Re: Next Gen Antivirus / Endpoint Protection Solutions

[Thomas Dugas <dugast () DUQ EDU>]

We recently went through an analysis and picked the Sophos InterceptX Cloud product. It provided the best value (price 
and functionality) for a combined EDR/EPP product. We have been very pleased with it and it blows the doors off of 
Kaspersky and Windows Defender so far. But it does take some care because it is extremely powerful, configurable, and 
detailed. Just be prepared for the upfront investment in any advanced endpoint tool. I would also add Cisco's Amp. We 
really liked that product too.

Tom Dugas
Director of Information Security & CISO
Duquesne University CTS

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Taylor Randle
Sent: Tuesday, October 16, 2018 2:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Next Gen Antivirus / Endpoint Protection Solutions

Hi Erick,

We're in progress of switching from on-prem Symantec to Crowdstrike. I realize you're more interested in the AV side 
but, the biggest selling point to us over other offerings was the "OverWatch" service. Which consists of a team on 
their end who "proactively monitor, hunt, investigate, and advise on threat activity in your environment" - so you're 
essentially getting another member of the security team bundled with the product. As a small team, we saw this as a 
huge benefit to us. This was how we were able to justify the higher-than-Symantec price tag.

As for the AV specifically, from what we've seen in the proof of concept thus far, it's pretty much in line with other 
"next-gen" offerings - lightweight agent, heuristic/behavior-based approach rather than traditional file 
signature-based scanning, crowdsourcing of other behavior "signatures" from others on the platform, etc.

We priced Cylance and Carbon Black as well and ultimately decided on Crowdstrike for a variety of factors but price and 
the OverWatch feature are what tipped the scales for us.

Regards,
Taylor


Taylor Randle
Director of Client Services & IT Security

[Description: Description: Description: 
https://www.parker.edu/uploadedImages/0000_Home/0012_Images/Email_Signature/Parker_H_RGB.png]

2540 Walnut Hill Lane, Dallas, TX 75229
trandle () parker edu<mailto:trandle () parker edu>
www.parker.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.parker.edu%2F&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829139672&sdata=KaHX3tkZMlvPtW9DS0QDRytAMetwJ9FFdG0lXcGsirI%3D&reserved=0>
 | 
www.parkerseminars.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.parkerseminars.com%2F&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829149681&sdata=LFxJ0YhUR%2FvWfs4Q1JVpW5jh4IXq8pQJjTE%2BbpBNNzE%3D&reserved=0>

[Description: Description: Description: 
https://www.parker.edu/uploadedImages/0000_Home/0012_Images/Email_Signature/Twitter_Icon_RGB.png]<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2FParkerUniv&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829149681&sdata=scM7XuFyTFA%2BVX0g2WiJduIx%2BOBy4Pr%2Bu6YREsj5ytc%3D&reserved=0>

................................................





From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Erick.Matherly
Sent: Tuesday, October 16, 2018 10:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Next Gen Antivirus / Endpoint Protection Solutions

Hello!

We are looking at some of the Next Gen Antivirus solutions. I know there are quite a few players in the game, but I'm 
currently interested in CrowdStrike, SentinelOne, Sophos, Cylance, Carbon Black, and Palo Alto Traps.

I would love to hear about what others schools are using and how the experience has been. I know some players have EDR 
(Endpoint Detection and Response) built in or as an additional component. I'm strictly looking at the Antivirus at the 
moment, but do like the idea of being able to add EDR (or additional features) down the road if it is not built into 
the core product.

We are currently using Windows Defender Antivirus.

Thanks for the input!


[cid:image003.jpg@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2FbkRmCADrOESNJ87DiGmHVp%3Fdomain%3Dtrnty.edu&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829159691&sdata=%2BWLz%2BjVOCL%2Bgj4v52wwKYZ6v66JF8xj2SagzCWXJY0M%3D&reserved=0>

Erick Matherly
Network Administrator | Trinity Christian College
6601 West College Drive | Palos Heights, Illinois 60463

[cid:image004.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2F9K7fCBBvEGt7JyELS69s9i%3Fdomain%3Dfacebook.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829159691&sdata=kbXnqdlevaQPmT%2FMuRV6U3TYQFsn7x4zjaPRWdvXQow%3D&reserved=0>[cid:image005.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2FTiX9CDkxEKS5ryg8UAUmOz%3Fdomain%3Dtwitter.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829169691&sdata=26%2BIAJPqy37S80iZU1ae26kug0MS5v3%2FI0WTnhCDHvA%3D&reserved=0>[cid:image006.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2F5OazCERyQLi3oYRZtPPCWK%3Fdomain%3Dinstagram.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829169691&sdata=HLyswAVoINO68ffVaviXdROJJpzwBgvyT8iJj3K0Cog%3D&reserved=0>[cid:image007.png@01D4655C.F3D55CB0]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-us.mimecast.com%2Fs%2FkCLuCG6AKNC1Z6jzSkbRSl%3Fdomain%3Dlinkedin.com&data=02%7C01%7Cdugast%40DUQ.EDU%7Ca293c4e7e0f14e0704e008d633946756%7C12c44311cf844e4195c38df690b1eb61%7C0%7C0%7C636753109829179700&sdata=9tpVrksQHPuoLUR6acjAVtpy6wt9HWsXuyhiff9fXFI%3D&reserved=0>

708.239.4818  | Erick.Matherly () trnty edu<mailto:Erick.Matherly () trnty edu>