Educause Security Discussion mailing list archives
Re: Next Gen Antivirus / Endpoint Protection Solutions
From: Thomas Dugas <dugast () DUQ EDU>
Date: Tue, 16 Oct 2018 18:30:55 +0000
We recently went through an analysis and picked the Sophos InterceptX Cloud product. It provided the best value (price and functionality) for a combined EDR/EPP product. We have been very pleased with it and it blows the doors off of Kaspersky and Windows Defender so far. But it does take some care because it is extremely powerful, configurable, and detailed. Just be prepared for the upfront investment in any advanced endpoint tool. I would also add Cisco's Amp. We really liked that product too. Tom Dugas Director of Information Security & CISO Duquesne University CTS From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Taylor Randle Sent: Tuesday, October 16, 2018 2:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Next Gen Antivirus / Endpoint Protection Solutions Hi Erick, We're in progress of switching from on-prem Symantec to Crowdstrike. I realize you're more interested in the AV side but, the biggest selling point to us over other offerings was the "OverWatch" service. Which consists of a team on their end who "proactively monitor, hunt, investigate, and advise on threat activity in your environment" - so you're essentially getting another member of the security team bundled with the product. As a small team, we saw this as a huge benefit to us. This was how we were able to justify the higher-than-Symantec price tag. As for the AV specifically, from what we've seen in the proof of concept thus far, it's pretty much in line with other "next-gen" offerings - lightweight agent, heuristic/behavior-based approach rather than traditional file signature-based scanning, crowdsourcing of other behavior "signatures" from others on the platform, etc. We priced Cylance and Carbon Black as well and ultimately decided on Crowdstrike for a variety of factors but price and the OverWatch feature are what tipped the scales for us. Regards, Taylor Taylor Randle Director of Client Services & IT Security [Description: Description: Description: https://www.parker.edu/uploadedImages/0000_Home/0012_Images/Email_Signature/Parker_H_RGB.png] 2540 Walnut Hill Lane, Dallas, TX 75229 trandle () parker edu<mailto:trandle () parker edu> www.parker.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.parker.edu%2F&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829139672&sdata=KaHX3tkZMlvPtW9DS0QDRytAMetwJ9FFdG0lXcGsirI%3D&reserved=0> | www.parkerseminars.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.parkerseminars.com%2F&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829149681&sdata=LFxJ0YhUR%2FvWfs4Q1JVpW5jh4IXq8pQJjTE%2BbpBNNzE%3D&reserved=0> [Description: Description: Description: https://www.parker.edu/uploadedImages/0000_Home/0012_Images/Email_Signature/Twitter_Icon_RGB.png]<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2FParkerUniv&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829149681&sdata=scM7XuFyTFA%2BVX0g2WiJduIx%2BOBy4Pr%2Bu6YREsj5ytc%3D&reserved=0> ................................................ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Erick.Matherly Sent: Tuesday, October 16, 2018 10:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Next Gen Antivirus / Endpoint Protection Solutions Hello! We are looking at some of the Next Gen Antivirus solutions. I know there are quite a few players in the game, but I'm currently interested in CrowdStrike, SentinelOne, Sophos, Cylance, Carbon Black, and Palo Alto Traps. I would love to hear about what others schools are using and how the experience has been. I know some players have EDR (Endpoint Detection and Response) built in or as an additional component. I'm strictly looking at the Antivirus at the moment, but do like the idea of being able to add EDR (or additional features) down the road if it is not built into the core product. We are currently using Windows Defender Antivirus. Thanks for the input! [cid:image003.jpg@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2FbkRmCADrOESNJ87DiGmHVp%3Fdomain%3Dtrnty.edu&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829159691&sdata=%2BWLz%2BjVOCL%2Bgj4v52wwKYZ6v66JF8xj2SagzCWXJY0M%3D&reserved=0> Erick Matherly Network Administrator | Trinity Christian College 6601 West College Drive | Palos Heights, Illinois 60463 [cid:image004.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2F9K7fCBBvEGt7JyELS69s9i%3Fdomain%3Dfacebook.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829159691&sdata=kbXnqdlevaQPmT%2FMuRV6U3TYQFsn7x4zjaPRWdvXQow%3D&reserved=0>[cid:image005.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2FTiX9CDkxEKS5ryg8UAUmOz%3Fdomain%3Dtwitter.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829169691&sdata=26%2BIAJPqy37S80iZU1ae26kug0MS5v3%2FI0WTnhCDHvA%3D&reserved=0>[cid:image006.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2F5OazCERyQLi3oYRZtPPCWK%3Fdomain%3Dinstagram.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829169691&sdata=HLyswAVoINO68ffVaviXdROJJpzwBgvyT8iJj3K0Cog%3D&reserved=0>[cid:image007.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2FkCLuCG6AKNC1Z6jzSkbRSl%3Fdomain%3Dlinkedin.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829179700&sdata=9tpVrksQHPuoLUR6acjAVtpy6wt9HWsXuyhiff9fXFI%3D&reserved=0> 708.239.4818 | Erick.Matherly () trnty edu<mailto:Erick.Matherly () trnty edu>
Current thread:
- Next Gen Antivirus / Endpoint Protection Solutions Erick.Matherly (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Frank Barton (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Erick.Matherly (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Natale, Michael J. (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Chad Tracy (Oct 16)
- Re: [EXTERNAL] Re: [SECURITY] Next Gen Antivirus / Endpoint Protection Solutions Adam Maynard (Oct 16)
- Re: [EXTERNAL] Re: [SECURITY] Next Gen Antivirus / Endpoint Protection Solutions Jack Barrett (Oct 18)
- Re: [EXTERNAL] Re: [SECURITY] Next Gen Antivirus / Endpoint Protection Solutions Adam Maynard (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Entwistle, Bruce (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions David D Grisham (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Taylor Randle (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Thomas Dugas (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Niewierski, Frank (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Baillio, Aaron (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Pifer, Michael (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Curt Kappenman (Oct 18)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Shettler, David (Oct 18)
- <Possible follow-ups>
- Re: Next Gen Antivirus / Endpoint Protection Solutions Bridges, Robert A. (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Bridges, Robert A. (Oct 16)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Petrus Williams (Oct 22)
- Re: Next Gen Antivirus / Endpoint Protection Solutions Frank Barton (Oct 16)