Educause Security Discussion mailing list archives

Re: Endpoint Protection - App Whitelisting?

From: Erik D Evans <evanse () BGSU EDU>
Date: Tue, 14 Nov 2017 17:34:21 +0000

We started using AppLocker for application whitelisting around 3 years ago, initially using it only in areas that 
worked with sensitive information.  After having zero malware in those areas we were able to get this implemented as 
our standard for all university managed computers, this has been in place for the past 2 years and has made a 
significant impact with surprisingly minimal overhead.  We use group policy to add exceptions when necessary, this was 
something we did regularly when we first implemented this but now we are to the point that it is very rare.  I would be 
happy to discuss this further if you would like to know more about how we have this configured in our environment.

_______________________
Erik Evans
Manager of Information Security
Information Technology Services
Bowling Green State University
evanse () bgsu edu<mailto:evanse () bgsu edu>
http://www.bgsu.edu/infosec

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Chad Tracy <chad.tracy () COLBY EDU<mailto:chad.tracy () COLBY EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Monday, November 13, 2017 at 10:19 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Endpoint Protection - App Whitelisting?

Good afternoon,

We currently use Carbon Black's CB Protection (application whitelisting) on some of our end user computers (we have a 
licensing for 300 endpoints... however we only ever got it working on around 70 Windows machines...) It has not been 
working out well and we are looking to move in a different direction.

I recently learned, from a call with Gartner, that "typically" application whitelisting is utilized on servers and 
systems that are fairly locked down (think of machines used by the insurance and medical industry, kiosks...)

Knowing this, we are looking to see what you all are doing to lock down your systems to assist in ransomware and 
zero-day incidents:

Have any of you had luck in deploying application whitelisting on their end users machines... or is this a lost cause 
that takes to much money and FTEs to support?

Do you have Endpoint protection deployed on your campus?

If so, who with?

Kind Regards,

Chad Tracy
Director of Information Security
Colby College
Waterville, ME 04901
207 . 859 . 4199
chad.tracy () colby edu<mailto:chad.tracy () colby edu>

Current thread:

Endpoint Protection - App Whitelisting? Chad Tracy (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Scott Stoops (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Hudson, Edward (Nov 13)
  - Re: Endpoint Protection - App Whitelisting? Erik D Evans (Nov 14)
- Re: Endpoint Protection - App Whitelisting? BRIAN R GRILLI (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Shen, Philip *HS (Nov 13)
- <Possible follow-ups>
- Re: Endpoint Protection - App Whitelisting? James McClure (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Rich Graves (Nov 13)