Educause Security Discussion mailing list archives
Re: Malware Bytes
From: "Weissbohn, David" <dweissbohn () GOVST EDU>
Date: Thu, 5 Nov 2020 17:19:36 +0000
While I understand that these questionnaires can be a pain, any vendor who pushes back on completing one is an immediate red flag. Depending on how hard they push, I would not waste my time with them and instead find a vendor who is willing to cooperate. I’d be more concerned with their attitude towards cooperation than actually having the full HECVAT. Dave Weissbohn Director - Information Security and Compliance Governors State University 1 University Parkway University Park, IL 60484 Office: (708) 235-2204 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Menne, Michael S Sent: Thursday, November 5, 2020 9:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Malware Bytes Hello all, We are trying to enter into a site license agreement with Malware Bytes for their Incident Response enterprise cloud package. We are quickly coming to an impasse over the HECVAT and redlining the Master Services Licensing Agreement. They have a pre-filled out a HECVAT lite. I’ve asked them to complete a full HECVAT. They are pushing back pretty hard against the redlining and filling out the full HECVAT. Redlining the agreement is non-negotiable based on the way our University operates. I’m wondering how hard I should push for the full HECVAT. My thought is that the Malware Bytes scanning engine has access to ALL of our data, including potentially PCI and HIPAA where I need the most protection. We already have Microsoft Defender ATP, but I find it very difficult to use and understand. It’s great at forensics, but not as an ad-hoc scanning tool when we receive alerts from other sources. For those that use the HECVAT and HECVAT lite, am I being too much of a hard ass asking for the full HECVAT? Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 Cell: (507) 405-0717 https://mankato.mnsu.edu/cybersecurityawarenessmonth [signature_1780264119] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Malware Bytes Menne, Michael S (Nov 05)
- Re: Malware Bytes Weissbohn, David (Nov 05)
- Re: [External] Re: [SECURITY] Malware Bytes Kevin Wilcox (Nov 05)
- Re: Malware Bytes Weissbohn, David (Nov 05)