Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Election Security Spotlight – Endpoint Detection and Response (EDR)

What it is

Endpoint Detection and Response (EDR) is security software that is deployed on workstations and servers, commonly referred to as “endpoints.” EDR collects technical data is from these endpoints, and then transmits it back to the vendor or a local server. The data is then analyzed for suspicious patterns and threats. If a threat is identified, it is blocked and an alert is generated. Administrators can typically view alerts through a vendor control panel or a connection to their own security platform. Also, many EDR solutions include a traditional antivirus functionality and the ability for responders to remotely access compromised systems for remediation.

Endpoint Detection and Response

Why it matters

EDR expands the security capabilities of election offices by automating work traditionally performed by IT departments, especially benefiting SLTTs with limited resources. Many EDR platforms further simplify security management by consolidating several common functions in a single place. For instance, investigators can use security log data collected by EDR software for further analysis to trace the origin and severity of incidents, while responders clean the affected system using remote access functionality. The improved analysis and data collection in next generation EDR make it an essential part of any defense in depth strategy, which protects election data from both internal and external threats.
Election offices can use EDR to:

  • Detect and stop active attacks on election infrastructure.
  • Protect against malware.
  • Disable and restrict the ability of suspicious users on your network to cause harm.

What you can do

  •  Deploy EDR on systems throughout your network.
    • Review the CIS Guide for Ensuring Security in Election Technology
      Procurements for best practices in crafting proposals and other necessary
  •  Best practices for EDR:
    • Take advantage of vendor-offered user training.
    • Delegate personnel to monitor and act on detections.
    • Export information regularly from the control panel to local hardware backups, so you always have access to data needed for audits and investigations.
    • Consider available staffing resources to support any new security infrastructure and the associated responsibilities. Many EDR providers offer solutions supported by a 24x7 team to manage and respond to identified incidents.
    • Refer to the EI-ISAC Cyber Incident Checklist to manage security events.

Spotlights provide election officials with an overview of common cybersecurity topics, and how they relate to election infrastructure security. Please reach out to elections@cisecurity.org to request a topic.