Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
The Office of Budget and Management issued a memorandum to the heads of federal executive departments and agencies last week providing guidance on the implementation of Endpoint Detection and Response (EDR) solutions as required under Executive Order 14028.
The memorandum, written by Shalanda D. Young, OMB's acting director, details the specific milestones that agencies must meet and requires the Cybersecurity and Infrastructure Security Agency (CISA) to have access to agency EDR deployments within 90 days and it must develop a process to monitor the agencies to ensure the security software is deployed and operating correctly.
"The executive order is a step in the right direction," noted Bill Rucker, president of Trustwave Government Solutions. "The memorandum will get those people that were sitting on their hands to move."
The memorandum reminded Federal agencies of the requirement to implement EDR as a proactive cybersecurity measure under Executive Order 14028, which was signed by President Joe Biden in May. The executive order required federal agencies to meet set deadlines to accomplish specific tasks for implementing the security measures listed in the executive order.
Rucker pointed out that requiring EDR to be implemented is one thing but tracking the reams of data that an EDR solution will generate is not easy, and this is where Trustwave Government Solutions can fit into the equation.
"The expertise of Trustwave Government Solutions at Managed Detection and Response (MDR) can help. We can bring in threat intelligence, put the data together in such a way so decisions can be made, and inform them if we find something," he said.
The federal government believes EDR will improve agency capabilities for early detection, response, and the remediation of cybersecurity incidents on their networks. Additionally, EDR will provide enterprise-level visibility across components, bureaus, and sub-agencies to better detect and understand threat activity.
Young's note detailing the implementation of EDR, starting with CISA's responsibilities. CISA has 90 days to develop a process for continuous performance monitoring to ensure EDR solutions are properly deployed and operated. CISA must coordinate with the Chief Information Officer Council to provide recommendations to OMB to accelerate EDR efforts and develop and publish a technical reference architecture and maturity model. Within 180 days, CISA and the CIO Council must develop a playbook of best practices for EDR solution deployments.
The executive order also requires agencies to undertake specific tasks as they deploy and further develop their EDR solutions.
Other agency requirements:
Under section 7 of Executive Order 14028, it states: "Federal Civilian Executive Branch (FCEB) Agencies shall deploy an Endpoint Detection and Response initiative to support proactive detection of cybersecurity incidents within Federal Government infrastructure, active cyber hunting, containment and remediation, and incident response."
"EDR combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities," Young said in her memorandum.
She noted that compared to traditional security, EDR is necessary as it provides the increased visibility necessary to respond to advanced forms of cybersecurity threats, such as polymorphic malware, advanced persistent threats, and phishing. In addition, EDR is a component needed for transitioning to a zero-trust architecture.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.