The CIS CyberMarket provides state, local, tribal and territorial agencies with the opportunity to leverage collective purchasing power with industry-leading cyber vendors.
For many in state, local, tribal and territorial (SLTT) government organizations, the cybersecurity threat landscape can seem overwhelming at times. With the move to remote work, attacks are coming faster than ever before.
Almost as daunting as the threat itself is the complex marketplace for solutions. Cybersecurity is a huge ecosystem. It’s hard to navigate, “and it can be overwhelming for SLTTs to find the right vendor and the right solution, at an affordable cost,” said Cat Werbeck-Marczan, senior director of cybersecurity services at the Center for Internet Security.
The CIS CyberMarket offers a way forward. It aims to improve cybersecurity through cost-effective group procurement.
Collective Purchasing Power
A collaborative purchasing program developed by the Center for Internet Security, CIS CyberMarket, serves SLTT government organizations, nonprofit entities, and public health and education institutions. CIS has leveraged the collective purchasing power of participating organizations to secure group purchasing opportunities with industry-leading cybersecurity providers.
“Through CIS CyberMarket, CIS negotiates discounts for our members and ensures access to offerings that might otherwise have been out of reach for many smaller agencies,” Werbeck-Marczan said.
Equally important, the collective marketplace helps IT leaders cut through the noise.
“It simplifies the process, reducing the time and effort needed to identify and acquire cyber solutions,” she said.
Through the marketplace, SLTTs can gain access to a range of cyber solutions. This includes training programs from leading providers such as the SANS Institute, as well as software and applications, including vulnerability management, secure internet gateway, and endpoint security and management tools. The marketplace also incorporates cybersecurity services, including consulting services and cyber liability insurance plans.
“All the products and services available through CIS CyberMarket go through a rigorous evaluation process,” Werbeck-Marczan said. CIS subject-matter experts, along with members of a volunteer board made up of SLTT cybersecurity professionals, are responsible for vetting proposed solutions.
In addition to the technical review, the process ensures the vendor is using current best practices, “taking into account the vendor’s reputation and standing in the marketplace,” she said.
If a product meets acceptable standards, CIS works with the vendor to secure the best possible pricing available.
An Evolving Marketplace
Since its inception in 2012, “CIS CyberMarket has saved public and nonprofit organizations over $50 million in procurement costs,” Werbeck-Marczan said.
A refresh of the program, which is set to launch in the coming year, will make the marketplace an even more effective tool. CIS is working to make CIS CyberMarket more interactive and user-friendly, and it will be using its annual member survey data to proactively vet emerging solutions to ensure that vendors align with specific SLTT needs.
In the long term, CIS leaders hope to be able to make specific recommendations through CIS CyberMarket.
“We’re building an even more robust, one-stop shopping capability that will help to match SLTT agencies with the right vendors and the right solutions for their specific needs,” Werbeck-Marczan said.
While procurement processes vary widely across SLTT agencies, CIS hopes that by bringing best-in-breed solutions to the fore and working with vendors that have been rigorously evaluated for their compatibility with the SLTT mission, it will be possible for agencies to accelerate their acquisitions at a time when they are under increasing pressure to bring effective cyber solutions to the table.
Supporting the SLTT Community
More than just a marketplace for goods and services, CIS CyberMarket can serve as an educational forum.
“It’s a means through which SLTT leaders can get familiar with the leading approaches to cybersecurity and the best practices among vendors,” Werbeck-Marczan said.
By speeding IT leaders’ initial research efforts, the marketplace can accelerate their cyber efforts and compress the procurement runway, she said.
All this is in line with CIS’s mission “to serve as a reliable source of information to the SLTT community,” she said.
By leveraging in-house expertise, CIS can ensure its members have access to the most effective cyber solutions. At the same time, CIS draws insight from the vendor community.
“Vendors who participate in CIS CyberMarket aren’t there just to sell you things: We want them to be partners in educating the SLTT partners in our mission,” Werbeck-Marczan said.
Through July 31, CIS CyberMarket is offering a discount on some of the most cutting-edge cyber training available. Participants can get more than 50% off the regular price of SANS cybersecurity training and programs. They include SANS Security Awareness, a comprehensive security awareness training program; SANS On Demand, a set of self-paced professional training courses; and SANS Live Online, a series of interactive livestreamed professional training courses.
With CIS CyberMarket, CIS aims to bridge the gap between vendors and SLTTs. “Our mission, as always, is to bring to the fore the solutions that help to make up an effective overall cybersecurity program,” Werbeck-Marczan said.
This post was first published June 24, 2022.