make threat intelligence actionable, or searching for ways to optimize your SOC with customizable playbooks, Cyware has integrated virtual cyber fusion solutions to help you take your security operations and threat response to the next level. 

Health-ISAC members can increase speed and accuracy while reducing costs and analyst burnout.  Cyware’s Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for security teams of any size by offering vendor-agnostic security automation and security case management.

Leverage Health-ISAC’s partnership with Cyware by submitting a request for more information.  

Flare Empowers our Healthcare Customers to:

• Detect Dangerous External Data Exposure. Flare provides a unified platform to gain visibility into all external data exposure. Our simple platform makes it easy to identify risks ranging leaked credentials and threat actors targeting your organization on the dark web to employees inadvertently leaking PHI or developers pushing secrets to Public GitHub Repositories.

• Detect Corporate Infected Devices for Sale. Flare’s platform makes it easy to identify corporate computers that have been infected with stealer malware and are for sale on infected device marketplaces. We automatically monitor hundreds of thousands of infected device listings and proactively send an alert when a device is for sale with access to corporate logins.

• Combat Healthcare Fraud. Flare’s flexible approach to monitoring empowers our customers to use identifiers to detect fraudulent activity related to healthcare companies and insurance providers. Our healthcare customers can use Flare to detect fraud schemes early, track threat actors who are perpetrating them, and identify actors who may be operating under different usernames and on different platforms using our similar actor detection feature.

• In addition to dozens of other use-cases.

Proactive External Threat Detection

External Cyber Risk Monitoring Platform

Automatically identify risks across the dark & clear web

Flare is the proactive external cyber threat detection solution for organizations. Our AI-driven technology constantly monitors the dark and clear web to discover unknown events, automatically prioritize risks, and deliver actionable intelligence to security teams. Our customers are empowered to detect stolen credentials, fraud schemes, public GitHub secrets leakage, and dozens of other threats external to their organization.

Flare Limited – Free to H-ISAC Members

Each H-ISAC member will be able to redeem 10 identifiers for 1 year, completely free (maximum of 3 domain identifiers). This enables H-ISAC members to proactively detect threats and understand their external data exposure.

What’s an identifier? Our identifiers are automated search terms that crawl the dark and clear web and return a prioritized list of risks in Flare’s intuitive SaaS platform. Some examples of identifiers include domains, keywords, executive names, email addresses, IP addresses, and other types of searches that can help detect threats related to your organization.

GreyNoise tells security analysts what IP addresses they should and should not worry about.

Reduce noisy alerts to Increase analyst efficiency:

– Enrich your events and alerts with IP context

– Identify harmless IPs you can safely ignore

– Filter out harmless alerts in your SIEM or SOAR

– Eliminate false positive IOCs in your TIP

Uncover compromised devices

– Monitor IP addresses for scanning behavior

– Identify compromised devices in your network

– Identify compromised devices in your partners’ networks

Identify emerging threats

– Identify malicious IP addresses scanning the internet

– Differentiate between opportunistic scanning and targeted attacks

– Find out who is actively exploiting a CVE in the wild

Prioritize your patching


GreyNoise tells security analysts what not to worry about.

Eliminate noisy IP addresses from your alerts. GreyNoise helps you filter “internet noise” out of your alert stream, with context about noisy mass-internet scanners and common business services.We do this by capturing, analyzing and classifying data on IPs that scan the internet and saturate security tools with noise. This unique perspective allows you to confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. GreyNoise intelligence is delivered through our SIEM, SOAR and TIP integrations, API, command-line tool, bulk data and web visualizer.

Unlock More Analyst Capacity
Events associated with IPs in Grey Noise can be de-prioritized, as they are likely associated with opportunistic internet scanning or harmless business services, not targeted threats. GreyNoise customers report reducing alert volumes by 25% and reducing manual research time by 20%, freeing up analysts to focus on true threats.

Stay on Top of Compromised Devices
If we see one of your devices scanning the internet, it’s likely compromised. GreyNoise’s alerts feature will notify analysts when an IP they care about shows up inour collection.

