The Defense Information Systems Agency’s (DISA) Cybersecurity Service Provider team has introduced Endguard, a 24/7 endpoint detection and monitoring service designed to bolster cyber defense efforts for its strategic partners.
DISA unveiled Endguard in a recent blog, explaining that the service is tailored for Windows, macOS, Unix, and Linux systems.
According to the combat support agency, Endguard integrates Microsoft Defender for Endpoint and Microsoft Defender for Servers to provide automated cyber defense capabilities. The service leverages all servers and endpoints to detect advanced threats, enables analysts to quickly counter adversarial actions, and simplifies implementation using cloud-based technologies.
Endguard offers real-time detection and response, enhancing visibility by monitoring suspicious or anomalous behavior beyond traditional intrusion detection, including traffic across enclave boundaries and lateral movement between hosts.
“Endguard drives us into a new standard of service delivery and effectiveness,” said Jason Mowery, a DISA IT specialist. “Endguard will be the main service delivery enabler for the majority of our strategic partners in the near future, allowing DISA to continue to deliver world-class cybersecurity services to the United States Department of Defense.”
The service also allows analysts to triage and contain cyber incidents more rapidly, with live response capabilities customized for each organization, reducing response times from hours to seconds. DISA conducted thorough testing of Endguard, including a simulation with U.S. European Command, where the service successfully detected 100 percent of the Red Team’s endpoint attacks and 94 percent of their individual activities.
“[The] pilot showed that configuration management and maintenance of the Defender for Endpoint infrastructure reduced workloads, allowing analysts to focus on threat hunting and high-level cyber events,” the blog reads.
