Re: Endpoint protection vendors

[Uday Kiran <ukiran () HCT AC AE>]

TrendMicro EDR we evaluated them… it is good but they have many add-ons, if you add things to sync the features with 
Crowdstrike OR Defender ATP then TrendMicro becomes expensive, so we chose a best product with less commercial.

Their plus is their endpoint agent, it goes easy on resources and usability by the end user.

Regards,

Uday Kiran
Snr Spl – Information Security
Office of Dir. Digital Technologies

اوداي كيران

أخصائي أول - أمن المعلومات

تكنولوجيا المعلومات



[Main logo]

Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates



www.hct.ac.ae<http://www.hct.ac.ae>

[Facebook]<https://www.facebook.com/hctuae>

[Twitter]<https://twitter.com/HCT_UAE>

[Instagram]<https://www.instagram.com/HCT_UAE/>

[YouTube]<https://www.youtube.com/user/hctuae>




[https://cdn.hct.ac.ae/signature_logo/June2019.jpg]

[Enviromental] Please consider the environment before printing this email

This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.




Uday Kiran
Senior Specialist - Information Security
Office of Dir. Digital Technologies
اوداي كيران
أخصائي أول - أمن المعلومات
تكنولوجيا المعلومات


[Main logo]     Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates

        www.hct.ac.ae<http://www.hct.ac.ae>
[Facebook]<https://www.facebook.com/hctuae>     [Twitter] <https://twitter.com/HCT_UAE>         [Instagram] 
<https://www.instagram.com/HCT_UAE/>        [YouTube] <https://www.youtube.com/user/hctuae>


[https://cdn.hct.ac.ae/signature_logo/email_signature-healthy-hct.jpg]
[Enviromental]  Please consider the environment before printing this email
This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Francisco Chavez
Sent: Monday, November 16, 2020 8:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Endpoint protection vendors

"External Email: This email is from 'external source'. If you see this as suspicious then please forward the email to 
infosec () hct ac ae<mailto:infosec () hct ac ae> and do not respond to this email"
________________________________
This is great information! It's hard to get this kind of feedback when trying to evaluate vendors. I am wondering if 
anyone had done a POC with TrendMicro. They reached out to us earlier this summer and were offering to buy out our 
existing EDR contract. I believe they are still offering that program since they are trying to expand into the Higher 
Ed space.

Any Thoughts?


Sincerely,
Francisco Chavez


--
Francisco Chavez, MBA  | Interim CTO
Saint Mary's College of California
...............................................................................................................................
IT 
Services<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.stmarys-ca.edu%2Fit-services&data=04%7C01%7Cukiran%40HCT.AC.AE%7C62976362d9534afed2c308d88a4ac749%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637411401074114126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UtQ%2BN6T6AJ9XY3%2FceT0YoZurpezbAZaEHh5lxjLItBs%3D&reserved=0>
phone: (925) 631-8236
email: fac3 () stmarys-ca edu<mailto:fac3 () stmarys-ca edu>


[cid:image001.jpg@01D6BCC1.B6EA3280]


On Nov 16, 2020, at 8:04 AM, Eric Sawyer <esawyer () nec edu<mailto:esawyer () nec edu>> wrote:

Hi Jason

2 years ago we did an RFP with Sophos, CrowdStrike, SentinelOne, and Cylance. SentinelOne and Cylance would not meet 
our budget requirements, so we did a POC with Sophos and CrowdStrike. My team liked Sophos for several reasons, but the 
endpoint agent was a resource hog, and we had occasional issues with both install and removal.

We've been very pleased with CrowdStrike and credit them with helping to really up our game in the EDR space. We 
purchased Prevent, Insight, Threat Graph, Discover, and Overwatch with premium support. The management site is a 
complex beast that takes some time to get comfortable with. They've made some improvements recently, but I would advise 
that your team utilize the CrowdStrike university subscription. We also did some pre-sales blue team exercises with 
their sales engineer to understand alerting, reporting, investigation, etc. Very useful!

The onboarding went very well. One webinar and our prevent and sensor policies were in place, alerting was set, and we 
had GPO and Intune packages for sensor deployment.

I think the best part is the follow-up support we get. Besides the monthly best practice webinars and product briefs, 
and the weekly support office hours, we have a quarterly review and health check with our technical account manager. 
Here we discuss any issues, review recent incidents for trends and whitelisting, and tweak protection policies based on 
real-time threat data. These are fantastic resources that I wish many of our SaaS providers would adopt.

Hope this helps.
Eric Sawyer
Director of IT
New England College

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.google.com/url?q=https://www.educause.edu/community&source=gmail-imap&ust=1606147467000000&usg=AOvVaw2SHu80j2h7uq2w_jnuntvl<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.educause.edu%2Fcommunity%26source%3Dgmail-imap%26ust%3D1606147467000000%26usg%3DAOvVaw2SHu80j2h7uq2w_jnuntvl&data=04%7C01%7Cukiran%40HCT.AC.AE%7C62976362d9534afed2c308d88a4ac749%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637411401074114126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2F1uUXyUlAsMN5%2FnSQzTaHzudIiCtb5Tsqx8uE%2FJ1%2FRM%3D&reserved=0>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cukiran%40HCT.AC.AE%7C62976362d9534afed2c308d88a4ac749%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637411401074124078%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=xweReyr8MLQ3i5Ue%2BTUaCW6NlTP55tBzlCgN2VEED14%3D&reserved=0>

________________________________

The information in this email and any attachments are confidential and solely for the use of the individual or entity 
to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you 
have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance 
on the content of this information is strictly prohibited and may be unlawful. If you have received this email in 
error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer 
() hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes 
made to them by any other person.

تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم 
باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً 
الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات 
التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو 
مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر.

________________________________

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community