Educause Security Discussion mailing list archives
Re: Endpoint protection vendors
From: Eric Sawyer <esawyer () NEC EDU>
Date: Mon, 16 Nov 2020 16:04:21 +0000
Hi Jason 2 years ago we did an RFP with Sophos, CrowdStrike, SentinelOne, and Cylance. SentinelOne and Cylance would not meet our budget requirements, so we did a POC with Sophos and CrowdStrike. My team liked Sophos for several reasons, but the endpoint agent was a resource hog, and we had occasional issues with both install and removal. We've been very pleased with CrowdStrike and credit them with helping to really up our game in the EDR space. We purchased Prevent, Insight, Threat Graph, Discover, and Overwatch with premium support. The management site is a complex beast that takes some time to get comfortable with. They've made some improvements recently, but I would advise that your team utilize the CrowdStrike university subscription. We also did some pre-sales blue team exercises with their sales engineer to understand alerting, reporting, investigation, etc. Very useful! The onboarding went very well. One webinar and our prevent and sensor policies were in place, alerting was set, and we had GPO and Intune packages for sensor deployment. I think the best part is the follow-up support we get. Besides the monthly best practice webinars and product briefs, and the weekly support office hours, we have a quarterly review and health check with our technical account manager. Here we discuss any issues, review recent incidents for trends and whitelisting, and tweak protection policies based on real-time threat data. These are fantastic resources that I wish many of our SaaS providers would adopt. Hope this helps. Eric Sawyer Director of IT New England College ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Endpoint protection vendors Adams, Jason (Nov 13)
- Re: Endpoint protection vendors Blake Ketcham (Nov 13)
- Re: Endpoint protection vendors Jason Edelstein (Nov 13)
- Re: Endpoint protection vendors Steven Alexander (Nov 16)
- Re: Endpoint protection vendors Kyrouz, Bill J. (Nov 20)
- Re: Endpoint protection vendors Scott Stoops (Nov 20)
- Re: Endpoint protection vendors Stacy Lee (Nov 21)
- Re: Endpoint protection vendors Benjamin Stein (Nov 20)
- Re: Endpoint protection vendors Scott Stoops (Nov 20)
- <Possible follow-ups>
- Re: Endpoint protection vendors Curt Kappenman (Nov 13)
- Re: Endpoint protection vendors Eric Sawyer (Nov 16)
- Re: Endpoint protection vendors Francisco Chavez (Nov 16)
- Re: Endpoint protection vendors Uday Kiran (Nov 16)
- Re: Endpoint protection vendors Francisco Chavez (Nov 16)