The Fed’s EDR focus will unlock opportunities in cyber defense

By Amanda Mull, Contract Specialist

The cybersecurity of the federal government is constantly under attack.  A recent FISMA report from the Office of Management and Budget noted that in FY2020, agencies reported 30,819 cybersecurity incidents to the U.S. Computer Emergency Readiness Team. The variety of attack vectors continues to evolve, creating a dynamic threat landscape.

The government is addressing this challenge by mandating Endpoint Detection and Response (EDR) tools. Companies that can offer these tools and capabilities will be well-positioned to build their federal customer portfolio.

EDR is an integrated security solution that detects threats by combining real-time continuous monitoring and collection of endpoint data with rules-based automated responses and analysis capabilities. The data collected helps determine system security. Evaluation and machine analysis of the data provides coordinated detection of threats and conditions that elicit programmed responses, including follow up via human notifications and further actions to mitigate any potential or actual threats. 

EDR initiatives and Approved Product listing

On January 10, the Cybersecurity and Infrastructure Security Agency announced an expanded and revised EDR technical capability definition and new requirements for adding EDR items to the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program’s Approved Product List.

The federal EDR initiative includes a CISA dashboard to record data collected from all federal executive agency and department information systems. The dashboard metrics are intended to provide an overall federal cyber threat analysis. OMB and other federal actors plan to use the dashboard metrics to evaluate vulnerabilities and make budgetary decisions to fund cybersecurity improvements.

Agency EDR responsibilities and FISMA updating

Expectations for agency engagement are high. EDR implementation is mandated, and agencies must continue to develop and mature their EDR solutions – along with continued reporting of endpoint data to the coordinated CISA federal dashboard.

On January 11, 2021, the House Oversight and Reform Committee leadership released a draft updating the 2014 Federal Information Security Management Act, which sets cybersecurity requirements for federal civilian agencies. The draft reflects an ongoing federal commitment to broad, enterprise-level, proactive cyber defense policies to improve the government’s overall cyber security and programmatic tracking and response to threats.

EDR plays a huge part in this proposed revision and addresses many of the items noted for improvement. Collaboration and sharing of best practices is encouraged at all levels to accelerate EDR solution deployment, and development of threat responses. 

The field of cyber threat detection and response is open and ripe for innovation. Because the frequency, type and source of threats and attacks are like shifting sands, the EDR resources to identify and react need to be just as versatile and flexible. Vendors must be prepared to accommodate changing requirements from the government to seize continued opportunities emerging from this initiative.

Keep on top of IT trends in government. Subscribe to the Government Sales Insider blog now!

To learn more about how immixGroup can help you get on the CDM approved products list, visit our website here.

About Amanda Mull
Currently a Contract Specialist for immixGroup, Inc. I help public sector sales professionals understand federal contracting vehicles, and respond to IT sales opportunities. Special knowledge of the DHS/CISA CDM Program for the GSA IT Schedule 70 and the U.S. Army ITES-SW2 Contract via the CHESS IT E-Mart. 20+ years as ACO for GSA schedule 84 Security, Access Control and Surveillance System Products & Services Company; 10 + years as a Corporate Compliance Officer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: