Community Services

Community Services is a group of companies/organizations (a.k.a Community Leaders) who embrace the Health-ISAC mission and are prepared to make an investment for the betterment of the entire Health-ISAC community.  Scroll down to learn more about the solutions and resources availale to you as part of your membership!

AdvIntel has a unique value proposition because:

– We provide truly “Actionable intelligence” which allows us to alert our customers in an effort to disrupt an impending attack and prevent a ransomware event from occurring.

– AdvIntel cultivates, maintains and fuses multiple SIGINT and HUMINT sources to monitor threat actor behavior.

– Advintel provides an “inside-out view” of adversary infrastructure.

Managed Threat Detection

Intelligent Ransomware Disruption

AdvIntel is a next-generation threat prevention and loss avoidance company launched by a team of certified investigators, reverse engineers, and security experts.  We offer a state-of-the-art platform Andariel® to combat fraud, ransomware, and botnets by providing early-warning alerting, applied threat intelligence and long-term strategic services to the private sector and government organizations.

Dive into the botnet and ransomware ecosystem, and build customized monitoring and alerting capabilities to proactively mitigate threats to your business. Andariel® enables alert and search building for proactive identification of crimeware infections. Through our botnet and breach scan algorithms, you can review thousands of illicit data points and billions of credentials to identify breach intelligence, impending ransomware attacks and compromised information. With Andariel®, you can be confident that you know the exact source, timing, and scale of potential or ongoing asset exposure.

Establish a Cyber Fusion Center and stay ahead of threats with Cyware’s intelligence, threat response, and security automation solutions. 

CSAP (Situational Awareness Platform)

CTIX (Threat Intelligence eXchange)

CTIX Lite 

CSOL (Security Orchestration Gateway) 

CFTR (Fusion & Threat Response)

 

 

Threat intelligence platform

Automate your feeds with intelligent security.

Whether you are just getting started with threat detection and alerting, looking to make threat intelligence actionable, or searching for ways to optimize your SOC with customizable playbooks, Cyware has integrated virtual cyber fusion solutions to help you take your security operations and threat response to the next level. 

Health-ISAC members can increase speed and accuracy while reducing costs and analyst burnout.  Cyware’s Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for security teams of any size by offering vendor-agnostic security automation and security case management.

Leverage Health-ISAC’s partnership with Cyware by submitting a request for more information.  

Solution Benefits

– Visualize, understand, and leverage your digital footprint for strategic decisions

– Track threat actors across platforms & mediums with similar actor detection

– Scan hundreds of dark web marketplaces, forums, and illicit telegram markets

– Seamlessly detect data leaks across thousands of clear web sources

– Conduct 24/7/365 cyber reconnaissance across the dark and clear web

Proactive External Threat Detection

External Cyber Risk Monitoring Platform

Automatically identify risks across the dark & clear web

Flare is the proactive digital footprint monitoring platform for mid-enterprise organizations. Our AI-driven technology constantly scans the online world to discover unknown threats created by inadvertent employee behavior or malicious actors. Using these discoveries, Flare automatically prioritizes risks and delivers actionable intelligence that organizations can use instantly to improve security and reduce risk.

Try it for free.

– Each H-ISAC member will be able to redeem 10 identifiers for 1 year, completely free (max of 3 Domain identifiers). Test out the platform and receive actionable data to improve your risk posture.

– What’s an identifier? Our identifiers are search terms used in the platform such as your domain name, the names of key VIPs in your organization, maybe internal project names or other terms that you want us to search and then we take our red team experience within the system and augment your terms with hundreds of other terms. Some identifier examples:

– Name

– Email

– Domain

– IP Address

– Company Name

GreyNoise tells security analysts what IP addresses they should and should not worry about.

Reduce noisy alerts to Increase analyst efficiency:

– Enrich your events and alerts with IP context

– Identify harmless IPs you can safely ignore

– Filter out harmless alerts in your SIEM or SOAR

– Eliminate false positive IOCs in your TIP

Uncover compromised devices

– Monitor IP addresses for scanning behavior

– Identify compromised devices in your network

– Identify compromised devices in your partners’ networks

Identify emerging threats

– Identify malicious IP addresses scanning the internet

– Differentiate between opportunistic scanning and targeted attacks

– Find out who is actively exploiting a CVE in the wild

Prioritize your patching

THREAT INTELLIGENCE FOR SECURITY ANALYSTS AND SOC TEAMS

DO KNOW EVIL
GreyNoise tells security analysts what not to worry about.

