Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] AV (AI or otherwise) for older servers?
From: William Greg Price <wgprice () TROY EDU>
Date: Thu, 7 Nov 2019 19:51:42 +0000
+ 1 for Cylance -Greg W. Greg Price, Sr., Ph.D. CSO Troy University On Nov 7, 2019, at 1:09 PM, Pete, Andrew <000000d06e28c017-dmarc-request () listserv educause edu> wrote: Disclaimer: This email was sent from outside of your organization. Please do not open attachments or click links from an unknown or suspicious origin. I went through vendor comparisons and evaluations earlier this year. I looked at SentinelOne, Cylance and AMP for Endpoint. SentinelOne had a cumbersome management interface/usability and lacking in maturity. There were a lot of things we asked about that were either coming out soon or on the road map. While there were some features that the other products didn’t have a lot of those features weren’t as important to us. Overall, the product didn’t align well with our needs. The price point was also much higher than Cylance/AMP. AMP for endpoint also was a bit cumbersome when it came to the management interface and usability. They did have the best threat hunting ability but the product is essentially just AV with no other big features. Cylance has a very intuitive interface a number of great features. While their EDR information (Optics) is a bit limited in event information compared to AMP, the “playbooks” you can configure are very powerful and can take a variety of actions on the event. Near the end of the eval we actually had Cylance catch a zero day ransomware 2 hours before it even showed up on VirusTotal. One other big difference between Cylance and SentinelOne/AMP is that all analytics are performed on the endpoint. With SentinelOne, some of the analytics can run without an Internet connection but there are others that need Internet. AMP for endpoint relies entirely on a traditional signature based AV engine when offline. In the end we found Cylance fit our needs the best. We purchased Protect (AV) and Optics (EDR) at the end of April. We actually wrapped the professional services deployment project this week which I was very impressed by. They made the installation configuration easy and provided great training on the product. Andrew Pete Information Security Architect New England Institute of Technology One New England Tech Boulevard East Greenwich, RI 02818-1205 401-780-4460 (Direct) apete () neit edu<mailto:apete () neit edu> <image001.png> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Kimmitt, Jonathan Sent: Thursday, November 7, 2019 1:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] AV (AI or otherwise) for older servers? This message originated outside of New England Institute of Technology. Use caution when opening attachments, clicking links or responding to requests for information. Hi all, Does anybody have any recommendations or success stories for any particular AV-ish type product to run on older Microsoft Servers (2012, 2008)? (something like a Cylance, Sentinel One, etc) Thanks! -Jonathan ~ Jonathan Kimmitt CISSP, PCIP, CEH, CIPM, GPEN, CIPT, CIPP/E Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cwgprice%40TROY.EDU%7C4813ff3413ac4bd7059408d763b60016%7C8de80de86d8a47cbb5bc7fb9b5bf1c64%7C0%7C1%7C637087505651830974&sdata=g%2BIh3Zpz%2BfisE9VY5f9o2kJcEANVjeSzVvrIMsfzMhU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cwgprice%40TROY.EDU%7C4813ff3413ac4bd7059408d763b60016%7C8de80de86d8a47cbb5bc7fb9b5bf1c64%7C0%7C1%7C637087505651840966&sdata=H0%2B7qDSM%2FTsHh8NgwAbuDp7GCtdIafRjq3IODIbu6%2Fk%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- AV (AI or otherwise) for older servers? Kimmitt, Jonathan (Nov 07)
- Re: AV (AI or otherwise) for older servers? Pete, Andrew (Nov 07)
- Re: [EXTERNAL] Re: [SECURITY] AV (AI or otherwise) for older servers? William Greg Price (Nov 07)
- Re: AV (AI or otherwise) for older servers? Kimmitt, Jonathan (Nov 07)
- Re: AV (AI or otherwise) for older servers? Steven Alexander (Nov 08)
- Re: AV (AI or otherwise) for older servers? Pete, Andrew (Nov 07)