Educause Security Discussion mailing list archives

Re: Malware remediation?

From: "King, Ronald A." <raking () NSU EDU>
Date: Thu, 10 Jan 2013 15:29:59 -0500

We recently upgraded our firewalls to Palo Alto Networks' next-gen hardware.
We are very happy with them.  They have threat (IPS) detection and
prevention, AV detection and blocking, and URL filtering.  We subscribe to
their Wildfire service, which is comparable to the FireEye we tested late
last year.  When the firewalls detect and new EXE is downloaded, the file is
also downloaded to a virtual testing system on their network where they
monitor its actions, create a report of potential malware, and sends it to
us.  It has been very effective.

I will admit, I have been skeptical of the "all-in-one" boxes in the past,
but, the PAN firewalls are doing the work of four different devices very
effectively.

Ronald King
Security Engineer
Norfolk State University
http://security.nsu.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Russ Leathe
Sent: Thursday, January 10, 2013 10:12 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Malware remediation?

We are currently poc with bit9 and FireEye for malware detection.  I like
both products so far.   Do you currently own one of these products?  Would
you care to give me your pro's/con's, what you would do differently, etc.

Perhaps you went another direction?

Thanks!

Russ



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Samuel Gaudet
Sent: Wednesday, January 09, 2013 2:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pentest Agreement

Ed Skoudis has a good boilerplate memo he shares with his students that is
designed to protect employees in a situation similar to yours:

http://www.counterhack.net/permission_memo.html

Hope this helps,
Sam

On Wed, Jan 9, 2013 at 2:21 PM, Adam Vedra <avedra () calvin edu> wrote:

Would any one be willing to share an example of an internal pentest 
agreement/permission document between an employer and an information 
security employee, ideally one that is used in your own organization? 
So far the examples I have turned up are more or less contracts 
between an organization and an outside third party.

Thank you for your help and input!

Adam



Adam P. Vedra, CISSP, GSEC
Information Security Officer
Calvin College




--
Sam Gaudet
Systems Security Analyst
University of Maine System
Office: (207) 973-3297

Attachment: smime.p7s
Description:

Current thread:

Malware remediation? Russ Leathe (Jan 10)
- Re: Malware remediation? Joel Rosenblatt (Jan 10)
  - Re: Malware remediation? Stein, Nico Alexander (Jan 10)
- Re: Malware remediation? King, Ronald A. (Jan 10)