See Emerging Threats
GreyNoise sees IP addresses that exhibit device CVE-related device search, vulnerability check, and exploit behaviors, to identify IPs actively trying to exploit vulnerabilities in the wild.

How it Works
GreyNoise’s internet-wide sensor network passively collects packets from hundreds of thousands of IPs seen scanning the internet every day. GreyNoise analyzes and enriches this data to uncover source-IP behavior, methods and intent. GreyNoise continuously updates its IP dataset with this insight, making it available to analysts when queried.

GreyNoise Service

GreyNoise Community Account – Use It for Free Forever.

GreyNoise Enterprise Account – 10% Discount for Health-ISAC Members.

Key Benefits

– Protective DNS Identify and prevent attacks before they happen, independent of protocol, for devices inside and outside your network. Our fast and flexible deployment supports WFH/hybrid work models and protects all kinds of devices (IoT, servers, mobile, stationary, etc.).

– Threat Visibility
HYAS Protect provides a high-fidelity threat signal to reduce alert fatigue and improve your network intelligence. Detect and block low-and-slow attacks, supply chain attacks, and other intrusions that are hiding in your network.

– Layer Protection Quickly and easily integrate with your existing SIEM, SOAR, firewalls, and endpoint solutions to enhance the value of all your current security investments putting you in the position to act immediately.

Protective DNS


HYAS offers cybersecurity solutions, and technology, that detect and mitigate risks before they happen, so you can focus on moving business forward.
HYAS’ services use exclusive data and machine learning to combine authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively protect your organization. Our combination of infrastructure expertise and communication pattern analysis gives you an instant and reliable source of truth to mitigate threats in real time.

HYAS enforces security and blocks command and control (C2) communication used by malware, ransomware, phishing, and supply chain attacks. And all the while delivers on-demand cybersecurity intelligence to enhance your existing security and IT governance stack.

HYAS Protect – protective DNS, operates as a cloud-based Protective DNS solution or through API integration with your existing security solutions. Our combination of infrastructure expertise and communication pattern analysis gives you an instant and reliable source of truth to mitigate threats in real time.


Key Benefits

Accelerate risk identification using a library of completed assessments

Focus on risk remediation and management, not on data collection and analysis

Reduce the cost of TPRM through automation

Meet compliance requirements faster with pre-built reporting

Third-party risk management

Reveal, Interpret, and Reduce Third-Party Risk

Prevalent takes the pain out of third-party risk management (TPRM). Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties across the vendor risk management lifecycle.

The Prevalent Healthcare Vendor Network (HVN) is a library of thousands of completed vendor risk assessments and supporting evidence standardized on the Health-ISAC questionnaire and augmented by real-time cybersecurity, business, reputational and financial insights on those vendors. If a completed assessment is not available in the library, Prevalent’s managed services team will collect and analyze the results on your behalf.

– Search for vendors in the network and request assessments with a single click.

– Preview risk scores based on inherent/residual risk, internal assessment results, and external monitoring reports.

– Get clear and actionable remediation recommendations.

– Track and report on issue resolution over time.

– Automatically map assessment responses to specific regulatory and industry framework requirements.

– Issue additional assessments for fourth-party mapping, certifications, and business profiling.

– Enable vendors to proactively report important events.

– Reassess vendors annually or upon your request

Key Benefits

100 Million Average Daily Blocks

20+ Threat Intelligence Providers

150 Resolver Clusters located in 90 countries

DNS-Over-TLS, DNS-Over-HTTPS, and the DNSCrypt protocols to authenticate, encrypt and even anonymize the communication between your computer and Quad9’s resolvers

Privacy:  When an entity or an individual is using the Quad9 infrastructure, their IP address is not logged

Public DNS Resolver

A free and open DNS recursive service providing all enterprises and users with security and high privacy

The Quad9 DNS service protects users from accessing known malicious websites, leveraging threat intelligence from industry leaders and blocking over 100 million threats per day for users in 90 countries. Quad9 improves your system’s performance, plus it preserves and protects your privacy.

