If you work in an eligible organization, you may have heard about the Multi-State Information Sharing and Analysis Center (MS-ISAC) and wondered if you should enroll your organization. Is it worth it to sign up to be an MS-ISAC member?

The short answer is – Yes, go for it.

Join me below to see why it’s worth it.

What Organizations Are Eligible?

Just to be sure we’re on the same page, eligible organizations include:

  • Federal organizations (civilian and governmental)
  • State, Local, Territorial, and Tribal Governments
  • Public K-12 Education
  • Public Institutions of Higher Education
  • Authorities
  • Non-Federal public entities in the U.S.

If you are affiliated with an eligible organization or have questions on whether your organization is eligible to be an MS-ISAC member, contact their support. Otherwise, sign up on their MS-ISAC registration page.

What Do Eligible Organizations Get?

  • 24/7 Security Operations Center
  • Incident response and digital forensics services
  • Monitoring of your public IP ranges and domains for possible compromises
  • Access to Malicious Code Analysis Platform (MCAP)
  • Weekly top-malicious domains and IPs report
  • Vulnerability Management Program (VMP)
  • Access to cybersecurity table-top exercises

What if You’re Not Eligible? Is it Possible to Participate?

If you’re one in the list below, you have options:

  • Employees of for-profit companies or non-profits
  • Consultants
  • Private citizens who are unaffiliated with an eligible entity

What Do Non-Eligible Organizations Get?

  • Free advisories on known vulnerabilities
  • National webcasts
  • End-user-focused cybersecurity newsletters

This is made available by enrolling in their general subscription.

One of My Favorite Offerings

I love the cybersecurity tools they offer. One of my favorites is their network monitoring solution, Albert.

This service has an annual cost, but it’s much cheaper than most MSPs will give you.

It’s also worth mentioning it’s only available to U.S. SLTTs. It makes sense as it’s tuned to provide the most value to these organizations.

However, I will say that leveraging their SOC has been invaluable in network visibility initiatives.

Once the Albert sensor is in production and providing IDS services for your network, you’ll get a follow-up meeting within a few months. This follow-up meeting will kick off tuning the quantity and quality of incidents generated by the sensor.

Another Great Offering

Another great offering is their newsletter and security awareness materials. They offer calendars, posters, and other materials to help bolster your information security awareness program.

I’ve based several articles on their newsletters and alerts at my workplace. It’s concise and valuable.

The webinars are also good, but I’ve only attended 2 so far, so I can’t discuss the normal types of content besides monthly wrap-ups and best practices of using free tools like DMARC.

Testing Their Feed Services

Besides feeds to their blog posts, they also offer other automated syndication solutions.

You can customize which part of the feed you want to collect to help produce dynamic content for your website or employee portal. This is great for spreading security awareness.

They offer 4 different types of feeds:

Update 12/22: There used to be a Cyber Tips feed (https://www.cisecurity.org/feed/tip), however, this appears to no longer exist.

In addition to the feeds, you can leverage their alert level system. They offer scripts so you can include a threat map on your website. It’s not as useful as their information feeds, but it’s still cool nonetheless.

Threat Feed Sample

As an example, you can get the alert-level script to embed in your website or web application by using the following code:

<div id="display-me"> </div>
<script type="text/javascript">
  msisac_graphic_divid = "display-me";
  msisac_graphic_size = "300x300";
  msisac_graphic_fontColor = "#CECECE";
</script> <script type="text/javascript" src="https://feeds.cisecurity.org/js/alertlevel.js"></script>

The code will display this map:

I tried to play with the msisac_graphic_style but you can’t pass anything through it.

By default, the map is surrounded by a thick blue border. You can choose not to display the border with this style:

#msisac-map { border: none !important; }

Note: You have to force no border through CSS with the !important designation to get it to work.

Div id msisac-map and the custom div id from msisac_graphic_divid don’t work with each other.

For more customizations and help documentation, check out CIS’s Text Feed Help page.


Besides the network monitoring, what’s the initial price of enrollment?

Don’t worry the membership price is right. It’s free to become an MS-ISAC member.

I definitely recommend joining. My organization has been a member for years and finds it to be a valuable security information resource. Their SOC is great.

If you have a state GISA program or conference you can join, you’ll also find CIS (MS-ISAC) folks there.

There’s more to the membership that even we haven’t got to yet, namely their┬áCIS-CAT and trending malicious activity. But overall, it’s great stuff.

If you like this service, you might also be interested in the FBI’s Infragard service. That is another valuable Cyber/IT Security resource and is also free.

You can also check out DHS CISA’s Information Sharing and Awareness page, where you can find other information-sharing collaborative efforts.

What do you think? Are you interested in the MS-ISAC program, or have you already joined their service? What do you think? Let me know in the comments below!

Pin It on Pinterest