[TheRecord] White House to federal agencies: Step up your endpoint monitoring

Federal agencies will be required to give the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency (CISA) details about how they gather and analyze threat-related information from their computer workstations and other endpoints, something known as endpoint detection and response, or EDR.

In a memo released late Friday, OMB Director Shalanda Young told agencies that they would need to assess the state of their endpoint detection and response and coordinate their efforts with CISA so there can be a more standard response to cyber threats across the federal government. The directive is part of a broader effort by the Biden administration to make federal government more proactive and less reactive to potential cyber attacks.

“EDR will improve the Federal Government’s ability to detect and respond to increasingly sophisticated threat activity on federal networks,” Young said in the memo, adding that she is seeking more early detection, remediation, and advanced technologies to protect government networks.

EDR combines real-time continuous monitoring of networks and the collection of endpoint data — from things like workstations, mobile devices, and servers — with automated responses and analysis, which allows network administrators and security officials to respond more quickly to threats like phishing attacks, polymorphic malware (which is constantly changing in order to evade detection), and nation state actors.

The memo said federal agencies will have 120 days to assess the status of their current capabilities, and then coordinate with CISA to fill any gaps they might find. The idea is to enable security officials to hunt for possible threats before they become full-fledged attacks. 

The post White House to federal agencies: Step up your endpoint monitoring appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Realtek SDK Vulnerabilities Exploited in Attacks Days After Disclosure

All posts, Security Week

Researchers noticed that threat actors started exploiting Realtek SDK vulnerabilities shortly after their details were made public. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] US House terminates deal with iConstituent after company waited days to raise ransomware alarm

All posts, ZDNet

The constituent communication platform was hit with a ransomware attack in May and waited nearly a week to notify government officials. Source: Read More (Latest topics for ZDNet in Security)

Read More

[BleepingComputer] Mexico walls off national lottery sites after ransomware DDoS threat

Access to Mexico’s Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. […] Source: Read More (BleepingComputer)

Read More