My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
01/12/2021
CBCC
>
Meetings
>
2020's
>
2021
>
01/12/2021
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
2/11/2021 10:50:54 AM
Creation date
2/11/2021 10:49:21 AM
Metadata
Fields
Template:
Meetings
Meeting Type
BCC Regular Meeting
Document Type
Agenda Packet
Meeting Date
01/12/2021
Meeting Body
Board of County Commissioners
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
113
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
automated so that anomalies trigger alerts for immediate action or further investigation. Many <br />endpoint detection and response tools also allow for manual or user -led analysis of data as well. <br />New features and services are expanding EDR solutions' ability to detect and investigate threats. <br />For example, third -party threat intelligence services increase the effectiveness of endpoint security <br />solutions. Threat intelligence services provide an organization with a global pool of information on <br />current threats and their characteristics. That collective intelligence helps increase an EDR's ability <br />to identify exploits, especially multi -layered and zero -day attacks. Many EDR security vendors offer <br />threat intelligence subscriptions as part of their endpoint security solution. <br />Additionally, new investigative capabilities in some EDR solutions can leverage Al and machine <br />learning to automate the steps in an investigative process. These new capabilities can learn an <br />organization's baseline behaviors and use this information, along with a variety of other threat <br />intelligence sources, to interpret findings. <br />Another type of threat intelligence is the Adversarial Tactics, Techniques, and Common Knowledge <br />(ATT&CK) project underway at MITRE, a nonprofit research group that works with the U.S. <br />government. ATT&CK is a knowledgebase and framework built on the study of millions of real-world <br />cyberattacks. ATT&CK categorizes cyberthreats by various factors, such as the tactics used to <br />infiltrate an IT system, the type of system vulnerabilities exploited, the malware tools used; and the <br />criminal groups associated with the attack. The focus of the work is on identifying patterns and <br />characteristics that remain unchanged regardless of minor changes to an exploit. Details such as IP <br />addresses, registry keys, and domain numbers can change frequently. But an attacker's methods— <br />or "modus operandi" -usually remain the same. An EDR can use these common behaviors to <br />identify threats that may have been altered in other ways. <br />In preparation for making this recommendation, the IRC IT staff reviewed a number of EPP and EDR <br />tools from various suppliers. The list software products considered for recommendation was reduced <br />to the list below because these particular products each met all of the criteria of an EDR solution, as <br />described above. <br />1. Sentinel One; 2. Carbon Black; 3. Crowdstrike; 4. GreyMatter; 5. Rapid7; 6. Secureworks <br />Of the products reviewed the Sentinel One EPP & EDR product was deemed to best meet the <br />County's requirements based on a combination of functionality and price. <br />As previously noted, it is possible to automate the EDR system response to many, but not all, of the <br />alerts generated by end points. The EDR system must be actively monitored to ensure that all alerts <br />are responded to appropriately. The IRC IT staff considered three options for monitoring the EDR <br />system. <br />1. Monitor the EDR system with IRC IT Staff <br />2. Managed Detection and Response (MDR) through a professional services supplier <br />3. MDR & prepaid.cyber Incident Response (IR) through a professional services supplier <br />The options above are presented in order of risk reduction with option #1 carrying the most risk and <br />option #3 the least. They are ordered in a good, better, best format. <br />Option #1 - using the IRC IT staff to monitor the EDR system is the option that carries the most <br />residual risk as the IRC IT staff is not staffed to provide 24 x 7 monitoring support and does not <br />specialize in cyber incident detection and response. Option #2 - using an MDR service through a <br />supplier reduces this risk by providing 24 x 7 monitoring and response provided by cyber security <br />professionals that perform this function daily and as such are intimately familiar with current and <br />evolving cyber -attack techniques. Option #3 - using an MDR supplier to perform monitoring & <br />detection and prepaying for cyber incident response (IR) support has the added benefit of having a <br />cyber incident response team available to support immediately upon detection of a cyber breach <br />End Point Protection (EPP) / End Point Detection & Response (EDR) and Managed Detection & Response ProcuremeA� <br />Recommendation U <br />
The URL can be used to link to this page
Your browser does not support the video tag.