Eliminate noisy IP addresses from your alerts. GreyNoise helps you filter “internet noise” out of your alert stream, with context about noisy mass-internet scanners and common business services.We do this by capturing, analyzing and classifying data on IPs that scan the internet and saturate security tools with noise. This unique perspective allows you to confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. GreyNoise intelligence is delivered through our SIEM, SOAR and TIP integrations, API, command-line tool, bulk data and web visualizer.

Unlock More Analyst Capacity
Events associated with IPs in Grey Noise can be de-prioritized, as they are likely associated with opportunistic internet scanning or harmless business services, not targeted threats. GreyNoise customers report reducing alert volumes by 25% and reducing manual research time by 20%, freeing up analysts to focus on true threats.

Stay on Top of Compromised Devices
If we see one of your devices scanning the internet, it’s likely compromised. GreyNoise’s alerts feature will notify analysts when an IP they care about shows up inour collection.

See Emerging Threats
GreyNoise sees IP addresses that exhibit device CVE-related device search, vulnerability check, and exploit behaviors, to identify IPs actively trying to exploit vulnerabilities in the wild.

How it Works
GreyNoise’s internet-wide sensor network passively collects packets from hundreds of thousands of IPs seen scanning the internet every day. GreyNoise analyzes and enriches this data to uncover source-IP behavior, methods and intent. GreyNoise continuously updates its IP dataset with this insight, making it available to analysts when queried.

GreyNoise Service

GreyNoise Community Account – Use It for Free Forever.

GreyNoise Enterprise Account – 10% Discount for Health-ISAC Members.

Key Benefits

– Protective DNS Identify and prevent attacks before they happen, independent of protocol, for devices inside and outside your network. Our fast and flexible deployment supports WFH/hybrid work models and protects all kinds of devices (IoT, servers, mobile, stationary, etc.).

– Threat Visibility
HYAS Protect provides a high-fidelity threat signal to reduce alert fatigue and improve your network intelligence. Detect and block low-and-slow attacks, supply chain attacks, and other intrusions that are hiding in your network.

– Layer Protection Quickly and easily integrate with your existing SIEM, SOAR, firewalls, and endpoint solutions to enhance the value of all your current security investments putting you in the position to act immediately.

Protective DNS

DEAL WITH CYBER RISKS BEFORE THE ATTACK NOT AFTER YOU’VE HAD TO INFORM YOUR C-SUITE

HYAS offers cybersecurity solutions, and technology, that detect and mitigate risks before they happen, so you can focus on moving business forward.
HYAS’ services use exclusive data and machine learning to combine authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively protect your organization. Our combination of infrastructure expertise and communication pattern analysis gives you an instant and reliable source of truth to mitigate threats in real time.

HYAS enforces security and blocks command and control (C2) communication used by malware, ransomware, phishing, and supply chain attacks. And all the while delivers on-demand cybersecurity intelligence to enhance your existing security and IT governance stack.

HYAS Protect – protective DNS, operates as a cloud-based Protective DNS solution or through API integration with your existing security solutions. Our combination of infrastructure expertise and communication pattern analysis gives you an instant and reliable source of truth to mitigate threats in real time.

 

Key Benefits

Accelerate risk identification using a library of completed assessments

Focus on risk remediation and management, not on data collection and analysis

Reduce the cost of TPRM through automation

Meet compliance requirements faster with pre-built reporting

Third-party risk management

Reveal, Interpret, and Reduce Third-Party Risk

Prevalent takes the pain out of third-party risk management (TPRM). Companies use our software and services to eliminate the security and compliance exposures that come from working with vendors, suppliers and other third parties across the vendor risk management lifecycle.

The Prevalent Healthcare Vendor Network (HVN) is a library of thousands of completed vendor risk assessments and supporting evidence standardized on the Health-ISAC questionnaire and augmented by real-time cybersecurity, business, reputational and financial insights on those vendors. If a completed assessment is not available in the library, Prevalent’s managed services team will collect and analyze the results on your behalf.

– Search for vendors in the network and request assessments with a single click.

– Preview risk scores based on inherent/residual risk, internal assessment results, and external monitoring reports.

– Get clear and actionable remediation recommendations.

– Track and report on issue resolution over time.

– Automatically map assessment responses to specific regulatory and industry framework requirements.

– Issue additional assessments for fourth-party mapping, certifications, and business profiling.

– Enable vendors to proactively report important events.

– Reassess vendors annually or upon your request

Key Benefits

100 Million Average Daily Blocks

20+ Threat Intelligence Providers

150 Resolver Clusters located in 90 countries

DNS-Over-TLS, DNS-Over-HTTPS, and the DNSCrypt protocols to authenticate, encrypt and even anonymize the communication between your computer and Quad9’s resolvers

Privacy:  When an entity or an individual is using the Quad9 infrastructure, their IP address is not logged

Public DNS Resolver

A free and open DNS recursive service providing all enterprises and users with security and high privacy

The Quad9 DNS service protects users from accessing known malicious websites, leveraging threat intelligence from industry leaders and blocking over 100 million threats per day for users in 90 countries. Quad9 improves your system’s performance, plus it preserves and protects your privacy.

Unique Offering

Quad9 is free to use and collects no personal data about you!

Quad9 can be used simply by setting the DNS server settings for your device. No sign-up is required, no account data needs to be given to Quad9, and there is no contract!

You can configure your router or WIFI access point to distribute these settings, which will extend protection to all the elements on your local network…AND…your employees can us the same solution to protect their personal devices!

 

Solution Benefits

Unified Visibility

– Brings messages and risks into centralized view

– Protects 30 communication

-Channels like Microsoft 365 email, collaboration, chat, conferencing, social media, & mobile chat

– Monitors both inbound and outbound communications

– Multi-lingual analytics supports 52 languages

Contextual Analysis

– Third generation patented Natural Language Understanding provides of language-based risk

– Analyze the context & intent at the message level

Cross-Channel Detection

– Analyzes communications across the entire portfolio of 30+ channels

– Understands communications natively in 52+ languages

– Detects advanced threats and highlights risks that traverse communication channels

– Connects the dots of real-world multi-modal communications

– Creates a focused view for analysts and threat hunters on detections, violations, and their related communications

Rapid Deployment

SafeGuard Cyber’s cloud-based, API first platform doesn’t require the deployment and maintenance of agents, data feeds, network configurations or infrastructure. Improve your teams’ efficiency, while removing barriers to digital transformation by securing the modern cloud workplace.

Integrated Cloud Communication Security

Security and Compliance for Human Connections

Humans are without question the biggest vulnerability in an Enterprises’ Security and Compliance strategy. Industry data indicates that 82% of all breaches last year involved exploiting human vulnerabilities.

The ways people communicate in business are changing and expanding. Email is no longer the sole communication channel. In fact, 45% of business communications now take place outside of email. With hybrid work environments and BYOD policies here to stay, digital transformation initiatives result in your workers now communicating across Collaboration, Messaging, Chat, Video, Social, and email channels. Legacy emphasis on email is leaving gaps across enterprises. As the healthcare and pharmaceutical sectors deploy new tools like Microsoft Teams, Slack, and even WhatsApp, it’s critical for them to protect the enterprise by securing the human communications in the cloud workspace where critical business, customer, and private information is being shared.  With SafeGuard Cyber, information security and compliance teams can keep pace and enable the new ways their employees communicate.

SafeGuard Cyber addresses business communication risks across cloud email, collaboration, chat, conferencing, social media, mobile chat. Some of the most common business initiatives we are a part of include:

– extending Zero Trust principles to business communications

– enabling Remote Work

– ensuring security for Digital Transformation targeting communication infrastructure

– and supervising Regulatory Compliance across new channels.

 Security teams can detect and respond sooner to BEC, account takeovers, insider threats, malware/ransomware, and targeted social engineering attacks. Compliance teams can enable CRM free text, mobile messaging, social selling, and data retention with confidence.

Exclusive Offer for Health-ISAC Members

It’s easy to get started.

1. Pick your communication channel(s)

2. Get instant Unified Visibility with a no-cost trial & Zero Deployment

3. Receive a Risk Report detailing gaps or risks within your unique communications environment

For all Health-ISAC members, SafeGuard Cyber will provide a 4-week trial and a no-cost Risk Report. 

Health-ISAC Members will also receive 15- months for the cost of 12 and bundled pricing. (2 or more communication channels)

Discover all known, unknown, and outdated APIs automatically and continuously to eliminate blind spots and determine sensitive data exposure like PHI.

Stop API attacks using patented AI, big data, and behavioral analytics to pinpoint attackers early during reconnaissance and prevent them from advancing.

Improve API security with detailed insights for DevOps teams so they can understand risk and efficiently prioritize fixes to eliminate vulnerabilities at their source in the API.

Simplify compliance with up-to-date documentation that includes a complete API inventory with your full API catalog, the sensitive data they expose, and when changes are made.

API Security Solution

Never Worry About Your APIs Again

Salt Security, the leader in API protection, enables organizations to catalog their APIs, see where those APIs are exposing sensitive data, detect and block API attackers, and provide developer insights that improve your API security posture. Using big data along with ML and AI, the Salt platform keeps API-connected data and services safe, even as those systems change.

Unique Offering

No-cost API security risk assessment

Salt is offering Health-ISAC members a complementary API security risk analysis. This assessment details gaps in API documentation, pinpoints the APIs that are exposing PHI or other sensitive data, and identifies API vulnerabilities. We will work with you to identify the application environment you want to assess, and you’ll have the full report in less than a week.

 Three free months of API protection

In addition to the no-cost assessment, Salt will extend the value of its offer for Health-ISAC members by offering a 15-month term for the price of a 12-month term. Throughout this additional service window, you’ll retain full access to our robust customer success team along with all software updates and enhancements.

To take advantage of this special offer, click on the button below and share your contact information – we’ll respond right away to get your assessment scheduled.

– Begin or augment your purple teams program with a Health Industry-prioritized approach to MITRE ATT&CK

– Independent, benchmarked Defense Success Metrics™ that describe your resilience against industry threat actors

– Collaborative approach to identify success and gaps in your network, endpoint and email security defenses

– Operated and Managed 24x7x365 platform and services

– Turnkey, serverless cloud Microsoft Sentinel SIEM, Data Lake and SOAR

– Security Data Pipeline enables significant SIEM ingest cost savings

– Use Defender, CrowdStrike, SentinelOne or Cylance EDR

– Continuous improvement through threat hunts and semi-annual Purple Team exercises

Purple Team w/ Benchmarked Metrics

24×7 XDR CyberSOC

External Cyber Risk Monitoring Platform

Automatically identify risks across the dark & clear web

Security Risk Advisors (SRA) has been a trusted partner for H-ISAC CISOs for over 10 years. SRA is a global thought leader in Purple Teams and benchmarked Defense Success Metrics™ and the author of the free VECTR™ purple teams management platform (vectr.io).

SRA also provides 24×7 monitoring and response using it’s modern, Sentinel-based SCALR™ platform. SCALR™ clients save 50-80% on their prior SIEM costs.

SRA also provides services including OT/Cyber Physical Systems programs, cloud security, red teams, pen testing, appsec and engineering.

FREE for all Health-ISAC Members, VECTR™ purple teams management platform (vectr.io) and FREE participation in annual workshops to define updates to the Health Industry Threat Index Purple Team (“the Index”), which is also published FREE

– Benchmarked Health Index Purple Teams 10% off for Heath-ISAC Members

– SCALR™ XDR 24×7 Monitoring 5% off for Health-ISAC Members

Continuous risk monitoring

Discover, monitor, and report on the cyberhealth of your IT infrastructure from the outside in – see what a hacker sees.

View security issues across 10 risk factors with instant and continuous visibility into your third- and fourth-party vendors in addition to your own IT infrastructure.

