My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
01/12/2021
CBCC
>
Meetings
>
2020's
>
2021
>
01/12/2021
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/11/2021 10:50:54 AM
Creation date
2/11/2021 10:49:21 AM
Metadata
Fields
Template:
Meetings
Meeting Type
BCC Regular Meeting
Document Type
Agenda Packet
Meeting Date
01/12/2021
Meeting Body
Board of County Commissioners
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
113
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
r aJ r� -i FI <br />INDIAN RIVER COUNTY, FLORIDA <br />MEMORANDUM <br />TO: Jason E. Brown, County Administrator <br />L DEPARTMENTAL <br />FROM: Dan Russell, Information Technology Director <br />SUBJECT: End Point Protection (EPP) / End Point Detection & Response (EDR) and Managed <br />Detection & Response Procurement Recommendation <br />DATE: January 12, 2021 <br />BACKGROUND: <br />On October 22, 2020, the Indian River County (IRC) Board of County Commissioners (BoCC) <br />network was the target of a cyber -attack. Fortunately, the IRC Information Technology (IT) <br />Department staff discovered the attack in progress and were able to successfully mitigate the attack <br />with no loss of data. The IRC BoCC staff did experience a limited, self-imposed, loss of certain <br />technology services while a forensic investigation was conducted to ensure that any unauthorized <br />access to the network was eradicated. Subsequent to completing the forensics investigation, the <br />IRC IT staff examined the attack vectors that were deemed contributory to the attack and determined <br />that the current end point protection (EPP) & anti-virus (AV) software should be upgraded to assist <br />with detection and response to future cyber -attacks. <br />ANALYSIS <br />The EEP & AV software currently in use is signature based. This type of anti-virus software relies <br />upon pre -distributed malware signatures to detect anomalous computing or network behavior. <br />Signatures are updated on a recurring basis; however, the detection capabilities of this type of legacy <br />software are limited to known malware attacks and do not provided protection against new or <br />previously unknown malware attacks. Cyber criminals are constantly innovating the techniques used <br />to conduct their attacks. Legacy AV software is inherently disadvantaged when it comes to detecting <br />attacks for which signatures have yet to be developed. Next generation (Nextgen) EEP & AV <br />software solves this dilemma via the additional of Extended Detection & Response (EDR) <br />functionality. <br />EDR is an integrated end point security solution that combines real-time continuous monitoring and <br />collection of endpoint data with rules -based automated response and analysis capabilities to enable <br />cyber security teams to quickly identify and respond to threats. The primary functions of an EDR <br />security system are to: <br />1. Monitor and collect activity data from end points that could indicate a threat. <br />2. Analyze that data to identify threat patterns. <br />3. Automatically respond to identified threats to remove or contain them, and to notify <br />cybersecurity personnel. <br />4. Provide forensics and analysis tools to search for/research suspicious activities. <br />EDR tools work by monitoring endpoint and network events and recording the information in a central <br />database where further analysis, detection, investigation, reporting, and alerting take place. A <br />software agent installed on the host system provides the foundation for event monitoring and <br />reporting. Most EDR tools address the "response" portion through sophisticated analytics that <br />identify patterns and detect anomalies, such as rare processes, strange or unrecognized <br />connections, or other risky activities flagged based on baseline comparisons. This process can be <br />End Point Protection (EPP) / End Point Detection & Response (EDR) and Managed Detection & Response Procuremept4 <br />Recommendation b <br />
The URL can be used to link to this page
Your browser does not support the video tag.