Educause Security Discussion mailing list archives
Re: endpoint security software
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Tue, 8 Mar 2016 10:02:01 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/03/16 08:45, Ashfield, Matt (NBCC) wrote:
Our institution, like a large percentage in higher ed are running the Microsoft security essentials on desktops, which is included in our licensing agreement with Microsoft. While that works ok for AV detection, I'm wondering if any institutions out there are doing running additional desktop security software (e.g. anti-malware software like MalwareBytes, or others) and if so, if you had related RFP/RFI for such a procurement. Any info you can provide is appreciated.
Matt - just a quick tangential comment related to SCEP/Security Essentials. - From my perspective, I'm about 15:1 (and 20:1 some times) in detecting infected systems using Snort with the "free" Emerging Threats rules and following up with further Bro mining versus what we find/block with SCEP. I suspect that would favour me even more if we used the Pro rules and that it would favour AV/AM a little more if we layered additional AV/AM. MBAM is great as part of a tiered approach, even if it's just for your "high value targets". As with traditional AV, you need to decide how you're going to act when it sees something. I view an AV/AM alert as confirmation that the endpoint needs to be wiped and imaged (or acquired for further forensics, depending on the data on or accessed by the system) so it's (sometimes) useful from a containment perspective but I really treat most AV/AM as HIDS. kmw -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlbe6WYACgkQsKMTOtQ3fKFr4ACdHg1MJIABLjfWzrQRmp90M+XK qfEAn3g3ptYt6QwblBQI4ThySJ64hQ4I =q4xO -----END PGP SIGNATURE-----
Current thread:
- endpoint security software Ashfield, Matt (NBCC) (Mar 08)
- Re: endpoint security software Jeff Choo (Mar 08)
- Re: endpoint security software McClenon, Brady (Mar 08)
- Re: endpoint security software Johnson, Matthew (Mar 08)
- Re: endpoint security software Kevin Wilcox (Mar 08)
- Re: endpoint security software Jeff Choo (Mar 08)