Re: Bit9 and getting rid of anti-virus tool

[Eric Lukens <eric.lukens () UNI EDU>]

A few years ago we determined traditional AV wasn't doing us any good and
switched to Microsoft's solution since we were already licensed for it.
Some AV products claim to include "better" firewalls and
application-whitelisting capabilities, but with the Enterprise editions of
Windows 7 and above (plus Education on Windows 10) you get AppLocker, which
isn't as nice as Bit 9 but we've done surprisingly well with it.
Otherwise, to me it seems most AV product's attempts to stay relevant are
just replications of what is actually available in the operating system or
from Microsoft--such as the EMET. Even worse, sometimes the AV software
doesn't really have these features and is just managing the official
Windows settings for you.

If you are able to afford Bit 9, I'd say use it and downgrade to
Microsoft's AV since you probably are already licensed for it. Our old AV
product created a lot of issues on the computers, especially if it was time
to upgrade. While Microsoft's AV solution is not as good at detection as
other AV software, it is much less burdensome on our computers--using less
resources and installing updates easily without constant care and feeding.
Plus WSUS or SCCM or Windows Update can update the Microsoft AV, so there's
easy ways to keep it up-to-date. The only place the Microsoft AV is
somewhat annoying is on centralized reporting, which is required by some
security standards. SCCM is required for centralized reporting, unless you
use something to watch the logs on the machines for alerts.

EMET: https://technet.microsoft.com/en-us/security/jj653751

On Wed, Apr 27, 2016 at 6:49 PM, Fulton, Lora <lfulton () bu edu> wrote:

> Usually we need to keep AV around for compliance purposes as the new
> products are not yet recognized as acceptable replacements (or at least
> they weren’t last I heard which was a few months ago now).
>
> -Lora
>
> [image: http://www.bu.edu/brand/files/2012/10/master-logo-small.gif]
>
> *Lora Fulton* | Manager, Incident Response and Vulnerability Program,
> Information Services & Technology
> 111 Cummington Mall | Boston University | Boston, Massachusetts 02215
> 617.353.8293 |  lfulton () bu edu     Send me a secure message
> <https://securecontact.me/lfulton () bu edu>
>
> *Listen. Learn. Lead.*
>
>
>
>
> From: EDUCAUSE Listserv on behalf of Sue Rivera
> Reply-To: EDUCAUSE Listserv
> Date: Wednesday, April 27, 2016 at 7:00 PM
> To: EDUCAUSE Listserv
> Subject: [SECURITY] Bit9 and getting rid of anti-virus tool
>
> Hello everyone!
>
> Has anyone implemented Bit9/Carbon Black EDR tool and been able to do away
> with anti-virus tool, such as McAfee or Symantec? Or, do we need both and
> why?
>
>
>
> All comments welcome! Thank you in advance!
>
>
>
> Sue Rivera
>
> Information Security Analyst
>
> Office of Information Security
>
> Information Technology Services
>
> California State University Bakersfield
>
> https://www.csub.edu/its/
>
> https://twitter.com/itscsub
>
>
>
> 661-654-2408



-- 
Eric C. Lukens
IT Security Compliance & Policy Analyst
ITS-Information Security
Curris Business Building 15
University of Northern Iowa
Cedar Falls, IA 50614-0121
(319) 273-7434
http://www.uni.edu/elukens/

"Security is a process, not a product."  Bruce Schneier