Educause Security Discussion mailing list archives
Re: Cylance
From: Bernardo Manuel Vasquez <bernardo.vasquez () NYU EDU>
Date: Thu, 8 Jun 2017 11:59:45 +0000
Since you also asked about approach - I will share ours. Hope it helps. This is based on an endpoint strategy we are formulating leveraging deployed technologies while we roll out our Enterprise SIEM and Global NGFW. First: Sophos and Carbonblack were discussed here by Tim at Arkansas State. https://edtechmagazine.com/higher/article/2017/05/4-ways-best-it-security-can-be-team-sport Secondly: Carbonblack, Cylance, AMP and TRAPs EDRs (Endpoint Detection & Response) are on the table for consideration. I don't believe one size fits all. For managed assets, Carbonblack's whitelisting strengths and granular viability are attractive. Also, if you have an MSSP like SecureWorks they can infuse their intelligence, offer monitoring and tuning of the deployment as an additional service. The last two are worth considering because of the cloud intelligence and executable/malware detonation capabilities in concert with your NGFW. I don't think choosing more that 2 EDR vendors is prudent. Above all: No matter what you/we choose, where possible, it should be done in concert with an endpoint management and asset backup strategy for managed and unmanaged assets. Read: work closely with you IT helpdesk team(s). KACE is gaining steam here while our Abu Dhabi and Shanghai campuses are solidly on Ivanti [Formerly LANdesk - an interesting security acquisition/ merger]. For backups, we're also looking at technologies like Crashplan and Code42. I suspect the Internet2/Net+ discounting will play a role in what we choose. Lastly: All managed and hopefully many unmanaged endpoints should alert to a central EDR server and then tie that back to our central SIEM. This comprehensive layered approach is what we feel will help PROTECT and if bypassed RECOVER from ransomware and other use cases. Assumptions: Let us remember what the Verizon DBIR has been saying the same thing forever - minimize administrative access. Most people really don't need it and where they think hey do an alternative privledge account may do. We will be making that a point of focus this next academic year. Best, BMV On Wed, Jun 7, 2017 at 14:47 Shaun Gray <SGray () medford k12 nj us> wrote:
Anyone have any experience with Cylance? I’m strongly considering moving on from Symantec. The sales pitch sounds great with the intelligence, but a part of me wants to hold on to my old definition based AV. Anyone have thoughts on this product or approach? Dr. Shaun L. Gray, GSEC *Network Engineer* Medford Township Board of Education *P* / 609-975-6159 [image: CloudPlus Logo Certified CE]
-- Best, -BMV -- Bernardo M. Vasquez Chief Information Security Officer (CISO) & Director Office of Information Security | NYU IT New York University | +1-212-992-9235 Sent via mobile device
Current thread:
- Cylance Shaun Gray (Jun 07)
- Re: Cylance WALTER KERNER (Jun 07)
- Re: Cylance Shettler, David (Jun 07)
- Re: Cylance Rob Milman (Jun 07)
- Re: Cylance Ladwig, John M (Jun 07)
- Re: Cylance Bernardo Manuel Vasquez (Jun 08)
- <Possible follow-ups>
- Re: Cylance Stefan Wahe (Jun 07)
- Re: Cylance Baillio, Aaron (Jun 07)
- Re: Cylance Brian Basgen (Jun 07)
- Re: Cylance Haas, Mike (Jun 07)
- Re: Cylance Baillio, Aaron (Jun 07)