CrowdStrike and CISA have announced a new partnership that will see the cybersecurity company provide endpoint security for the government organization -- and others -- while also "operationalizing" the Executive Order endpoint detection and response (EDR) initiative.
CrowdStrike was chosen as one of the platforms to support the initiative at multiple federal agencies and will use its CrowdStrike Falcon platform to "secure critical endpoints and workloads for CISA and multiple other major civilian agencies."
Executive Order (EO) 14028, which President Joe Biden signed in May, listed a variety of measures that needed to be taken across the government to better secure systems in the wake of the SolarWinds scandal and other breaches. Government organizations were urged to do more threat hunting, EDR, and IT modernization while also further embracing cloud technologies.
George Kurtz, co-founder and CEO of CrowdStrike, said CISA is on the front lines when it comes to defending the US government's most critical assets against evolving threats that nation-state and eCrime adversaries present.
"Improving our nation's defenses and cyber resiliency requires strong collaboration between the government and the private sector. This partnership will arm CISA and government agencies with CrowdStrike's powerful technology and elite human expertise to stop sophisticated attacks and protect our nation's critical infrastructure," Kurtz said.
James Yeager, a vice president at CrowdStrike, told ZDNet that CISA was looking to beef up its Continuous Diagnostics and Mitigation (CDM) program and "advance its mission of securing civilian '.gov' networks and leading the national effort to understand and manage cyber and physical risk to critical infrastructure."
The White House is providing funds for the project through the American Rescue Plan. Yeager said the company encouraged agencies to work with CISA to ensure their security program is equipped to enable proactive threat hunting and a coordinated response strategy to combat advanced threats.
"The United States and allied nations face unprecedented threats from today's adversaries. Continuous cyberattacks on critical infrastructure, supply chains, government agencies, etc., present significant ongoing threats to national security and the critical services millions of citizens rely on every day," Yeager said.
"The federal government cannot afford to stay static amidst an evolutionary and highly dynamic threat landscape. Visibility is key. You cannot defend what you cannot see. The state of the endpoint has evolved, yielding a highly complex and expanded attack surface. As a result, we need to broaden the scope of visibility. Agencies need solutions that can collect and correlate data across multiple security layers -- email, endpoint, server, cloud workload, and the network -- for faster detection of threats and improved investigation and response times through automation and data analysis."
Yeager added that with the shift toward a remote workforce, security policies need to include remote working access management, the use of personal devices, and updated data privacy considerations for employee access to documents and other information.
"Moreover, agencies need to employ protection measures that can quickly adapt and scale to support this modified IT landscape, by leveraging innovative tooling that is effective against all types of threats and that supports all workloads -- on-premise systems, remote devices, cloud instances, and virtual machines," Yeager explained.