In the 2023-24 School Aid Fund, section 97g allocated $9,000,000 to provide a statewide Security Operations Center (SOC) and Managed Detection and Response (MDR) services for ISD, LEA & PSA servers in the State of Michigan. The MiSecure team was formed in October 2023 and immediately began researching and developing resources to address the MDR portion of the project. After a thorough evaluation, Crowdstrike Falcon Complete has been selected as the supported Michigan K12 MDR solution. ISDs were then asked to report the number of new server licenses they are expecting to utilize from the grant. In order to obtain this number, ISDs worked with LEAs & PSAs in their region and reported the totals to MiSecure.
The Crowdstrike Falcon Complete product includes several components you can review here. Most critically, is the Crowdstrike team responsible for monitoring and responding to cyber events and incidents 24x7x365. This process requires a relationship to be established between Crowdstrike and each participating ISD. This participation will group the ISD, LEA and PSA servers into a single organization, or CID (Customer ID). While the CID is assigned to an individual ISD, the ISD is able to create individual user accounts for LEAs and PSAs. Once on-boarded, the ISD CID will establish contact lists, policy groups for servers and escalation processes.
If an ISD, LEA and/or PSA already have an MDR product in place as of the program start date, they may qualify for credits toward the cost of the product. The most common MDR solutions have already been pre-approved for credits, while other solutions will need to be reviewed by the MiSecure team. Credits will be for no more than either the original purchase price, or the value of a MiSecure Crowdstrike MDR licenses.
Still have questions? The most common questions are addressed below.
Most Common Questions
Q: I have a unique situation, can we talk?
We recognize that every situation will be unique; however for the first phase of the project – the participation survey – the objective is to get the best estimate of the number of new MDR licenses required for each district. This doesn’t have to be a perfect number but it will provide MiSecure with an initial number of licenses to purchase. ISDs are encouraged to work with their LEAs and PSAs to include every server within their ISD in the count. ISDs/LEAs/PSAs can add additional licenses in the future or turn in unused licenses back to MiSecure. ISDs are encouraged to reach out to MiSecure for additional information.
Q: What products qualify for a credit?
- CrowdStrike Falcon Complete
- CrowdStrike (MS-ISAC’s CIS-ESS implementation)
- SentinelOne Vigilance MDR
- SentinelOne with MDR Management (e.g. Arctic Wolf)
- CrowdStrike with MDR Management (e.g. Arctic Wolf)
- Other products will be considered and there is an option to respond
Q: What’s included in Crowdstrike Falcon Complete?
Crowdstrike Falcon Complete is a package of several components, most notably: Insight (EDR), Prevent (NGAV), Discover (IT Hygiene), Overwatch (24×7 Threat Hunting), Spotlight (vulnerability monitoring) and the Falcon Complete Team (24×7 responders). We have put together a page with Information on each of these modules.
Q: What is a CID (Customer ID)?
A CID is the term Crowdstrike uses to refer to a “managed organization” This organization will be on-boarded and supported 24x7x365 by a dedicated Crowdstrike team. The on-boarding process will address such things as thresholds, responses, contacts and escalation procedures. These CID settings will apply to all ISDs, LEAS and PSAs in the organization. MiSecure will supply each ISD with a single CID. MiSecure will hold a Parent CID which supports all ISD CIDs. Entities within a single ISD CID may have visibility into other entities and ISDs need to consider this when providing access to LEA/PSA staff. LEAs or PSAs that would like their own CID may purchase through the MiSecure project, leveraging the statewide pricing (estimated cost is ~$5,000/CID). Those LEAs should reach out to MiSecure to make arrangements.
Q: My ISD never contacted me, how can I participate?
Yes! Please reach out the MiSecure team at [email protected] and we’ll ensure your servers are included or credits are applied. Within the ISD survey, each ISD was asked to confirm that it made every effort to reach each LEA/PSA and if they were unable to do so, to report which ones were not included.
Q: I utilize a neighboring ISD rather than the one to which I’m assigned. How should I participate?
You should include your servers in the ISD you do work with. You should also coordinate that with both your assigned ISD and your servicing ISD to ensure that your servers being counted only once for the project. This will ensure that your servers show up in your servicing ISD’s CID.
Q: Is there a hard timeline? That is, if I don’t respond, can I still participate later?
There is no deadline to participate. ISDs, LEAs or PSAs may join or add licenses anytime. However, we are asking each ISD to respond ASAP so that we may get the most accurate count of initial licenses to purchase.
Q: What are we committing to?
According to the 97g legislation, participating ISDs/LEAs/PSAs agree to:
- Complete an assessment using a tool such as the MiSecure Quick Self-Audit
- Install and maintain the MDR software
- Provide access to the software to MiSecure
- Coordinate responses with MiSecure and their ISD
Q: I have a question that isn’t addressed here
A complete Frequently Asked Questions page is available and updated regularly. If you still can’t find your answer there, please email [email protected]