Educause Security Discussion mailing list archives

Re: Anti-Virus/Malware Enterprise Options

From: Livio Ricciulli <livio () METAFLOWS COM>
Date: Wed, 8 Jun 2016 11:56:47 -0700

I thought this link might be useful. This is what we actually measuredlast week in our system.


https://www.metaflows.com/stats/antivirus_vendors/

True positive rate in this case is the relative detection rate. So, forexample, if vendor A has .46 it means that 46% of the time they detectedmalicious malware and 54% of the time other vendors detected it but theydid not.Severity and prevalence (x and y) axes measure (1) the average priorityof what they caught (for example Adware has priority 1 but ransomwarehas priority 100) and (2) the total sum of the priorities.


Large bubbles trending toward a red color toward the top right are best..

These measurements seem to vary week to week, depending of the outbreakswe see..


Let me know if you have any questions.

Livio.

On 06/08/2016 09:17 AM, Burke, Ian R. wrote:

We have been using Sophos for a few years now and are switching totheir cloud solution. We have considered switching to the MS platformbut have not yet taken the plunge. Sophos seems to work fairly wellbut is a bit cumbersome to manage when it comes to the stale systemside of things. It will be interesting to see if the cloud platformhelps solve this issue any.

I still believe that all of these AV solutions only stop a smallpercentage of the threats and that a broader solution involving afuller spectrum of protection, including user education, is critical.


Ian

Ian Burke

Information Security Administrator

Information Security – ITS

http://go.middlebury.edu/infosec

Middlebury College

*From:*The EDUCAUSE Security Constituent Group Listserv[mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Garmon, Joel

*Sent:* Wednesday, June 8, 2016 12:11 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Anti-Virus/Malware Enterprise Options

We have been using Microsoft’s System Center Endpoint Protection for awhile now. It does a decent job at detecting virus. But I agree thatyou really need a competent SCCM team to use it.


Contact me directly if you want more information.



Thank you,

Joel Garmon

Director Information Security

Wake Forest University

336-758-2972

http://infosec.wfu.edu/

On Wed, Jun 8, 2016 at 11:42 AM, Brian Griffith <griffibw () whitman edu<mailto:griffibw () whitman edu>> wrote:


    Hey Doug. We recently made the switch from McAfee to SCEP. In our
    somewhat limited testing, they performed similarly. I feel
    slightly better about McAfee (leftover bias against Defender from
    the early days, perhaps?), but not enough to justify the cost. We
    feel like the central administration of SCEP is better/easier (IF
    you already have SCCM up and running), and you get prettier
    reports out of the box. I'm also excited about the MS APT product
    as we transition to Windows 10.

    Brian Griffith

    Information Security Officer

    Whitman College


    On Jun 8, 2016, at 8:32 AM, Doug Brooks <dbrooks () PARKLAND EDU
    <mailto:dbrooks () parkland edu>> wrote:

        We are currently using McAfee as our AV solution but are
        evaluating other options.  We are upgrading to the latest
        McAfee Endpoint Security version for our enterprise but also
        want to consider other products including Microsoft’s System
        Center Endpoint Protection/Defender platform.  The latter
        would save us money but I’m not yet confident that it is a
        viable enterprise solution.

        I’d appreciate any feedback on McAfee, Microsoft or other
        enterprise-grade solutions that you are using.

        Thanks,

        Doug

        Parkland College

        dbrooks () parkland edu <mailto:dbrooks () parkland edu>

        ------------------------------------------------------------------------

        /Email to or from Parkland College employees may be subject to
        disclosure under the Illinois Freedom of Information Act. This
        communication is the property of Parkland College and is
        intended only for use by the recipient identified. If you have
        received this communication in error, please immediately
        notify the sender and delete the original communication. Any
        distribution or copying of this message without the College’s
        prior consent is prohibited./



--
Livio Ricciulli
w +1 (408) 457-1895
m +1 (408) 835-5005

Please review MetaFlows on Google<https://www.google.com/search?q=Metaflows,%20Inc&ludocid=13909832393819891504#lrd=0x0:0xc109a6dd5edb2730,1>

Current thread:

Anti-Virus/Malware Enterprise Options Doug Brooks (Jun 08)
- Re: Anti-Virus/Malware Enterprise Options Brian Griffith (Jun 08)
  - Re: Anti-Virus/Malware Enterprise Options Garmon, Joel (Jun 08)
    - Re: Anti-Virus/Malware Enterprise Options Burke, Ian R. (Jun 08)
    - Re: Anti-Virus/Malware Enterprise Options Livio Ricciulli (Jun 08)
    - Re: Anti-Virus/Malware Enterprise Options McClenon, Brady (Jun 09)
    - Re: Anti-Virus/Malware Enterprise Options Eric Lukens (Jun 09)
  - Re: Anti-Virus/Malware Enterprise Options Kyle Szuta (Jun 08)
- Re: Anti-Virus/Malware Enterprise Options Ric Getter (Jun 09)