Educause Security Discussion mailing list archives
Re: Endpoint protection vendors
From: Uday Kiran <ukiran () HCT AC AE>
Date: Tue, 17 Nov 2020 05:13:56 +0000
TrendMicro EDR we evaluated them… it is good but they have many add-ons, if you add things to sync the features with Crowdstrike OR Defender ATP then TrendMicro becomes expensive, so we chose a best product with less commercial. Their plus is their endpoint agent, it goes easy on resources and usability by the end user. Regards, Uday Kiran Snr Spl – Information Security Office of Dir. Digital Technologies اوداي كيران أخصائي أول - أمن المعلومات تكنولوجيا المعلومات [Main logo] Direct.: 9712 206 1182 Mobile: +971 56 501 1182 Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae> P.O.Box: 25026, Abu Dhabi, United Arab Emirates www.hct.ac.ae<http://www.hct.ac.ae> [Facebook]<https://www.facebook.com/hctuae> [Twitter]<https://twitter.com/HCT_UAE> [Instagram]<https://www.instagram.com/HCT_UAE/> [YouTube]<https://www.youtube.com/user/hctuae> [https://cdn.hct.ac.ae/signature_logo/June2019.jpg] [Enviromental] Please consider the environment before printing this email This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the author's employer. Uday Kiran Senior Specialist - Information Security Office of Dir. Digital Technologies اوداي كيران أخصائي أول - أمن المعلومات تكنولوجيا المعلومات [Main logo] Direct.: 9712 206 1182 Mobile: +971 56 501 1182 Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae> P.O.Box: 25026, Abu Dhabi, United Arab Emirates www.hct.ac.ae<http://www.hct.ac.ae> [Facebook]<https://www.facebook.com/hctuae> [Twitter] <https://twitter.com/HCT_UAE> [Instagram] <https://www.instagram.com/HCT_UAE/> [YouTube] <https://www.youtube.com/user/hctuae> [https://cdn.hct.ac.ae/signature_logo/email_signature-healthy-hct.jpg] [Enviromental] Please consider the environment before printing this email This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the author's employer. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Francisco Chavez Sent: Monday, November 16, 2020 8:15 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Endpoint protection vendors "External Email: This email is from 'external source'. If you see this as suspicious then please forward the email to infosec () hct ac ae<mailto:infosec () hct ac ae> and do not respond to this email" ________________________________ This is great information! It's hard to get this kind of feedback when trying to evaluate vendors. I am wondering if anyone had done a POC with TrendMicro. They reached out to us earlier this summer and were offering to buy out our existing EDR contract. I believe they are still offering that program since they are trying to expand into the Higher Ed space. Any Thoughts? Sincerely, Francisco Chavez -- Francisco Chavez, MBA | Interim CTO Saint Mary's College of California ............................................................................................................................... IT Services<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.stmarys-ca.edu%2Fit-services&data=04%7C01%7Cukiran%40HCT.AC.AE%7C62976362d9534afed2c308d88a4ac749%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637411401074114126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UtQ%2BN6T6AJ9XY3%2FceT0YoZurpezbAZaEHh5lxjLItBs%3D&reserved=0> phone: (925) 631-8236 email: fac3 () stmarys-ca edu<mailto:fac3 () stmarys-ca edu> [cid:image001.jpg@01D6BCC1.B6EA3280] On Nov 16, 2020, at 8:04 AM, Eric Sawyer <esawyer () nec edu<mailto:esawyer () nec edu>> wrote: Hi Jason 2 years ago we did an RFP with Sophos, CrowdStrike, SentinelOne, and Cylance. SentinelOne and Cylance would not meet our budget requirements, so we did a POC with Sophos and CrowdStrike. My team liked Sophos for several reasons, but the endpoint agent was a resource hog, and we had occasional issues with both install and removal. We've been very pleased with CrowdStrike and credit them with helping to really up our game in the EDR space. We purchased Prevent, Insight, Threat Graph, Discover, and Overwatch with premium support. The management site is a complex beast that takes some time to get comfortable with. They've made some improvements recently, but I would advise that your team utilize the CrowdStrike university subscription. We also did some pre-sales blue team exercises with their sales engineer to understand alerting, reporting, investigation, etc. Very useful! The onboarding went very well. One webinar and our prevent and sensor policies were in place, alerting was set, and we had GPO and Intune packages for sensor deployment. I think the best part is the follow-up support we get. Besides the monthly best practice webinars and product briefs, and the weekly support office hours, we have a quarterly review and health check with our technical account manager. Here we discuss any issues, review recent incidents for trends and whitelisting, and tweak protection policies based on real-time threat data. These are fantastic resources that I wish many of our SaaS providers would adopt. Hope this helps. Eric Sawyer Director of IT New England College ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.google.com/url?q=https://www.educause.edu/community&source=gmail-imap&ust=1606147467000000&usg=AOvVaw2SHu80j2h7uq2w_jnuntvl<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.educause.edu%2Fcommunity%26source%3Dgmail-imap%26ust%3D1606147467000000%26usg%3DAOvVaw2SHu80j2h7uq2w_jnuntvl&data=04%7C01%7Cukiran%40HCT.AC.AE%7C62976362d9534afed2c308d88a4ac749%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637411401074114126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2F1uUXyUlAsMN5%2FnSQzTaHzudIiCtb5Tsqx8uE%2FJ1%2FRM%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cukiran%40HCT.AC.AE%7C62976362d9534afed2c308d88a4ac749%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637411401074124078%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=xweReyr8MLQ3i5Ue%2BTUaCW6NlTP55tBzlCgN2VEED14%3D&reserved=0> ________________________________ The information in this email and any attachments are confidential and solely for the use of the individual or entity to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance on the content of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer () hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes made to them by any other person. تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر. ________________________________ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: Endpoint protection vendors, (continued)
- Re: Endpoint protection vendors Blake Ketcham (Nov 13)
- Re: Endpoint protection vendors Jason Edelstein (Nov 13)
- Re: Endpoint protection vendors Steven Alexander (Nov 16)
- Re: Endpoint protection vendors Kyrouz, Bill J. (Nov 20)
- Re: Endpoint protection vendors Scott Stoops (Nov 20)
- Re: Endpoint protection vendors Stacy Lee (Nov 21)
- Re: Endpoint protection vendors Benjamin Stein (Nov 20)
- Re: Endpoint protection vendors Scott Stoops (Nov 20)
- Re: Endpoint protection vendors Curt Kappenman (Nov 13)
- Re: Endpoint protection vendors Eric Sawyer (Nov 16)
- Re: Endpoint protection vendors Francisco Chavez (Nov 16)
- Re: Endpoint protection vendors Uday Kiran (Nov 16)
- Re: Endpoint protection vendors Francisco Chavez (Nov 16)