EDR BP - Is this Maturity 1?

[JTAGulous]

Hey all,

I don't think this is a maturity 1 activity. Stupid question: do we think most maturity 1 orgs will have the capability to deploy and use EDR? If we're lumping anti-malware as a whole here, I think we should break this out into antimalware for maturity 1, and EDR for 2 and 3.

Here's what's listed as maturity 1 under EDR

• Implement best practices for EDR:
  • Delegate personnel to monitor and act on detections.
  • Export information regularly from the control panel to local hardware backups, so you always have access to data needed for audits and investigations.
  • Consider available staffing resources to support any new security infrastructure and the associated responsibilities. Many EDR providers offer solutions supported by a 24×7 team to manage and respond to identified incidents.
  • Refer to the _EI-ISAC Cyber Incident Checklist <https://www.cisecurity.org/insights/white-papers/cyber-incident-checklist> to manage security events.

[mike-garcia]

Confirmed with Marci: per EI-ISAC action plan, EDR is for all maturity levels. Let's keep it in 1.