Educause Security Discussion mailing list archives
Re: Cylance
From: Brian Basgen <brian_basgen () EMERSON EDU>
Date: Wed, 7 Jun 2017 20:21:00 -0400
I haven't been able to get a straight answer out of Cylance about their efficacy. The sales pitch is great: sensible and logical. But is there a qualitative analysis of how much better a next gen product is compared to the old? It is a fair statement that the old model is structurally problematic, but it also works at a certain level of quality, and I'm not clear on exactly how these next gen products compare. Finally, it doesn't help that these products are "the hot new thing", and thus are quite expensive. -------------- Brian Basgen Associate Vice President, Information Technology Emerson College | 120 Boylston Street | Boston, MA 02116 On Wed, Jun 7, 2017 at 6:13 PM, Baillio, Aaron <abaillio () ou edu> wrote:
I must agree with the previous statement, traditional antivirus can’t keep up. Gartner has listed endpoint detection and response and signatureless detection in their top 10 technologies for the last 2 years. This is actually a very nuanced topic and unfortunately not a lot of consistent information available except that signature based antivirus is dead. Even well reputed AV test firms can’t agree, especially where it comes to next gen. After a lot of study, even the most “level” of antivirus tests you’ll see published has a little bit of vendor favor, spin, etc. There are pros and cons to going to next gen or staying with the known. Traditional AV is a $9B/yr business where next gen is only around $500M. Not bad, and it’s growing, but people are used to the traditional approach and the saturation is such that it’s just about ubiquitous. People are coming around to next gen and I think it will continue to grow, especially as they merge with EDR capabilities (like Carbon Black, Tanium, etc.). Next gen touts 95%-99% effectiveness. We’ve tested live malware, including ransomware, on production systems and never lost a beat. We decided to move away from Sophos and go with the Dell branded Cylance product. Pros and cons there as well, but we couldn’t be happier. Each next gen product, IMO, has their key selling point. None of them are similar so it really comes down to what fits you best. I definitely recommend you kick the tires on a number of vendors, side by side preferably, in order to make your own determination. B. Aaron Baillio Managing Director, Security Operations and Architecture University of Oklahoma, IT O: 405-325-7948 <(405)%20325-7948> C: 254-400-6404 <(254)%20400-6404> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Stefan Wahe *Sent:* Wednesday, June 7, 2017 2:26 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Cylance We have been piloting Cisco AMP and Palo Traps on our campus as a possible alternative to tradition anti-virus. We are working on comparison data of what is detected, false-positives and time-to-remediate. Cylance is an interesting player in this space, however, they came to us after the TRAP and AMP discussions. Stefan Wahe ***************************** Stefan Wahe University of Wisconsin-Madison Office of Cybersecurity Associate Chief Information Security Officer HIPAA Security Officer 608-265-1177 <(608)%20265-1177> *From: *The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Rob Milman < rob.milman () SAIT CA> *Reply-To: *The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *Date: *Wednesday, June 7, 2017 at 2:16 PM *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> *Subject: *Re: [SECURITY] Cylance Hi Shaun, I agree with the comments about moving on from signature based AV, but with caution. Some “next-gen” endpoint protection does not have the quarantine and disinfect capabilities that we have grown so used to over the years. I can’t speak for Cylance, but most are running a combination of both traditional AV and “next-gen” behavior based endpoint protection. As a side note, we are piloting Microsoft Advanced Threat Protection on our Windows 10 machines and it’s been nothing short of impressive. It has alerted us to one ransomware infection that was stopped before any damage was done and provided a complete chain of event that led up to the infection. I was impressed by how far Microsoft has upped their game in this area. Regards, Rob [image: id:image004.png@01D18F19.9217E950] *Rob Milman* Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 <(403)%20774-5401> (Cell) 403.606.3173 <(403)%20606-3173> *rob.milman () sait ca <rob.milman () sait ca>* *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Shaun Gray *Sent:* Wednesday, June 07, 2017 12:47 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Cylance Anyone have any experience with Cylance? I’m strongly considering moving on from Symantec. The sales pitch sounds great with the intelligence, but a part of me wants to hold on to my old definition based AV. Anyone have thoughts on this product or approach? Dr. Shaun L. Gray, GSEC *Network Engineer* Medford Township Board of Education *P* / 609-975-6159 <(609)%20975-6159> [image: loudPlus Logo Certified CE]
Current thread:
- Cylance Shaun Gray (Jun 07)
- Re: Cylance WALTER KERNER (Jun 07)
- Re: Cylance Shettler, David (Jun 07)
- Re: Cylance Rob Milman (Jun 07)
- Re: Cylance Ladwig, John M (Jun 07)
- Re: Cylance Bernardo Manuel Vasquez (Jun 08)
- <Possible follow-ups>
- Re: Cylance Stefan Wahe (Jun 07)
- Re: Cylance Baillio, Aaron (Jun 07)
- Re: Cylance Brian Basgen (Jun 07)
- Re: Cylance Haas, Mike (Jun 07)
- Re: Cylance Baillio, Aaron (Jun 07)