Educause Security Discussion mailing list archives
Re: Endpoint Protection - App Whitelisting?
From: James McClure <jmcclure () WSWHEBOCES ORG>
Date: Mon, 13 Nov 2017 15:01:02 -0500
I can echo Brian’s sentiments. We are a larger install base (~1200) but performing a similar exercise. We have expanded our audit beyond our base image to mitigate false positives when we go live. We have 7 locations and after seeing Applocker function in other schools (we are quasi K-12) I am not forecasting any need for staffing increases. If the implementation goes south I’ll be sure to let everyone know! From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of BRIAN R GRILLI <brg3 () PSU EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, November 13, 2017 at 1:57 PM To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Endpoint Protection - App Whitelisting? I have been in the auditing phase the last few weeks with deploying Applocker to my staff machines. Since I was able to generate my whitelist off our standard staff computer image (and our staff do not have admin rights to install any software), setting up the rules and exceptions was pretty easy. During the audit I haven't run into too many issues of legitimate things getting blocked, but I'm sure we will see more as time goes on. If it becomes too much to manage, we may end up abandoning it. This is a deployment on <100 machines, so I'd imagine going campus wide you would definitely need quite a few support staff trained to manage this. Prior to this, we survived mainly on user education, and of course good backups :) From: "Chad Tracy" <chad.tracy () COLBY EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Monday, November 13, 2017 1:18:34 PM Subject: [SECURITY] Endpoint Protection - App Whitelisting? Good afternoon, We currently use Carbon Black's CB Protection (application whitelisting) on some of our end user computers (we have a licensing for 300 endpoints... however we only ever got it working on around 70 Windows machines...) It has not been working out well and we are looking to move in a different direction. I recently learned, from a call with Gartner, that "typically" application whitelisting is utilized on servers and systems that are fairly locked down (think of machines used by the insurance and medical industry, kiosks...) Knowing this, we are looking to see what you all are doing to lock down your systems to assist in ransomware and zero-day incidents: Have any of you had luck in deploying application whitelisting on their end users machines... or is this a lost cause that takes to much money and FTEs to support? Do you have Endpoint protection deployed on your campus? If so, who with? Kind Regards, Chad Tracy Director of Information Security Colby College Waterville, ME 04901 207 . 859 . 4199 chad.tracy () colby edu
Current thread:
- Endpoint Protection - App Whitelisting? Chad Tracy (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Scott Stoops (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Hudson, Edward (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Erik D Evans (Nov 14)
- Re: Endpoint Protection - App Whitelisting? BRIAN R GRILLI (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Shen, Philip *HS (Nov 13)
- <Possible follow-ups>
- Re: Endpoint Protection - App Whitelisting? James McClure (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Rich Graves (Nov 13)