Unique Offering

Quad9 is free to use and collects no personal data about you!

Quad9 can be used simply by setting the DNS server settings for your device. No sign-up is required, no account data needs to be given to Quad9, and there is no contract!

You can configure your router or WIFI access point to distribute these settings, which will extend protection to all the elements on your local network…AND…your employees can us the same solution to protect their personal devices!


Solution Benefits

Unified Visibility

– Brings messages and risks into centralized view

– Protects 30 communication

-Channels like Microsoft 365 email, collaboration, chat, conferencing, social media, & mobile chat

– Monitors both inbound and outbound communications

– Multi-lingual analytics supports 52 languages

Contextual Analysis

– Third generation patented Natural Language Understanding provides of language-based risk

– Analyze the context & intent at the message level

Cross-Channel Detection

– Analyzes communications across the entire portfolio of 30+ channels

– Understands communications natively in 52+ languages

– Detects advanced threats and highlights risks that traverse communication channels

– Connects the dots of real-world multi-modal communications

– Creates a focused view for analysts and threat hunters on detections, violations, and their related communications

Rapid Deployment

SafeGuard Cyber’s cloud-based, API first platform doesn’t require the deployment and maintenance of agents, data feeds, network configurations or infrastructure. Improve your teams’ efficiency, while removing barriers to digital transformation by securing the modern cloud workplace.

Integrated Cloud Communication Security

Security and Compliance for Human Connections

Humans are without question the biggest vulnerability in an Enterprises’ Security and Compliance strategy. Industry data indicates that 82% of all breaches last year involved exploiting human vulnerabilities.

The ways people communicate in business are changing and expanding. Email is no longer the sole communication channel. In fact, 45% of business communications now take place outside of email. With hybrid work environments and BYOD policies here to stay, digital transformation initiatives result in your workers now communicating across Collaboration, Messaging, Chat, Video, Social, and email channels. Legacy emphasis on email is leaving gaps across enterprises. As the healthcare and pharmaceutical sectors deploy new tools like Microsoft Teams, Slack, and even WhatsApp, it’s critical for them to protect the enterprise by securing the human communications in the cloud workspace where critical business, customer, and private information is being shared.  With SafeGuard Cyber, information security and compliance teams can keep pace and enable the new ways their employees communicate.

SafeGuard Cyber addresses business communication risks across cloud email, collaboration, chat, conferencing, social media, mobile chat. Some of the most common business initiatives we are a part of include:

– extending Zero Trust principles to business communications

– enabling Remote Work

– ensuring security for Digital Transformation targeting communication infrastructure

– and supervising Regulatory Compliance across new channels.

 Security teams can detect and respond sooner to BEC, account takeovers, insider threats, malware/ransomware, and targeted social engineering attacks. Compliance teams can enable CRM free text, mobile messaging, social selling, and data retention with confidence.

Exclusive Offer for Health-ISAC Members

It’s easy to get started.

1. Pick your communication channel(s)

2. Get instant Unified Visibility with a no-cost trial & Zero Deployment

3. Receive a Risk Report detailing gaps or risks within your unique communications environment

For all Health-ISAC members, SafeGuard Cyber will provide a 4-week trial and a no-cost Risk Report. 

Health-ISAC Members will also receive 15- months for the cost of 12 and bundled pricing. (2 or more communication channels)

Discover all known, unknown, and outdated APIs automatically and continuously to eliminate blind spots and determine sensitive data exposure like PHI.

Stop API attacks using patented AI, big data, and behavioral analytics to pinpoint attackers early during reconnaissance and prevent them from advancing.

Improve API security with detailed insights for DevOps teams so they can understand risk and efficiently prioritize fixes to eliminate vulnerabilities at their source in the API.

Simplify compliance with up-to-date documentation that includes a complete API inventory with your full API catalog, the sensitive data they expose, and when changes are made.

API Security Solution

Never Worry About Your APIs Again

Salt Security, the leader in API protection, enables organizations to catalog their APIs, see where those APIs are exposing sensitive data, detect and block API attackers, and provide developer insights that improve your API security posture. Using big data along with ML and AI, the Salt platform keeps API-connected data and services safe, even as those systems change.

Unique Offering

No-cost API security risk assessment

Salt is offering Health-ISAC members a complementary API security risk analysis. This assessment details gaps in API documentation, pinpoints the APIs that are exposing PHI or other sensitive data, and identifies API vulnerabilities. We will work with you to identify the application environment you want to assess, and you’ll have the full report in less than a week.

 Three free months of API protection

In addition to the no-cost assessment, Salt will extend the value of its offer for Health-ISAC members by offering a 15-month term for the price of a 12-month term. Throughout this additional service window, you’ll retain full access to our robust customer success team along with all software updates and enhancements.

To take advantage of this special offer, click on the button below and share your contact information – we’ll respond right away to get your assessment scheduled.

– Begin or augment your purple teams program with a Health Industry-prioritized approach to MITRE ATT&CK

– Independently-benchmarked Defense Success Metrics™ that describe your resilience against industry threat actors

– Collaborative approach to identify success and gaps in your network, endpoint and email security defenses

– Operated and Managed 24x7x365 platform and services

– Turnkey, serverless cloud Microsoft Sentinel SIEM, Data Lake and SOAR

– Security Data Pipeline enables significant SIEM ingest cost savings

– Use Defender, CrowdStrike, SentinelOne or Cylance EDR

– Continuous improvement through semi-annual Purple Team exercises

Purple Team w/ Benchmarked Metrics

24×7 XDR CyberSOC

Measure, Improve, Defend, and Save!

Security Risk Advisors (SRA) has been a trusted partner for H-ISAC CISOs for over 10 years. SRA is a global thought leader in Purple Teams and benchmarked Defense Success Metrics™ and the author of the free VECTR™ purple teams management platform (

SRA provides expert 24×7 XDR and advisory services such as red teams, pen testing, appsec, engineering, OT/Cyber Physical Systems programs, TTX and cloud security.

Health Index Purple Teams w/ VECTR: Benchmark and Improve your Defense Success

SRA performs purple team exercises based on the Health Industry Threat Simulation Index, a benchmarked purple teams test plan that is agreed annually by Health industry leaders, including many H-ISAC members. The Index is a prioritized subset of MITRE ATT&CK.

SRA brings purple team operators to conduct a compact, collaborative, open-book purple team exam to help your teams learn and level-up your defenses. Our deliverables include actionable detection content, engineering recommendations and benchmarked Health industry Defense Success Metrics™ which are unique to SRA’s approach and experience.

Clients typically engage with SRA for this service once, twice or four times per year.

VECTR™ Purple Teams Management Platform

• FREE for all Health-ISAC Members, VECTR™ purple teams management platform ( and FREE participation in annual workshops to define updates to the Health Industry Threat Index Purple Team (“the Index”), which is also published… FREE!

Benchmarked Health Index Purple Teams

• 10% off for Heath-ISAC Members

SCALR™ XDR: Better Detection. Faster Deployment. Cheaper Tech Spend. Pick Three.

SCALR™ XDR uses a security data lake architecture to minimize SIEM costs, maximize your ability to store security events, and accelerate search and hunting capabilities. SCALR™ XDR includes advanced capabilities like Purple Teaming with benchmarked Defense Success Metrics™, Threat Hunting, managed SOAR and continuous detection rules deployment.

SCALR™ XDR can reduce technology spend 50%-80% on average over other cloud or on-premise SIEM.

SCALR™ XDR 24×7 Monitoring

• 5% off annual contract for Health-ISAC Members

Continuous risk monitoring

Discover, monitor, and report on the cyberhealth of your IT infrastructure from the outside in – see what a hacker sees.

View security issues across 10 risk factors with instant and continuous visibility into your third- and fourth-party vendors in addition to your own IT infrastructure.

