White House to federal agencies: Step up your endpoint monitoring

Federal agencies will be required to give the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency (CISA) details about how they gather and analyze threat-related information from their computer workstations and other endpoints, something known as endpoint detection and response, or EDR.

In a memo released late Friday, OMB Director Shalanda Young told agencies that they would need to assess the state of their endpoint detection and response and coordinate their efforts with CISA so there can be a more standard response to cyber threats across the federal government. The directive is part of a broader effort by the Biden administration to make federal government more proactive and less reactive to potential cyber attacks.

“EDR will improve the Federal Government’s ability to detect and respond to increasingly sophisticated threat activity on federal networks,” Young said in the memo, adding that she is seeking more early detection, remediation, and advanced technologies to protect government networks.

EDR combines real-time continuous monitoring of networks and the collection of endpoint data -- from things like workstations, mobile devices, and servers -- with automated responses and analysis, which allows network administrators and security officials to respond more quickly to threats like phishing attacks, polymorphic malware (which is constantly changing in order to evade detection), and nation state actors.

The memo said federal agencies will have 120 days to assess the status of their current capabilities, and then coordinate with CISA to fill any gaps they might find. The idea is to enable security officials to hunt for possible threats before they become full-fledged attacks.