Aug 26 2020
Security

How Endpoint Detection and Response Can Improve Election Security

EDR tools can help state and local government agencies monitor for anomalies.
Phil Goldstein
by

Phil Goldstein is a former web editor of the CDW family of tech magazines and a veteran technology journalist. He lives in Washington, D.C., with his wife and their animals: a dog named Brenna and two cats, Grady and Princess.

With the general election on Nov. 3 fast approaching, state and local governments are working with federal and nonprofit partners to shore up their election cybersecurity efforts.

A key element of those efforts has been the deployment of endpoint detection and response software, which is designed to identify and block malware and anomalous activity.

Over the past few months, many states have been partnering with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the nonprofit Center for Internet Security to deploy EDR, which is “a software agent installed on systems, servers, or in the cloud to provide malware and anomaly detection and remediate active threats,” as CIS notes.

As StateScoop reports, EDR software can “give administrators a better view of devices on their networks, which is crucial when updating voter files or downloading voter lists to the electronic poll books that go to polling places.”

Election Security EDR Tools Can Enhance Election Cybersecurity Monitoring* EDR is designed to “provide a strong complement to existing Albert Network Monitoring services, as well as provide increased security posture in a standalone deployment,” according to CIS. Albert sensors make “use of open-source software in combination with the expertise of CIS’s 24/7 Security Operations Center, providing enhanced monitoring and rapid notifications for much of the malicious traffic that election agencies may encounter,” StateTech repo

EDR Tools Can Enhance Election Cybersecurity Monitoring

EDR is designed to “provide a strong complement to existing Albert Network Monitoring services, as well as provide increased security posture in a standalone deployment,” according to CIS. Albert sensors make “use of open-source software in combination with the expertise of CIS’s 24/7 Security Operations Center, providing enhanced monitoring and rapid notifications for much of the malicious traffic that election agencies may encounter,” StateTech reports.

As the Associated Press reports, 30 state election offices have already integrated the EDR tools via a DHS pilot program that launched in March. EDR software is expected to be rolled out in at least nine more states by November, according to the AP, though fewer than 100 local government agencies have signed on to the program.

Oregon is one of the states that has deployed EDR tools. “We have that installed at the secretary of state in all of our election infrastructure, and across our whole network,” Peter Threlkel, director of information services for the Oregon Secretary of State, tells StateTech. “But we’re also looking to get that deployed out to the counties as well.”

“Under the program, CIS analysts would receive alerts of suspicious activity, allowing them to monitor and track suspicious activity across jurisdictions with the goal of early detection and mitigation,” the AP reports.

As cybersecurity firm CrowdStrike notes, EDR should ideally provide “real-time visibility across all your endpoints [to] allow you to view adversary activities, even as they attempt to breach your environment, and stop them immediately.”

Another key aspect of EDR, according to CrowdStrike, is access to “massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.”

EDR should also provide organizations with “behavioral protection” that looks for indicators of attacks so that IT security leaders and professionals are “alerted of suspicious activities before a compromise can occur.”

EDR tools should integrate threat intelligence to “provide context, including details on the attributed adversary that is attacking you or other information about the attack,” CrowdStrike notes.

Ideally, EDR will provide fast and accurate responses and be cloud-based to “ensure zero impact on endpoints, while making sure capabilities such as search, analysis and investigation can be done accurately and in real time,” according to CrowdStrike.

“The threat actors are creating over a million new strings of malware a day,” Michael Atkinson, manager of Mandiant Solutions at FireEye, tells the AP. “If you don’t have the capacity to search in your endpoint infrastructure for the bad guys and have human cybersecurity experts work on that for you, in the end, compromise will likely be inevitable.”

READ MORE: Learn how Colorado Secretary of State Jena Griswold is protecting her state's election infrastructure. 

globalmoments/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now