Insight by Trellix

How endpoint detection and response tools can help make up for a talent shortage

The May 2021 cyber executive order told agencies, among many other things, that they “shall deploy an endpoint detection and response (EDR) initiative to support proactive detection of cybersecurity incidents within federal government infrastructure, active cyber hunting, containment and remediation, and incident response.”

The guidance from the Office of Management and Budget further details that requirement telling agencies they must ensure their EDR tools meet the Cybersecurity and Infrastructure Security Agency’s (CISA) technical requirements and...

READ MORE

Shape

EDR and XDR Overview

They can utilize technologies that's more advanced and can help them see key indicators and actually respond to attacks while they're in motion.

Shape

Partnerships for Threat Intelligence

A lot of the work you'll see coming over the years, especially in the threat intelligence world, is going to be what can we automate? A lot of the initial discovery logging analysis will get automated over time, which will help with that talent gap. But behind that, when it gets to the threat hunting and trying to figure out what's really going on, who's attacking you and where they're coming from, there is going to be a need in a lot of areas for augmentation of that service.

The May 2021 cyber executive order told agencies, among many other things, that they “shall deploy an endpoint detection and response (EDR) initiative to support proactive detection of cybersecurity incidents within federal government infrastructure, active cyber hunting, containment and remediation, and incident response.”

The guidance from the Office of Management and Budget further details that requirement telling agencies they must ensure their EDR tools meet the Cybersecurity and Infrastructure Security Agency’s (CISA) technical requirements and are deployed across their enterprise.

OMB says this approach is intended to maintain a diversity of different EDR tools throughout the government that can support agencies in differing technological environments, while ensuring a baseline of insight into activity across federal civilian agencies.

Ken Kartsen, the senior vice president for public sector at Trellix, said agencies have a desire and opportunity to use advanced capabilities like endpoint detection and response (EDR) and extended detection and response (XDR), to improve their protections against cyber attacks from nation states and foreign adversaries.

“They can utilize technologies that’s more advanced and can help them see key indicators and actually respond to attacks while they’re in motion,” Kartsen said on the discussion the Evolution of Detection and Response in the Public Sector. “Whereas EDR sits at the endpoint, it is detection and it is response. Whereas XDR sits in more of a security operations center (SOC) framework that enables detection throughout your cloud infrastructure, your network and your endpoints for response through any of the tools that you may have already invested in and having an ecosystem that leverages earlier investments is really critical. Because as much as we talk about technology refreshes and modernization, the reality is, you’ll always have a legacy infrastructure.”

Single pane of glass

This is why agencies need to ensure their EDR and XDR capabilities easily integrate into that legacy technology and feeds the data into a common dashboard.

The integration of tools and having a single pane of glass for cyber data are part of how agencies are creating a zero trust architecture.

Kartsen said agencies need to focus on protecting their endpoints because that’s where the critical data resides and the attackers will spend their efforts trying to breach.

Similarly to the federal sector, commercial companies are starting to take steps to protect their endpoints and data, said Britt Norwood, the senior vice president for global channel at Trellix.

Norwood said the reliance on advanced commercial capabilities whether in the private or public sector is partly due to the tight market for employees with cyber skills.

“It’s a real talent shortage. There are 2.5 million unfilled cybersecurity jobs right now, and that gap is getting worse and worse by the day,” he said. “A lot of the work you’ll see coming over the years, especially in the threat intelligence world, is going to be what can we automate? A lot of the initial discovery logging analysis will get automated over time, which will help with that talent gap. But behind that, when it gets to the threat hunting and trying to figure out what’s really going on, who’s attacking you and where they’re coming from, there is going to be a need in a lot of areas for augmentation of that service.”

Norwood said a lot of vendors like Trellix recognize that delivering advanced cyber services, especially around threat intelligence and threat hunting will be in demand in the coming years.

Managed services are in demand

The other challenge for many public and public sector organizations is how to make sense of all the data their tools are collecting.

“Using artificial intelligence and machine learning in your capabilities in your SOC is instrumental. You also have to take a look at how you fill those gaps,” Kartsen said. “We’re making a big effort to fill those shortages and to fill those gaps both through technology and through people.”

Kartsen said the move to managed services also is something many agencies are asking about, especially as they continue to work in a hybrid cloud environment.

“They’re actually saying, ‘can we just set up an agreement that you’re going to be able to protect us and defend us? You’ll be watching over our shoulders all the time,’” he said. “A lot of the questions get into what are the service level agreements (SLA) in the service and a lot of a lot more about the actual service itself. What they’re trying to do is just find somebody who can come in and actually just provide an on-demand service. They want us to keep an eye out for them so that somebody is watching over them 24 hours a day, seven days a week, as we know that these threats have no timeline.”

Featured speakers

  • Ken Kartsen

    Senior Vice President, Public Sector, Trellix

  • Britt Norwood

    Senior Vice President, Global Channel, Trellix

  • Jason Miller

    Executive Editor, Federal News Network