OLD_Community Services
Community Services
Community Services is a group of companies/organizations (a.k.a Community Leaders) who embrace the Health-ISAC mission and are prepared to make an investment for the betterment of the entire Health-ISAC community. Scroll down to learn more about the solutions and resources availale to you as part of your membership!
Establish a Cyber Fusion Center and stay ahead of threats with Cyware’s intelligence, threat response, and security automation solutions.
– CSAP (Situational Awareness Platform)
– CTIX (Threat Intelligence eXchange)
–CTIX Lite
–CSOL (Security Orchestration Gateway)
–CFTR (Fusion & Threat Response)
Threat intelligence platform
Automate your feeds with intelligent security.
Whether you are just getting started with threat detection and alerting, looking to make threat intelligence actionable, or searching for ways to optimize your SOC with customizable playbooks, Cyware has integrated virtual cyber fusion solutions to help you take your security operations and threat response to the next level.
Health-ISAC members can increase speed and accuracy while reducing costs and analyst burnout. Cyware’s Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for security teams of any size by offering vendor-agnostic security automation and security case management.
Leverage Health-ISAC’s partnership with Cyware by submitting a request for more information.
Flare Empowers our Healthcare Customers to:
• Detect Dangerous External Data Exposure. Flare provides a unified platform to gain visibility into all external data exposure. Our simple platform makes it easy to identify risks ranging leaked credentials and threat actors targeting your organization on the dark web to employees inadvertently leaking PHI or developers pushing secrets to Public GitHub Repositories.
• Detect Corporate Infected Devices for Sale. Flare’s platform makes it easy to identify corporate computers that have been infected with stealer malware and are for sale on infected device marketplaces. We automatically monitor hundreds of thousands of infected device listings and proactively send an alert when a device is for sale with access to corporate logins.
• Combat Healthcare Fraud. Flare’s flexible approach to monitoring empowers our customers to use identifiers to detect fraudulent activity related to healthcare companies and insurance providers. Our healthcare customers can use Flare to detect fraud schemes early, track threat actors who are perpetrating them, and identify actors who may be operating under different usernames and on different platforms using our similar actor detection feature.
• In addition to dozens of other use-cases.
Proactive External Threat Detection
External Cyber Risk Monitoring Platform
Automatically identify risks across the dark & clear web
Flare is the proactive external cyber threat detection solution for organizations. Our AI-driven technology constantly monitors the dark and clear web to discover unknown events, automatically prioritize risks, and deliver actionable intelligence to security teams. Our customers are empowered to detect stolen credentials, fraud schemes, public GitHub secrets leakage, and dozens of other threats external to their organization.
Flare Limited – Free to H-ISAC Members
Each H-ISAC member will be able to redeem 10 identifiers for 1 year, completely free (maximum of 3 domain identifiers). This enables H-ISAC members to proactively detect threats and understand their external data exposure.
What’s an identifier? Our identifiers are automated search terms that crawl the dark and clear web and return a prioritized list of risks in Flare’s intuitive SaaS platform. Some examples of identifiers include domains, keywords, executive names, email addresses, IP addresses, and other types of searches that can help detect threats related to your organization.
GreyNoise tells security analysts what IP addresses they should and should not worry about.
Reduce noisy alerts to Increase analyst efficiency:
– Enrich your events and alerts with IP context
– Identify harmless IPs you can safely ignore
– Filter out harmless alerts in your SIEM or SOAR
– Eliminate false positive IOCs in your TIP
Uncover compromised devices
– Monitor IP addresses for scanning behavior
– Identify compromised devices in your network
– Identify compromised devices in your partners’ networks
Identify emerging threats
– Identify malicious IP addresses scanning the internet
– Differentiate between opportunistic scanning and targeted attacks
– Find out who is actively exploiting a CVE in the wild
Prioritize your patching
THREAT INTELLIGENCE FOR SECURITY ANALYSTS AND SOC TEAMS
DO KNOW EVIL
GreyNoise tells security analysts what not to worry about.
Eliminate noisy IP addresses from your alerts. GreyNoise helps you filter “internet noise” out of your alert stream, with context about noisy mass-internet scanners and common business services.We do this by capturing, analyzing and classifying data on IPs that scan the internet and saturate security tools with noise. This unique perspective allows you to confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. GreyNoise intelligence is delivered through our SIEM, SOAR and TIP integrations, API, command-line tool, bulk data and web visualizer.
Unlock More Analyst Capacity
Events associated with IPs in Grey Noise can be de-prioritized, as they are likely associated with opportunistic internet scanning or harmless business services, not targeted threats. GreyNoise customers report reducing alert volumes by 25% and reducing manual research time by 20%, freeing up analysts to focus on true threats.
Stay on Top of Compromised Devices
If we see one of your devices scanning the internet, it’s likely compromised. GreyNoise’s alerts feature will notify analysts when an IP they care about shows up inour collection.
See Emerging Threats
GreyNoise sees IP addresses that exhibit device CVE-related device search, vulnerability check, and exploit behaviors, to identify IPs actively trying to exploit vulnerabilities in the wild.
How it Works
GreyNoise’s internet-wide sensor network passively collects packets from hundreds of thousands of IPs seen scanning the internet every day. GreyNoise analyzes and enriches this data to uncover source-IP behavior, methods and intent. GreyNoise continuously updates its IP dataset with this insight, making it available to analysts when queried.
GreyNoise Service
GreyNoise Community Account – Use It for Free Forever.
GreyNoise Enterprise Account – 10% Discount for Health-ISAC Members.
Key Benefits
– Protective DNS Identify and prevent attacks before they happen, independent of protocol, for devices inside and outside your network. Our fast and flexible deployment supports WFH/hybrid work models and protects all kinds of devices (IoT, servers, mobile, stationary, etc.).
– Threat Visibility
HYAS Protect provides a high-fidelity threat signal to reduce alert fatigue and improve your network intelligence. Detect and block low-and-slow attacks, supply chain attacks, and other intrusions that are hiding in your network.
– Layer Protection Quickly and easily integrate with your existing SIEM, SOAR, firewalls, and endpoint solutions to enhance the value of all your current security investments putting you in the position to act immediately.
Protective DNS
DEAL WITH CYBER RISKS BEFORE THE ATTACK NOT AFTER YOU’VE HAD TO INFORM YOUR C-SUITE
HYAS offers cybersecurity solutions, and technology, that detect and mitigate risks before they happen, so you can focus on moving business forward.
HYAS’ services use exclusive data and machine learning to combine authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively protect your organization. Our combination of infrastructure expertise and communication pattern analysis gives you an instant and reliable source of truth to mitigate threats in real time.
HYAS enforces security and blocks command and control (C2) communication used by malware, ransomware, phishing, and supply chain attacks. And all the while delivers on-demand cybersecurity intelligence to enhance your existing security and IT governance stack.
HYAS Protect – protective DNS, operates as a cloud-based Protective DNS solution or through API integration with your existing security solutions. Our combination of infrastructure expertise and communication pattern analysis gives you an instant and reliable source of truth to mitigate threats in real time.
Key Benefits
Accelerate risk identification using a library of completed assessments
Focus on risk remediation and management, not on data collection and analysis
Reduce the cost of TPRM through automation
Meet compliance requirements faster with pre-built reporting