Approach - HBCU-ISAC : The HBCU Information Sharing and Analysis Center (HBCU-ISAC) is a trusted community of critical infrastructure owners and operators within the HBCU Ecosystem. The HBCU-ISAC shares timely, actionable, and relevant information, including intelligence on threats, incidents, and vulnerabilities that can include data such as indicators of compromise, tactics, techniques, and procedures (TTPs) of threat actors, advice, and best practices, mitigation strategies and other valuable material

Approach.

PART ONE

Phase One will deploy and implement a 24x7x365 monitoring, detection, and response capability. The monitoring services will be provided through our US-Based Security Operations Centers hosted in AWS GovCloud and will include up to 6 HBCUs of varying sizes (small, medium, and large).

HBCU-ISAC^TM monitoring services are platform agnostic, providing flexibility and ensuring return on investment for existing cybersecurity technologies. The HBCU-ISAC^TM team will assess the existing security technology investments made by the participating HBCUs and jointly determine the optimum technology stack. The HBCU-ISAC^TM team recommends deploying Palo Alto Network (PAN) Firewalls and Cortex XDR device endpoint and response software for less mature organizations with minimal cybersecurity infrastructure.

During Phase One, HBCU-ISAC^TM and The ChainBlock Company established a strategic partnership with Trustwave Government Solutions (TGS). HBCU-ISAC^TM will establish connectivity between participating HBCUs and Trustwave’s Fusion XSOAR Platform. The Trustwave Fusion platform is a cloud-native threat detection and response platform augmented by security orchestration, automation, and response (SOAR). Its primary mission is to ingest high-value telemetry and enrich it with context and threat intelligence to detect threats in near real-time. Additionally, the Trustwave Fusion platform serves as a security operations workflow engine for security operations teams during threat investigations, response activities, and forensic analysis. The goal is to provide HBCUs with the collective insights of the HBCU-ISAC^TM, committed 24/7 to provide nuanced, independent, and accurate threat intelligence to the HBCU ecosystem and its members, disrupting the cybersecurity kill chain pictured below.

There is also an opportunity to interact with HBCU-ISAC^TM personnel for incident handling and recommended remediation scenarios and the option of requesting an HBCU-ISAC^TM “Go Team.” The Jump Team will perform the following:

Cyber Risk Mapping

Learn More >

The first step in building a comprehensive cybersecurity program is identifying an organization’s vulnerable data, risk profile, existing controls, and security landscape. Extensive mapping of this diverse digital footprint helps security teams better understand their attack surfaces to implement a proactive approach to cyber risk remediation. An attack surface refers to the total number of possible attack vectors (or points) through which an attacker or unauthorized user can gain access to a system and use that access to extract data or insert malicious code. See the illustration below or enlarge here.

Threat Contextualization & Prioritization

Learn More >

Cyber Risk Awareness & Communication

Learn More >

Taking Action Against Cyber Risks

Learn More >

PART TWO

Phase Two will include implementing a Co-Managed Security Incident and Event Management (SIEM) system and establishing a dedicated HBCU ISAC at Norfolk State University to analyze the HBCU cybersecurity threat landscape. TCBC cybersecurity experts will work with Norfolk State personnel to deploy, implement, and tune the SIEM solution and assist in developing CIRC playbooks/use cases to guide monitoring and incident response activities. The HBCU-ISAC^TM will also serve as a facility to mentor and train participating HBCU faculty and student in cybersecurity and manage detection and response tactics, techniques, and procedures (TTPs).

PART THREE

Phase Three will include an orchestrated deployment of the 24x7x365 managed detection and response capability to the remaining HBCU locations, instantiation of two additional Regional HBCU-ISAC^TM locations, implementation of advanced cybersecurity operations and digital forensics, and support research and development projects across all participating HBCUs.