Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cylance

From: "Baillio, Aaron" <abaillio () OU EDU>
Date: Wed, 7 Jun 2017 22:13:11 +0000
I must agree with the previous statement, traditional antivirus can’t keep up.  Gartner has listed endpoint detection 
and response and signatureless detection in their top 10 technologies for the last 2 years.

This is actually a very nuanced topic and unfortunately not a lot of consistent information available except that 
signature based antivirus is dead.  Even well reputed AV test firms can’t agree, especially where it comes to next gen. 
 After a lot of study, even the most “level” of antivirus tests you’ll see published has a little bit of vendor favor, 
spin, etc.

There are pros and cons to going to next gen or staying with the known.  Traditional AV is a $9B/yr business where next 
gen is only around $500M.  Not bad, and it’s growing, but people are used to the traditional approach and the 
saturation is such that it’s just about ubiquitous.

People are coming around to next gen and I think it will continue to grow, especially as they merge with EDR 
capabilities (like Carbon Black, Tanium, etc.).  Next gen touts 95%-99% effectiveness.  We’ve tested live malware, 
including ransomware, on production systems and never lost a beat.

We decided to move away from Sophos and go with the Dell branded Cylance product.  Pros and cons there as well, but we 
couldn’t be happier.  Each next gen product, IMO, has their key selling point.  None of them are similar so it really 
comes down to what fits you best.  I definitely recommend you kick the tires on a number of vendors, side by side 
preferably, in order to make your own determination.

B. Aaron Baillio
Managing Director, Security Operations and Architecture
University of Oklahoma, IT
O: 405-325-7948
C: 254-400-6404

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Stefan 
Wahe
Sent: Wednesday, June 7, 2017 2:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cylance

We have been piloting Cisco AMP and Palo Traps on our campus as a possible alternative to tradition anti-virus.  We are 
working on comparison data of what is detected, false-positives and time-to-remediate. Cylance is an interesting player 
in this space, however, they came to us after the TRAP and AMP discussions.

Stefan Wahe



*****************************
Stefan Wahe
University of Wisconsin-Madison
Office of Cybersecurity
Associate Chief Information Security Officer
HIPAA Security Officer
608-265-1177
[cid:image001.png@01D2DFB1.53A678F0]




From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Rob Milman <rob.milman () SAIT CA<mailto:rob.milman () SAIT CA>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Wednesday, June 7, 2017 at 2:16 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Cylance

Hi Shaun,

I agree with the comments about moving on from signature based AV, but with caution. Some “next-gen” endpoint 
protection does not have the quarantine and disinfect capabilities that we have grown so used to over the years. I 
can’t speak for Cylance, but most are running a combination of both traditional AV and “next-gen” behavior based 
endpoint protection.

As a side note, we are piloting Microsoft Advanced Threat Protection on our Windows 10 machines and it’s been nothing 
short of impressive. It has alerted us to one ransomware infection that was stopped before any damage was done and 
provided a complete chain of event that led up to the infection. I  was impressed by how far Microsoft has upped their 
game in this area.

Regards,

Rob

[id:image004.png@01D18F19.9217E950]

Rob Milman
Security & Compliance Analyst
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 – 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca<mailto:rob.milman () sait ca>





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun 
Gray
Sent: Wednesday, June 07, 2017 12:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Cylance

Anyone have any experience with Cylance? I’m strongly considering moving on from Symantec. The sales pitch sounds great 
with the intelligence, but a part of me wants to hold on to my old definition based AV. Anyone have thoughts on this 
product or approach?


Dr. Shaun L. Gray, GSEC
Network Engineer
Medford Township Board of Education
P / 609-975-6159
[loudPlus Logo Certified CE]

Previous By Date Next
Previous By Thread Next

Current thread: