The White House order to deploy Endpoint Detection and Response
The White House order FCEB Agencies to deploy an Endpoint Detection and Response (EDR) initiative to support proactive detection of cybersecurity incidents within Federal Government infrastructure, active cyber hunting, containment and remediation, and incident response.
The White House wrote:
“
…
Sec. 7. Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks.
(a) The Federal Government shall employ all appropriate resources and authorities to maximize the early detection of cybersecurity vulnerabilities and incidents on its networks. This approach shall include increasing the Federal Government’s visibility into and detection of cybersecurity vulnerabilities and threats to agency networks in order to bolster the Federal Government’s cybersecurity efforts.
(b) FCEB Agencies shall deploy an Endpoint Detection and Response (EDR) initiative to support proactive detection of cybersecurity incidents within Federal Government infrastructure, active cyber hunting, containment and remediation, and incident response.
(c) Within 30 days of the date of this order, the Secretary of Homeland Security acting through the Director of CISA shall provide to the Director of OMB recommendations on options for implementing an EDR initiative, centrally located to support host-level visibility, attribution, and response regarding FCEB Information Systems.
(d) Within 90 days of receiving the recommendations described in subsection (c) of this section, the Director of OMB, in consultation with Secretary of Homeland Security, shall issue requirements for FCEB Agencies to adopt Federal Government-wide EDR approaches. Those requirements shall support a capability of the Secretary of Homeland Secretary, acting through the Director of CISA, to engage in cyber hunt, detection, and response activities.”
Why is normal Antivirus not enough?
Cybercriminals are becoming more adept and smarter at their trade and using advanced threats to breach into networks.
Traditional antiviruses provide you a basic level of protection from such advanced cyber-attacks and are not sufficient to meet your network security needs. A traditional antivirus program detects malware and viruses by signature-based detection which is loaded in its database.
However, hackers are now capable of creating malware with continuously evolving codes which can easily bypass traditional antiviruses.
You need an Endpoint Detection and Response (EDR) solution.
How can Endpoint Detection and Response – EDR solutions help you?
Endpoint Detection and Response – EDR solutions are tools which help you in detection and investigation of suspicious activities across all the endpoints (Endpoints include laptops, mobile devices, workstations, servers, and any entry-point to the network) of your digital perimeter. It is becoming the preferred technology for enterprises to provide better security for their networks when compared with the traditional antivirus.
EDR solutions work by using AI and machine learning for monitoring network and endpoint events and storing the information on a centralized database for further analysis, investigation, or reporting. Suitable software is installed on the host which helps in data monitoring and reporting on the potential threats.
https://www.consultlocus.com/home/services/solutions/detect/leaving-antivirus-solutions/