Methodology

Deploying or changing EDR: a team effort

Who to involve in a project to deploy or change EDR, before and during the implementation of a cyber project.
3 min

An organization must ensure coordination between the various stakeholders upstream of, and during, the deployment or changeover of an EDR product. But in concrete terms, who is involved? What are the roles and responsibilities? Who coordinates the project? An overview of the professions and teams involved.

Who needs to be involved in an EDR deployment project?

First and foremost, the role of a CISO is to identify the perimeter and types of endpoints to be protected against attacks, based on his or her analysis of the context, and the risks to the Information System.
He or she can call on the Infrastructure Manager to assess the constraints and risks for the infrastructure. 

As for the IT Department, its mission is to identify all the requirements for equipping itself with an EDR, in coordination with the SOC Manager and the CISO: 

  • perimeter and types of endpoints to be protected, 
  • environmental integration constraints, 
  • interconnection with infrastructure services and third-party cybersecurity applications…. 

Where necessary, the SOC Manager must also contribute to defining functional requirements and the level of service required (management ofEDR, support, on-call duty, etc.). 

Finally, as far as legal and regulatory obligations are concerned, the Legal department, the DPO and the IT department must be consulted, as well as the Business teams who have a clear view of the obligations in force. 

And in practice, who does the CISO need to talk to, when, and for what information?
Here’s an overview to help you anticipate and ensure the best possible deployment or migration conditions.

Teams to contact before deploying EDR

Here are the different stages involved in deploying – or even changingEDR – the scope and teams that a CISO needs to mobilize. 

  • Check availability for the migration site – Estimate workload, planning
    With whom? Board / CEO – CIO – SOC

  • Preparation of contractual aspects – Definition of contract terms, and management of the end of the contract with the former supplier if applicable
    Who is involved? Purchasing – Legal

  • Legal and regulatory issues – RGPD, PCI-DSS, specific market questions…
    With whom? DPO – Compliance Department

  • Activation of reversibility clauses in the event of a change ofEDR – Recovery of telemetry data, specific configurations, summary of work to adapt detection to the IS
    With whom? Former Editor 

Teams to call on during the deployment of EDR

During the deployment phase of EDR, the CISO has to stay on deck, in contact with the supplier! 

  • Follow-up of the migration project – Management of the infrastructure project, configuration of the new EDR and integration into the SOC business process.
    With whom? IT DEPARTMENT – SOC

Cybersecurity -EDR  deployment: which in-house teams to call on

And at HarfangLabhow is deployment going?
What
s are the detailed steps preparation of the environment,
agent deployment, testing and follow-up…?

We explain it all