The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) Program is helping Federal agencies to make progress on mandates in President Biden’s cybersecurity executive order to install endpoint detection and response (EDR) on their networks, a senior CISA official said.
At an Oct. 18 event sponsored by Cribl, Sean Connelly, the Trusted Internet Connections (TIC) program manager and senior cybersecurity architect at CISA, explained that the cybersecurity executive order (EO) requires agencies to deploy EDR tech, and how CDM is helping with that.
“Some agencies have a pretty mature EDR rollout, and so it’s not as applicable to them,” he said. “Some agencies almost have a different variety of EDRs and they’re using this to collapse those EDRs down, they have more of just an enterprise-type solution.”
“Other agencies are just starting out with EDR, and this is where our CDM program can help agencies and help them put those types of agents and solutions on those endpoints and secure them,” he said.
At the beginning of this month, CISA’s threat-hunting teams were able to – first the first time – have persistent access to agencies’ EDR tools. This effort – long one of the key goals of the CDM program – allows CISA to do collaborative threat hunting with agencies.
“This is incredibly important because it changes the paradigm for CISA – before of us being a reactionary agency – for us being now a proactive agency and helping agencies identify risks in near real-time and kind of changing the game to a collaborative operations type of setup,” Richard Grabowski, acting program manager of CISA’s CDM program, said last week.
He said CISA expects to be done with most of its end of the EDR work by fiscal year 2023.
The agency’s collaborative EDR work – along with its work in assisting agencies with zero trust – is less of a technical challenge and more of a process, Connelly said.
“It’s not as much maybe about the technical solution, which of course is important, but about these teams working together in new ways to meet these common outcomes,” Connelly said. “I think both bottom-up and top-down we’re trying to help agencies as much as we can.”