Educause Security Discussion mailing list archives
Re: Bit9 and getting rid of anti-virus tool
From: Eric Lukens <eric.lukens () UNI EDU>
Date: Thu, 28 Apr 2016 09:08:17 -0500
A few years ago we determined traditional AV wasn't doing us any good and switched to Microsoft's solution since we were already licensed for it. Some AV products claim to include "better" firewalls and application-whitelisting capabilities, but with the Enterprise editions of Windows 7 and above (plus Education on Windows 10) you get AppLocker, which isn't as nice as Bit 9 but we've done surprisingly well with it. Otherwise, to me it seems most AV product's attempts to stay relevant are just replications of what is actually available in the operating system or from Microsoft--such as the EMET. Even worse, sometimes the AV software doesn't really have these features and is just managing the official Windows settings for you. If you are able to afford Bit 9, I'd say use it and downgrade to Microsoft's AV since you probably are already licensed for it. Our old AV product created a lot of issues on the computers, especially if it was time to upgrade. While Microsoft's AV solution is not as good at detection as other AV software, it is much less burdensome on our computers--using less resources and installing updates easily without constant care and feeding. Plus WSUS or SCCM or Windows Update can update the Microsoft AV, so there's easy ways to keep it up-to-date. The only place the Microsoft AV is somewhat annoying is on centralized reporting, which is required by some security standards. SCCM is required for centralized reporting, unless you use something to watch the logs on the machines for alerts. EMET: https://technet.microsoft.com/en-us/security/jj653751 On Wed, Apr 27, 2016 at 6:49 PM, Fulton, Lora <lfulton () bu edu> wrote:
Usually we need to keep AV around for compliance purposes as the new products are not yet recognized as acceptable replacements (or at least they weren’t last I heard which was a few months ago now). -Lora [image: http://www.bu.edu/brand/files/2012/10/master-logo-small.gif] *Lora Fulton* | Manager, Incident Response and Vulnerability Program, Information Services & Technology 111 Cummington Mall | Boston University | Boston, Massachusetts 02215 617.353.8293 | lfulton () bu edu Send me a secure message <https://securecontact.me/lfulton () bu edu> *Listen. Learn. Lead.* From: EDUCAUSE Listserv on behalf of Sue Rivera Reply-To: EDUCAUSE Listserv Date: Wednesday, April 27, 2016 at 7:00 PM To: EDUCAUSE Listserv Subject: [SECURITY] Bit9 and getting rid of anti-virus tool Hello everyone! Has anyone implemented Bit9/Carbon Black EDR tool and been able to do away with anti-virus tool, such as McAfee or Symantec? Or, do we need both and why? All comments welcome! Thank you in advance! Sue Rivera Information Security Analyst Office of Information Security Information Technology Services California State University Bakersfield https://www.csub.edu/its/ https://twitter.com/itscsub 661-654-2408
-- Eric C. Lukens IT Security Compliance & Policy Analyst ITS-Information Security Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 (319) 273-7434 http://www.uni.edu/elukens/ "Security is a process, not a product." Bruce Schneier
Current thread:
- Bit9 and getting rid of anti-virus tool Sue Rivera (Apr 27)
- <Possible follow-ups>
- Re: Bit9 and getting rid of anti-virus tool Fulton, Lora (Apr 27)
- Re: Bit9 and getting rid of anti-virus tool Eric Lukens (Apr 28)
- Re: Bit9 and getting rid of anti-virus tool Sue Rivera (Apr 28)
- Re: Bit9 and getting rid of anti-virus tool Eric Lukens (Apr 28)
- Re: Bit9 and getting rid of anti-virus tool Cobb, Raisha (Apr 29)
- Re: Bit9 and getting rid of anti-virus tool Alex Keller (Apr 29)
- Re: Bit9 and getting rid of anti-virus tool Hall, Rand (May 03)
- Re: Bit9 and getting rid of anti-virus tool Alex Keller (Apr 29)