Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cylance

From: Brian Basgen <brian_basgen () EMERSON EDU>
Date: Wed, 7 Jun 2017 20:21:00 -0400
 I haven't been able to get a straight answer out of Cylance about their
efficacy. The sales pitch is great: sensible and logical. But is there a
qualitative analysis of how much better a next gen product is compared to
the old? It is a fair statement that the old model is structurally
problematic, but it also works at a certain level of quality, and I'm not
clear on exactly how these next gen products compare. Finally, it doesn't
help that these products are "the hot new thing", and thus are quite
expensive.

--------------
Brian Basgen
Associate Vice President, Information Technology
Emerson College | 120 Boylston Street | Boston, MA 02116


On Wed, Jun 7, 2017 at 6:13 PM, Baillio, Aaron <abaillio () ou edu> wrote:


I must agree with the previous statement, traditional antivirus can’t keep
up.  Gartner has listed endpoint detection and response and signatureless
detection in their top 10 technologies for the last 2 years.



This is actually a very nuanced topic and unfortunately not a lot of
consistent information available except that signature based antivirus is
dead.  Even well reputed AV test firms can’t agree, especially where it
comes to next gen.  After a lot of study, even the most “level” of
antivirus tests you’ll see published has a little bit of vendor favor,
spin, etc.



There are pros and cons to going to next gen or staying with the known.
Traditional AV is a $9B/yr business where next gen is only around $500M.
Not bad, and it’s growing, but people are used to the traditional approach
and the saturation is such that it’s just about ubiquitous.

People are coming around to next gen and I think it will continue to grow,
especially as they merge with EDR capabilities (like Carbon Black, Tanium,
etc.).  Next gen touts 95%-99% effectiveness.  We’ve tested live malware,
including ransomware, on production systems and never lost a beat.



We decided to move away from Sophos and go with the Dell branded Cylance
product.  Pros and cons there as well, but we couldn’t be happier.  Each
next gen product, IMO, has their key selling point.  None of them are
similar so it really comes down to what fits you best.  I definitely
recommend you kick the tires on a number of vendors, side by side
preferably, in order to make your own determination.



B. Aaron Baillio

Managing Director, Security Operations and Architecture

University of Oklahoma, IT

O: 405-325-7948 <(405)%20325-7948>

C: 254-400-6404 <(254)%20400-6404>



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Stefan Wahe
*Sent:* Wednesday, June 7, 2017 2:26 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Cylance



We have been piloting Cisco AMP and Palo Traps on our campus as a possible
alternative to tradition anti-virus.  We are working on comparison data of
what is detected, false-positives and time-to-remediate. Cylance is an
interesting player in this space, however, they came to us after the TRAP
and AMP discussions.


Stefan Wahe







*****************************

Stefan Wahe

University of Wisconsin-Madison

Office of Cybersecurity

Associate Chief Information Security Officer

HIPAA Security Officer

608-265-1177 <(608)%20265-1177>









*From: *The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Rob Milman <
rob.milman () SAIT CA>
*Reply-To: *The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>
*Date: *Wednesday, June 7, 2017 at 2:16 PM
*To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
*Subject: *Re: [SECURITY] Cylance



Hi Shaun,



I agree with the comments about moving on from signature based AV, but
with caution. Some “next-gen” endpoint protection does not have the
quarantine and disinfect capabilities that we have grown so used to over
the years. I can’t speak for Cylance, but most are running a combination of
both traditional AV and “next-gen” behavior based endpoint protection.



As a side note, we are piloting Microsoft Advanced Threat Protection on
our Windows 10 machines and it’s been nothing short of impressive. It has
alerted us to one ransomware infection that was stopped before any damage
was done and provided a complete chain of event that led up to the
infection. I  was impressed by how far Microsoft has upped their game in
this area.



Regards,



Rob



[image: id:image004.png@01D18F19.9217E950]

*Rob Milman*

Security & Compliance Analyst

Information Systems



Southern Alberta Institute of Technology

EH Crandell Building, GA 214

1301 – 16 Avenue NW, Calgary AB, T2M 0L4



(Office) 403.774.5401 <(403)%20774-5401>  (Cell) 403.606.3173
<(403)%20606-3173>

*rob.milman () sait ca <rob.milman () sait ca>*









*From:* The EDUCAUSE Security Constituent Group Listserv [
mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
Behalf Of *Shaun Gray
*Sent:* Wednesday, June 07, 2017 12:47 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Cylance



Anyone have any experience with Cylance? I’m strongly considering moving
on from Symantec. The sales pitch sounds great with the intelligence, but a
part of me wants to hold on to my old definition based AV. Anyone have
thoughts on this product or approach?





Dr. Shaun L. Gray, GSEC

*Network Engineer*

Medford Township Board of Education

*P* / 609-975-6159 <(609)%20975-6159>

[image: loudPlus Logo Certified CE]

Previous By Date Next
Previous By Thread Next

Current thread: