Skip to main content
Join Our Mailing List
Young Students Working Together
Programs and Services » Tech20 » Race4Fifteen » Lap 1: Managed Endpoint Detection and Response (EDR)

Lap 1: Managed Endpoint Detection and Response (EDR)

Managed Endpoint Detection and Response (EDR) is a cybersecurity service that provides 24/7 monitoring and analysis of endpoint activity to detect and respond to threats in real-time, often by a third-party monitoring vendor. Unlike traditional antivirus solutions, managed EDR offers advanced threat detection by identifying signatures of known malware.
 
Why it Matters: Software vulnerabilities, phishing campaigns, and malicious websites can grant attackers a foothold on managed devices. After gaining this foothold, attackers will often install malicious software to maintain persistence, perform reconnaissance, pivot to other network assets, and exfiltrate sensitive data. Advanced endpoint detection and response can help prevent this type of malicious activity on your school system’s network.
 
Main Points: 
  • Managed EDR services continuously monitor endpoints for suspicious activity, looking for patterns and anomalies that might indicate a threat.  
  • Using advanced analytics and AI, Managed EDR solutions identify and classify threats in real-time, including advanced malware, fileless attacks, and other sophisticated tactics.  
  • Many Managed EDR services offer incident response capabilities, including threat hunting, investigation, and containment of threats.  
  • Managed EDR typically includes support from a security team or Security Operations Center (SOC) that can provide expert analysis, incident response guidance, and proactive threat hunting.
 
Actions to Take:
  • Texas schools that qualify can have TEA fund SentinelOne or CrowdStrike for a limited number of devices. Visit the  TEA K-12 Cybersecurity Initiative site or contact your Education Service Center, Region 20 Cyber team for more details. 
  • Texas schools can purchase SentinelOne from the Education Service Center, Region 20 at a discounted price. 
 

How do I know if EDR is installed and working?  

  • On a Windows device, craft an eiacr.txt file with the EICAR test string: https://en.wikipedia.org/wiki/EICAR_test_file. Change the file extension to ‘.com’ and observe the result. If the file is detected, hidden, deleted, or otherwise removed, you are likely protected. Otherwise, your district may be at risk.
 
Cybersecurity Security Plan Controls 

Texas Cybersecurity Framework: AM, AC, DS, CM 

NIST Cybersecurity Framework: AM, AC, DS, CM 
 Center for Internet Security (CIS) v8: 13.7  CISA Cybersecurity Performance Goal (CPGs: 3.A 

K12six Essentials Cybersecurity Protection: 2.2 

TEA cyber initiative: Yes FY24-25

TxSSC Cyber Annex Control: CS16