Install of EDR by CISA

Washington Post, today.

During the past year, the Cybersecurity and Infrastructure Security Agency (CISA) has deployed or updated a suite of monitoring tools that — essentially for the first time ever — give the agency broad visibility into hacking threats across most of the civilian government.

• Since Biden’s order, CISA has installed tools to detect hacking threats on computers and servers at 15 federal agencies. This is called “endpoint detection and response” (EDR) and it’s widely viewed as far more effective than merely monitoring for threats as they enter an organization’s network.
?• CISA is in the process of installing those endpoint detection tools at 11 other agencies now. It expects to have them installed or in the process of being installed at 53 total agencies by the end of September. That’s slightly over one-half of all federal government agencies.
?• “In implementing its EDR initiative, CISA has prioritized those agencies affected by the SolarWinds compromise and most have or are in the process of setting up EDR on their networks,” Goldstein told me after the hearing.?
• The agency has also signed or updated agreements with all federal agencies to collect a separate set of cyberthreat data from their computers — a system called continuous diagnostics and mitigation — and is feeding that data back to most large agencies to help them spot and deal with the biggest threats.

Long Democracy,
Long Crowdstrike 11%