Oct 14–The US is trying to proactively resolve its cyber security challenges. Re-engineering and investments in cyber security resources have been gradual, and in the opinions of some, too slow. The Biden administration aims to help federal agencies quickly patch cyber security gaps and is doing so in a myriad of ways.
As part of the larger shift in the US federal defense strategy, executive order number 14208 directs government agencies to adopt robust Endpoint Detection and Response solutions. This directive is intended to enhance agencies’ capacities to detect and respond to incoming cyber threats. Outcomes are expected to include:
- Improved abilities to detect, respond and remediate threats on networks, using advanced technologies and leading industry best practices.
- Increased visibility across networks and agencies, with greater shared threat intelligence.
- Government-wide visibility via a centrally located EDR initiative owned by CISA, which will help coordinate analysis and response.
Endpoint Detection and Response (EDR)
Organizations are encouraged to map their own capabilities to those recommended by CISA in the federal directive. Endpoint detection and response tools offer real-time threat monitoring and data collection capacities, using rule-based automated response and analytics functions. When compared to traditional cyber security tools, endpoint detection and response tools offer increased levels of visibility, and can easily complement zero-trust architecture development. They also allow for:
- Rapid investigations; they automate data collection and processes and certain response activities.
- Contextualized threat hunting; they show granular information pertaining to an endpoint’s status.
- Remediation automation; they can use predefined rules to perform specific incident response activities.
Ultimately, next-generation EDR solutions can drive operational efficiency and coordinated responses to cyber threats. For more information about EDR options, click here.
Improving US cyber security
Cyber security upgrades are critical in keeping US infrastructure safe and in keeping the country’s defense competitive. The most recent executive order will also improve software supply chain security, establish a cyber safety review board, help draft a standard playbook for responding to cyber incidents and more.
CISA will work closely with the federal government to modernize the Federal Risk and Authorization Management Program (FedRAMP) and will support federal agencies in better understanding roles and responsibilities as they pertain to cyber security. The goal is to create agile agencies that can rapidly respond to emerging cyber threats.