Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CISA Seeking Answers for Implementation of Endpoint Detection and Response Tools

The agency has an idea of what it wants from the capability but is soliciting industry input on key aspects of an enduring investment plan.

A request for information from the Cybersecurity and Infrastructure Security Agency provides insight into what federal buyers will be looking for in technology central to the Biden administration’s visibility-focused cybersecurity plan, but looks to industry for input on crucial elements.

“What minimum sets (types) of critical [Endpoint Detection and Response] data should be collected by security analysts to identify advanced threats or evidence of an active breach?” reads the RFI, responses to which are due Nov. 8. “What is[sic] the recommended retention periods per dataset to balance operational effectiveness against costs?”

The question of how long logs containing information that could provide clues into cybersecurity incidents should be maintained emerged as a sticking point following breaches at federal contractors Microsoft and SolarWinds when CISA noted limited logging capabilities of Microsoft Azure’s cloud services except at premium levels. Microsoft has since offered federal agencies a one-year free trial of advanced logging for cybersecurity auditing.

The maintenance of logs is one element in a class of offerings referred to as EDR, which is specifically mentioned in a May 12 executive order responding to SolarWinds and other major breaches. The order directs the Office of Management and Budget and the Department of Homeland Security to “issue requirements for [Federal Civilian Executive Branch] Agencies to adopt federal government-wide EDR approaches.” 

OMB recently instructed agencies to cooperate with CISA by sharing their current EDR status and coming up with plans to optimize their deployment of the technology. 

“This process involves addressing gaps in both coverage of the EDR tools across the agency’s endpoints as well as in functionality for tools that may not be fully configured to leverage functions and features of the product in alignment with CISA’s requirements,” CISA wrote in the RFI posted Thursday. “As part of this approach, CISA has defined a common set of EDR requirements to ensure that agencies gain the necessary visibility and response functionality needed to effectively detect and respond to cyber intrusions. This strategy ensures that CISA invests in market leading EDR tooling, founded on standards-based validation processes, that are proven effective against known and novel Tactics, Techniques, and Procedures.”

Among other things, CISA asked about the extent to which vendors’ EDR tools worked with other products and their incorporation of other advanced technologies such as machine learning and robotic process automation.

The government stressed that the RFI does not commit them to issuing a solicitation based on the market research, but notes that CISA and the General Services Administration may invite industry respondents for one-on-one meetings based on their responses.

In a section on experience and capabilities, the RFI also asks respondents to state whether their EDR tool is on a list of products approved under DHS’ Continuous Diagnostics and Mitigation program. “In order for your product to be considered it needs to be on the CDM APL,” it says.

Source: https://www.nextgov.com/cybersecurity/2021/10/cisa-seeking-answers-implementation-endpoint-detection-and-response-tools/186175/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO