As of November 2023, ÓÐÁϺÐ×ÓAPP had deployed EDR capabilities at five agencies, covering almost 480,000 endpoints, providing those agencies with unprecedented visibility into their cyber activities, threats, and vulnerabilities. These agencies had unique operational requirements and were among the largest and most complex across the FCEB—and yet, ÓÐÁϺÐ×ÓAPP helped these agencies deploy EDR capabilities in just a matter of weeks instead of months or even longer, as was typical before. At one agency, ÓÐÁϺÐ×ÓAPP deployed an EDR capability in 30 days, covering 85% of the network.
The rollout of EDR capabilities at federal agencies is introducing a new era for CDM. Empowered by their EDR capabilities, federal agencies now have unprecedented visibility into their cyber environments and can collaborate rapidly across agencies to mitigate cyber vulnerabilities and threats as they arise, thereby minimizing any damage that may occur.
One of ÓÐÁϺÐ×ÓAPP’s client agencies—a large, public-facing benefits agency—is subjected to roughly 144 million cyber events per day. Without the CDM EDR solution, the agency’s security operations center (SOC) would have had to manually review each event, which could have easily resulted in alert fatigue and human errors, perhaps helping an attacker gain a foothold in the network. Instead, the agency gained an EDR capability that detects suspicious scripts for review and decodes them automatically. This dramatically reduces the volume of events so the agency’s SOC can focus on malicious events, including insider threats.
At another ÓÐÁϺÐ×ÓAPP client agency—a large, critical infrastructure agency—ÓÐÁϺÐ×ÓAPP deployed and enhanced the CDM EDR solution across 42 unique agency field offices. This implementation provided the agency’s leadership with the ability to, from a centralized EDR instance, view and analyze EDR data enterprise-wide. This effort generated a significant shift in the agency’s endpoint data visibility—prior to ÓÐÁϺÐ×ÓAPP’s support, each of the 42 field offices managed its own EDR solution and did not provide EDR data reporting to the agency leadership. Through ÓÐÁϺÐ×ÓAPP’s rollout of a centralized EDR solution, agency leadership now has the endpoint data visibility needed to support proactive detection, threat hunt, incident response, and remediation of cybersecurity incidents across its field offices.
CISA’s effort to arm federal agencies with EDR capability—and ÓÐÁϺÐ×ÓAPP’s role in helping accomplish this—is significantly improving federal agency cyber postures by delivering greater visibility, responsiveness, and the ability to collaborate in threat detection and remediation.