Get results with granular intelligence, enabling your internal security teams and vendors to quickly identify and resolve issues.

Make smarter vendor risk management (VRM) decisions. Eliminate the need for time-consuming point-in-time vendor assessments and costly onsite visits.

Continuously monitor all of your vendors using unparalleled data collection and analytics.

Third-party risk scoring

How can Third-Party Risk Scoring help you to identify and reduce risk?

SecurityScorecard, a global leader in cybersecurity ratings, offers organizations valuable insights into the vulnerabilities that exist in their own environments and their third-party ecosystems. With sophisticated data collection techniques, attribution of millions of proprietary and open-source data feeds, and advanced machine-learning algorithms, SecurityScorecard measures, analyzes, and reports risk.

Exclusive Offer for Health-ISAC Members

Health-ISAC members are eligible to receive complimentary access to a SecurityScorecard instance that entitles them to continuously monitor their own organization AND up to five third parties (ie. vendors, suppliers, competitors).  Members who are already Security Scorecard customers will be given the ability to monitor an additional five third parties at no additional cost.

With SecurityScorecard organizations can monitor, understand and manage the cybersecurity strength and posture of their environment and that of their third-party ecosystem. The platform lets you:

– Monitor digital assets and surface issues in accordance with 10+ leading security frameworks, such as NIST and ISO

– Prioritize and remediate issues by providing actionable recommendations on every finding

– Build prescriptive remediation plans to achieve a target score

– Understand any company’s risk track record via historical scores, remediation activities, and issue event log

– Benchmark any organization in comparison to peers and competitors

– Communicate cybersecurity posture to non-technical audiences using an easy-to-understand A-F rating

If you would like to take advantage of this exclusive offer, select the blue contact us button below and complete the request form.  We will be in touch soon.

The ZeroFox Platform is an easy to deploy, always-on, cloud-based digital risk protection and full spectrum threat intelligence solution giving organizations comprehensive visibility and protection across the surface, deep and dark web. The ZeroFox Platform Enables: 

– Omnichannel Visibility

– AI-Enabled Threat Discovery

– Full-Spectrum Threat Intelligence & Threat Hunting

– Automated Takedowns & Comprehensive Adversary Disruption


External Threat Intelligence and Protection for the Assets You Own on the Networks You Don’t

ZeroFox provides enterprises External Threat Intelligence and Protection to disrupt threats to brands, people, assets and data across the public attack surface in one, comprehensive platform. With complete global coverage across the surface, deep and dark web and an Intel-backed artificial intelligence-based analysis engine, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox Platform technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Instagram, Pastebin, YouTube, mobile app stores, domains, cloud-based email and more.

Unique Offering

Health-ISAC Tier 1 members can sign up for a free annual Risk Findings Report. The report highlights real example and findings across our capabilities including socially engineered attacks, impersonations, brand reputation risks and domain detection among other use-cases:

– Company Name (Qty 1) Digital Threats to your organization, reputation, and revenue

– Executive/VIPS (Qty 3) VIP impersonations, account hacking, credential theft and spear phishing

– Domain (Qty 1) Identify impersonating and spoofed domains

Health-ISAC members can sign up for 30 days of free service with the option to convert to an annual discounted subscription:

– Brand Protection (Qty 1) Protect your organization, reputation and revenue against targeted digital attacks

– Executive Protection (Qty 5) Protect VIPs against impersonations, account hacking, credential theft and spear phishing

– Domain Protection (Qty 1) Identify and dismantle impersonating and spoofed domains to protect owned websites

– Remediations (Qty Unlimited) Takedown of content that violates terms of services for publicly accessible sources

– Exposure or Research Report (Qty 1) Custom analyst research report covering organizational exposure or special topics of interest Threat Intelligence Services Finished intelligence, third-party risks and geopolitical reports

– Report of Findings (Qty 1) Summary of the first 30 days of ZeroFOX engagement and results

If you work for a vendor of security solutions and would like to learn more about Health-ISAC Community Services, see the program details here.

Translate »