Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] EPS Review
From: "Bridges, Robert A." <0000008d8011d045-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Wed, 6 Jan 2021 22:57:37 +0000
All, TLDR: research on commercially available malware detection tools https://arxiv.org/abs/2012.09214 (you can go to arxiv’s website and search for “Beyond the Hype” so you don’t have to click a link). See the results and the last section for takeaways. Our team has begun focusing on performing evaluations of commercial off the shelf tools to inform SOCs on what is worth purchasing. We have just released this paper https://arxiv.org/abs/2012.09214 while it is under review for academic publication. It focuses on comparing malware detectors, and it compares 4 tools that can broken into: 2 host v. 2 network level detectors, 1 signature-based vs. 3 ML-based, and 3 static vs 1 dynamic analysis tool. We created a simulation of how a SOC would use the tool to boil all the factors to dollars saved/lost. **The last section is “Actionable Takeaway” to assist SOCs in what to consider when buying tools.** Note that part of the agreement to test these commercially available tools is to keep them anonymous, so I cannot give specific recommendations. Our goal is to push the scientific research community to evaluate what is actually being used for security and produce useful results for SOCs. If anyone looks at this and has feedback on how we can be more helpful, we have a few more of these types of experiments in the works. Best Bobby Robert A. Bridges, PhD Acting Cybersecurity Research Group Leader Oak Ridge National Laboratory From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Curt Kappenman <ckappenman () ANDERSONUNIVERSITY EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Friday, December 11, 2020 at 10:08 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [EXTERNAL] Re: [SECURITY] EPS Review Bryan, We have been using Cylance for 3+ years and we are thoroughly pleased with it. The detection pattern is different than most of the other products I am familiar with. I would be happy to give you a show-n-tell of the products we use. We also use their Optics product, which is an EDR type product that works hand-in-hand with the Protect product to give us another point-of-view into what is going on with our endpoints. Curt Kappenman Security Compliance Officer Anderson University Anderson, SC From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Barton, Robert W." <bartonrt () LEWISU EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Thursday, December 10, 2020 at 5:21 PM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] EPS Review Evening, We are reviewing End-point Protection Suites (EPS) and would love to hear what people think of any of the four options below. We are moving away from our current vendor because of issues with the software and licensing changes. Anything you care to share would be appreciated (please send privately if you don't wish to be noted). If anybody is willing to give me a 30 minute show-n-tell of their software, that would be welcome as well. Blackberry Cylance Carbon Black CrowdStrike Sophos Robert W. Barton Executive Director of Information Security & Policy Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: [EXTERNAL] Re: [SECURITY] EPS Review Bridges, Robert A. (Jan 06)