Educause Security Discussion mailing list archives

Re: ATP vs. just Defender in lab/clinic environments

From: John Ramsey <000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Thu, 14 Jan 2021 18:53:28 +0000

We are using E5 extensively and pretty much leveraging everything.  Am happy to have a conversation on this.  Also, if 
there are a few interested in A5/E5, maybe a broader conversation is warranted as well.



John Ramsey, Chief Information Security Officer
National Student Clearinghouse
Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT

2300 Dulles Station Blvd., Suite 220
Herndon, VA 20171
703.742.4428 | studentclearinghouse.org<http://www.studentclearinghouse.org>
LinkedIn<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590166954&sdata=MdT45I1n7Hwbp8Zlkxlm0wEd0LdLnq5Cpr91ybCEjHw%3D&reserved=0>
 | 
Twitter<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590171933&sdata=idMHM8D4VdMRpIa2H1YUTmwMgC4ZU0L2jqL3VjVNs4s%3D&reserved=0>
 | 
Facebook<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590176915&sdata=ILW%2BPdv1fgHooOkbQlkP9ei%2BJOsk7YlCMzYNU572flU%3D&reserved=0>
 | Blog<https://www.studentclearinghouse.org/nscblog/> | Instagram<https://www.instagram.com/NSClearinghouse/>

Serving Education Since 1993



This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain 
confidential or privileged information. If you receive this message in error, please contact the sender and delete all 
copies.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Catherine Ullman
Sent: Thursday, January 14, 2021 12:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ATP vs. just Defender in lab/clinic environments



Hi Folks!



We, at the University at Buffalo, have recently moved to a Microsoft A5 license and are currently working on rolling 
out many of the new features.  Currently we are planning our Windows Defender for Endpoint (Advanced Threat Protection) 
rollout and have some decisions to make which we were hoping to hear how others implemented this.  We have a few 
different shared computing paradigms in which we are trying to decide if licensing the machine for Defender for 
Endpoint is appropriate or if using just the embedded windows defender from the operating system is adequate.  Some of 
these systems are as follows:



Campus Public Labs:

These are VDI machines that are used by students.  The machines are provisioned on demand and destroyed upon logout.



Department Labs:

These are bare metal machines shared by students located in a shared space within a specific school.



Campus Clinics:

These are VDI/Citrix desktops that are used by students, like labs they are provisioned on demand and destroyed upon 
logout, but process more sensitive information than the labs.



Any thoughts or lessons learned from your implementation would be greatly appreciated.  Thanks in advance!



Best,

Cathy





Dr. Catherine J Ullman

Senior Information Security Forensic Analyst

Information Security Office

University at Buffalo

cende () buffalo edu<mailto:cende () buffalo edu>







**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

ATP vs. just Defender in lab/clinic environments Catherine Ullman (Jan 14)
- Re: ATP vs. just Defender in lab/clinic environments John Ramsey (Jan 14)
- <Possible follow-ups>
- Re: ATP vs. just Defender in lab/clinic environments Blake Brown (Jan 14)
  - Re: [External]:Re: [SECURITY] ATP vs. just Defender in lab/clinic environments Ferland, William (Jan 14)
  - Re: ATP vs. just Defender in lab/clinic environments Curt Kappenman (Jan 14)
    - Re: ATP vs. just Defender in lab/clinic environments Jamie Schademan (Jan 14)
  - Re: ATP vs. just Defender in lab/clinic environments Catherine Ullman (Jan 14)