Get results with granular intelligence, enabling your internal security teams and vendors to quickly identify and resolve issues.

Make smarter vendor risk management (VRM) decisions. Eliminate the need for time-consuming point-in-time vendor assessments and costly onsite visits.

Continuously monitor all of your vendors using unparalleled data collection and analytics.

Third-party risk scoring

How can Third-Party Risk Scoring help you to identify and reduce risk?

SecurityScorecard, a global leader in cybersecurity ratings, offers organizations valuable insights into the vulnerabilities that exist in their own environments and their third-party ecosystems. With sophisticated data collection techniques, attribution of millions of proprietary and open-source data feeds, and advanced machine-learning algorithms, SecurityScorecard measures, analyzes, and reports risk.

Exclusive Offer for Health-ISAC Members

Health-ISAC members are eligible to receive complimentary access to a SecurityScorecard instance that entitles them to continuously monitor their own organization AND up to five third parties (ie. vendors, suppliers, competitors).  Members who are already Security Scorecard customers will be given the ability to monitor an additional five third parties at no additional cost.

With SecurityScorecard organizations can monitor, understand and manage the cybersecurity strength and posture of their environment and that of their third-party ecosystem. The platform lets you:

– Monitor digital assets and surface issues in accordance with 10+ leading security frameworks, such as NIST and ISO

– Prioritize and remediate issues by providing actionable recommendations on every finding

– Build prescriptive remediation plans to achieve a target score

– Understand any company’s risk track record via historical scores, remediation activities, and issue event log

– Benchmark any organization in comparison to peers and competitors

– Communicate cybersecurity posture to non-technical audiences using an easy-to-understand A-F rating

If you would like to take advantage of this exclusive offer, select the blue contact us button below and complete the request form.  We will be in touch soon.

The ZeroFox Platform is an easy to deploy, always-on, cloud-based digital risk protection and full spectrum threat intelligence solution giving organizations comprehensive visibility and protection across the surface, deep and dark web. The ZeroFox Platform Enables: 

– Omnichannel Visibility

– AI-Enabled Threat Discovery

– Full-Spectrum Threat Intelligence & Threat Hunting

– Automated Takedowns & Comprehensive Adversary Disruption

DIGITAL RISK PROTECTION AND MANAGEMENT

External Threat Intelligence and Protection for the Assets You Own on the Networks You Don’t

ZeroFox provides enterprises External Threat Intelligence and Protection to disrupt threats to brands, people, assets and data across the public attack surface in one, comprehensive platform. With complete global coverage across the surface, deep and dark web and an Intel-backed artificial intelligence-based analysis engine, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox Platform technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Instagram, Pastebin, YouTube, mobile app stores, domains, cloud-based email and more.

Unique Offering

Health-ISAC Tier 1 members can sign up for a free annual Risk Findings Report. The report highlights real example and findings across our capabilities including socially engineered attacks, impersonations, brand reputation risks and domain detection among other use-cases:

– Company Name (Qty 1) Digital Threats to your organization, reputation, and revenue

– Executive/VIPS (Qty 3) VIP impersonations, account hacking, credential theft and spear phishing

– Domain (Qty 1) Identify impersonating and spoofed domains

Health-ISAC members can sign up for 30 days of free service with the option to convert to an annual discounted subscription:

– Brand Protection (Qty 1) Protect your organization, reputation and revenue against targeted digital attacks

– Executive Protection (Qty 5) Protect VIPs against impersonations, account hacking, credential theft and spear phishing

– Domain Protection (Qty 1) Identify and dismantle impersonating and spoofed domains to protect owned websites

– Remediations (Qty Unlimited) Takedown of content that violates terms of services for publicly accessible sources

– Exposure or Research Report (Qty 1) Custom analyst research report covering organizational exposure or special topics of interest Threat Intelligence Services Finished intelligence, third-party risks and geopolitical reports

– Report of Findings (Qty 1) Summary of the first 30 days of ZeroFOX engagement and results

If you work for a vendor of security solutions and would like to learn more about Health-ISAC Community Services, see the program details here.

Translate »