EDR and XDR Overview
They can utilize technologies that's more advanced and can help them see key indicators and actually respond to attacks while they're in motion.
Ken Kartsen
Senior Vice President, Public Sector, Trellix
Experts from Trellix say agencies need to focus on protecting their endpoints because that’s where the critical data resides and the attackers will spend thei...
They can utilize technologies that's more advanced and can help them see key indicators and actually respond to attacks while they're in motion.
Senior Vice President, Public Sector, Trellix
A lot of the work you'll see coming over the years, especially in the threat intelligence world, is going to be what can we automate? A lot of the initial discovery logging analysis will get automated over time, which will help with that talent gap. But behind that, when it gets to the threat hunting and trying to figure out what's really going on, who's attacking you and where they're coming from, there is going to be a need in a lot of areas for augmentation of that service.
Senior Vice President, Global Channel, Trellix
The May 2021 cyber executive order told agencies, among many other things, that they “shall deploy an endpoint detection and response (EDR) initiative to support proactive detection of cybersecurity incidents within federal government infrastructure, active cyber hunting, containment and remediation, and incident response.”
The guidance from the Office of Management and Budget further details that requirement telling agencies they must ensure their EDR tools meet the Cybersecurity and Infrastructure Security Agency’s (CISA) technical requirements and are deployed across their enterprise.
OMB says this approach is intended to maintain a diversity of different EDR tools throughout the government that can support agencies in differing technological environments, while ensuring a baseline of insight into activity across federal civilian agencies.
Ken Kartsen, the senior vice president for public sector at Trellix, said agencies have a desire and opportunity to use advanced capabilities like endpoint detection and response (EDR) and extended detection and response (XDR), to improve their protections against cyber attacks from nation states and foreign adversaries.
“They can utilize technologies that’s more advanced and can help them see key indicators and actually respond to attacks while they’re in motion,” Kartsen said on the discussion the Evolution of Detection and Response in the Public Sector. “Whereas EDR sits at the endpoint, it is detection and it is response. Whereas XDR sits in more of a security operations center (SOC) framework that enables detection throughout your cloud infrastructure, your network and your endpoints for response through any of the tools that you may have already invested in and having an ecosystem that leverages earlier investments is really critical. Because as much as we talk about technology refreshes and modernization, the reality is, you’ll always have a legacy infrastructure.”
This is why agencies need to ensure their EDR and XDR capabilities easily integrate into that legacy technology and feeds the data into a common dashboard.
The integration of tools and having a single pane of glass for cyber data are part of how agencies are creating a zero trust architecture.
Kartsen said agencies need to focus on protecting their endpoints because that’s where the critical data resides and the attackers will spend their efforts trying to breach.
Similarly to the federal sector, commercial companies are starting to take steps to protect their endpoints and data, said Britt Norwood, the senior vice president for global channel at Trellix.
Norwood said the reliance on advanced commercial capabilities whether in the private or public sector is partly due to the tight market for employees with cyber skills.
“It’s a real talent shortage. There are 2.5 million unfilled cybersecurity jobs right now, and that gap is getting worse and worse by the day,” he said. “A lot of the work you’ll see coming over the years, especially in the threat intelligence world, is going to be what can we automate? A lot of the initial discovery logging analysis will get automated over time, which will help with that talent gap. But behind that, when it gets to the threat hunting and trying to figure out what’s really going on, who’s attacking you and where they’re coming from, there is going to be a need in a lot of areas for augmentation of that service.”
Norwood said a lot of vendors like Trellix recognize that delivering advanced cyber services, especially around threat intelligence and threat hunting will be in demand in the coming years.
The other challenge for many public and public sector organizations is how to make sense of all the data their tools are collecting.
“Using artificial intelligence and machine learning in your capabilities in your SOC is instrumental. You also have to take a look at how you fill those gaps,” Kartsen said. “We’re making a big effort to fill those shortages and to fill those gaps both through technology and through people.”
Kartsen said the move to managed services also is something many agencies are asking about, especially as they continue to work in a hybrid cloud environment.
“They’re actually saying, ‘can we just set up an agreement that you’re going to be able to protect us and defend us? You’ll be watching over our shoulders all the time,’” he said. “A lot of the questions get into what are the service level agreements (SLA) in the service and a lot of a lot more about the actual service itself. What they’re trying to do is just find somebody who can come in and actually just provide an on-demand service. They want us to keep an eye out for them so that somebody is watching over them 24 hours a day, seven days a week, as we know that these threats have no timeline.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Senior Vice President, Public Sector, Trellix
Senior Vice President, Global Channel, Trellix
Executive Editor, Federal News Network
Senior Vice President, Public Sector, Trellix
Senior Vice President, Global Channel, Trellix
Britt Norwood is SVP, Global Channels and Commercial at Trellix. In this role, he serves as sales leader of the global, channel and commercial business internationally and runs Trellix’s renewal business for commercial, enterprise and public sector organizations. With 25+ years of experience in technology sales, Britt has also held sales leadership roles at McAfee, Salesforce and Cisco.
He believes in leading his teams tackle new challenges without fear and to do right by customers, partners and each other, to listen to stakeholders to truly understand their business problems and solve them.
Executive Editor, Federal News Network
Jason Miller has been executive editor of Federal News Network since 2008. Jason directs the news coverage on all federal issues. He has also produced several news series – among them on whistleblower retaliation at the SBA, the overall impact of President Obama’s first term, cross-agency priority goals, shared services and procurement reform.