Endpoint Protection and MDR (Managed Detection and Response)

Prevents threats by securing endpoint devices while also proactively addressing security concerns through continuous monitoring.

✓ Endpoint health check

✓ Audit and verify all servers have the necessary clients (agents or applications) installed and active

✓ Audit and verify all security agents are correctly reporting to the central console for real-time visibility

✓ Clean outdated or duplicate security agents from cloned servers

Web Application Firewall (WAF) & Web Proxy

Ensures systems are fortified against the latest threats and optimizes protection without disrupting services.

✓ Complete pre-election health check with election engineer

✓ Update WAF signatures and definitions; coordinate with application teams

Managed Service and 24x7x365 Security Operation Center (SOC)

Streamlines event reporting, closes security gaps, and establishes clear escalation protocols, which are essential for maintaining system integrity and ensuring a secure, uninterrupted election.

✓ Confirm all logs are being parsed into Security Information and Event Management (SIEM) correctly

✓ Data validation for all AWS logging efforts

✓ Logging is clean, and we are seeing events in SIEM

✓ Identify gaps in application event logging and, where they exist, work with the development team to pull event log details

✓ Build election day reporting templates for event tracking and reporting

✓ Setup additional AWS Simple Queue Service Queue (SQSQ) feed for application security event trails

✓ Identify critical systems, expected system communications, build event exclusion and event priority election day escalation processes with security partners

Civix Managed Systems

Minimizes vulnerabilities, reduces the risk of unauthorized access, and enhances control over system-wide security policies, helping to safeguard election-related operations.

✓ Audit device categories that are not reporting or are not compliant and remove systems no longer in service

✓ Update Defender Advanced Security Protection (ASP) and Windows malicious software removal tool (WSL) groups to better control exclusion groups and not open companywide exceptions

✓ Audit and validate managed firewalls for all Civix workforce member systems

✓ Audit and validate forced management of Civix workforce member systems

✓ Remove Identity Access Management (IAM) accounts no longer in use

Civix Workforce Member Device Enhancements

Strengthens shared security through internal data governance practices that enforce strict control over data access, detect and address potential threats, and ensure consistent compliance with industry regulations, reducing risks across both our systems and yours.

✓ Enable Data Loss Prevention (DLP) policies for data governance

✓ Clean incident response queue

✓ Manage suspicious email reporting

✓ Clear and tune false positives

✓ Identify developers/administrators running unsigned PowerShell scripts and triggering event alarms

✓ Update proactive threat hunting scripts with Indicator of Compromise (IoC) tactics, techniques and procedures (TTPs) from security experts

Cloud Security

Strengthens overall system integrity.

✓ Update client systems hosted within secure cloud environments and address vulnerability gaps

✓ Conduct internal disaster recovery exercises

✓ Check threat activity modules to against the latest TTPs (patterns, behaviors of malicious actors) to ensure defense mechanisms are capable of identifying, responding to, and mitigating the newest and most relevant threats

✓ Conduct vulnerability management reporting; track vulnerabilities (such as Common Vulnerabilities and Exposures, or CVEs) and ensure systems are patched/updated to mitigate these risks

Security Awareness and monitoring

Safeguards essential infrastructure by minimizing vulnerabilities and enhancing overall cybersecurity resilience.

✓ Coordinate training and awareness campaigns

✓ Distribute cyber communications

✓ Conduct security table tops (structured, scenario-based exercises designed to test preparedness and incident response); clarify roles and responsibilities and refine response strategies

✓ Coordinate with law enforcement agencies to actively scan for potential threats and analyze risks