Educause Security Discussion mailing list archives
Re: Cylance
From: Stefan Wahe <stefan.wahe () WISC EDU>
Date: Wed, 7 Jun 2017 19:26:28 +0000
We have been piloting Cisco AMP and Palo Traps on our campus as a possible alternative to tradition anti-virus. We are working on comparison data of what is detected, false-positives and time-to-remediate. Cylance is an interesting player in this space, however, they came to us after the TRAP and AMP discussions. Stefan Wahe ***************************** Stefan Wahe University of Wisconsin-Madison Office of Cybersecurity Associate Chief Information Security Officer HIPAA Security Officer 608-265-1177 From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Rob Milman <rob.milman () SAIT CA> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wednesday, June 7, 2017 at 2:16 PM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Cylance Hi Shaun, I agree with the comments about moving on from signature based AV, but with caution. Some “next-gen” endpoint protection does not have the quarantine and disinfect capabilities that we have grown so used to over the years. I can’t speak for Cylance, but most are running a combination of both traditional AV and “next-gen” behavior based endpoint protection. As a side note, we are piloting Microsoft Advanced Threat Protection on our Windows 10 machines and it’s been nothing short of impressive. It has alerted us to one ransomware infection that was stopped before any damage was done and provided a complete chain of event that led up to the infection. I was impressed by how far Microsoft has upped their game in this area. Regards, Rob Rob MilmanSecurity & Compliance AnalystInformation Systems Southern Alberta Institute of TechnologyEH Crandell Building, GA 2141301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173rob.milman () sait ca From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun Gray Sent: Wednesday, June 07, 2017 12:47 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cylance Anyone have any experience with Cylance? I’m strongly considering moving on from Symantec. The sales pitch sounds great with the intelligence, but a part of me wants to hold on to my old definition based AV. Anyone have thoughts on this product or approach? Dr. Shaun L. Gray, GSEC Network Engineer Medford Township Board of Education P / 609-975-6159
Attachment:
smime.p7s
Description:
Current thread:
- Cylance Shaun Gray (Jun 07)
- Re: Cylance WALTER KERNER (Jun 07)
- Re: Cylance Shettler, David (Jun 07)
- Re: Cylance Rob Milman (Jun 07)
- Re: Cylance Ladwig, John M (Jun 07)
- Re: Cylance Bernardo Manuel Vasquez (Jun 08)
- <Possible follow-ups>
- Re: Cylance Stefan Wahe (Jun 07)
- Re: Cylance Baillio, Aaron (Jun 07)
- Re: Cylance Brian Basgen (Jun 07)
- Re: Cylance Haas, Mike (Jun 07)
- Re: Cylance Baillio, Aaron (Jun 07)