By Pete Nicoletti, Field CISO, Americas. Pete has 32 years of Security, Network, and MSSP experience and has been a hands-on CISO for the last 17 years and recently joined Check Point as Field CISO of the Americas. Pete’s cloud security deployments and designs have been rated by Garter as #1 and #2 in the world and he literally “wrote the book” and contributed to secure cloud reference designs as published in Intel Press: “Building the Infrastructure for Cloud Security: A Solutions View.”
A needed focus on your EDR (Endpoint Detection and Response) capabilities
By now, you’ve heard of the executive order from May of this year: Improving the Nation’s Cybersecurity Executive Order 14028. There is now some implementation guidance that updates this order: “Adopt a robust EDR solution and shift your response from a reactive posture to a proactive one.” The Acting Director of the Office of Management and Budget (OMB) just authored a clarification on this Executive Order Titled: “Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response.”
What does this mean for your cyber strategies?
This directive is a wakeup call for commercial enterprises that are slow to adopt the latest generation of EDR. Here are the mandates:
- Improved agency capabilities for early detection, response, and remediation of cyber security incidents on networks using advanced technologies and leading practices.
- Agency enterprise-level visibility across components/bureaus/sub-agencies to better detect and understand threat activity.
Conventional old-school antivirus tools are no longer enough to protect against sophisticated cyber threats. The Federal Government has come to realize that advanced EDR offers the required capabilities to defend agencies and organizations, and it should be implemented in fewer than 180 days.
Government agencies will analyze the current status of their EDR capabilities, follow best practices and reference architectures, and ensure there are enough resources to manage the EDR deployment throughout the project lifespan.
EDR tool consideration and operation is one of the most critical functions of the security department. The wrong tools can confound end users with misery, waste administrators’ time with false positives and extended forensic efforts, and in the worst cases, catalyze a breach.
Tool efficiency is perhaps the top criteria for selecting an EDR solution. An excellent place to start your research is with the MITRE Engenuity ATT&CK test results, where you can identify the most effective players. Determine the vendors that match your organization’s security requirements and unique risks. As a next step, invite the top two or three providers to a detailed POC (proof of concept). By doing so, you’ll be able to evaluate the strengths and weaknesses of both the EDR offering and the vendor. Then, you’ll then need to ask yourself, ‘do I trust my organization’s cyber security with this vendor?’
Commercial enterprises should use this guidance to quickly re-evaluate their EDR tool selection and posture. The very short time frame OMB memo mandates for Agency efforts should be used as guidance for commercial entities.
Check Point Software offers a leading EDR solution that has focused on “Prevention” for many years and is a top test performer, deploying quickly and easily. As you compare your organizations cyber security to the standards enumerated upon in the latest executive order, use this as an opportunity to invigorate your EDR project. To get details about Check Point’s Harmony Endpoint protection and the latest MITRE Engenuity ATT&CK®, click here.
Improving the Nations Cybersecurity Executive Order: https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity
Memo on EDR from Office Of Management and Budget: https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf
Lastly, to get cutting-edge insights, analysis and resources in your inbox each week, sign up for the Cyber Talk newsletter.