Educause Security Discussion mailing list archives

Re: Cylance

From: Stefan Wahe <stefan.wahe () WISC EDU>
Date: Wed, 7 Jun 2017 19:26:28 +0000

We have been piloting Cisco AMP and Palo Traps on our campus as a possible alternative to tradition anti-virus.  We are 
working on comparison data of what is detected, false-positives and time-to-remediate. Cylance is an interesting player 
in this space, however, they came to us after the TRAP and AMP discussions. 


Stefan Wahe 

 

 

 

*****************************

Stefan Wahe

University of Wisconsin-Madison

Office of Cybersecurity

Associate Chief Information Security Officer

HIPAA Security Officer

608-265-1177 

 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Rob Milman 
<rob.milman () SAIT CA>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, June 7, 2017 at 2:16 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Cylance

 

Hi Shaun,

 

I agree with the comments about moving on from signature based AV, but with caution. Some “next-gen” endpoint 
protection does not have the quarantine and disinfect capabilities that we have grown so used to over the years. I 
can’t speak for Cylance, but most are running a combination of both traditional AV and “next-gen” behavior based 
endpoint protection. 

 

As a side note, we are piloting Microsoft Advanced Threat Protection on our Windows 10 machines and it’s been nothing 
short of impressive. It has alerted us to one ransomware infection that was stopped before any damage was done and 
provided a complete chain of event that led up to the infection. I  was impressed by how far Microsoft has upped their 
game in this area.

 

Regards,

 

Rob

 

Rob MilmanSecurity & Compliance AnalystInformation Systems Southern Alberta Institute of TechnologyEH Crandell 
Building, GA 2141301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401  (Cell) 403.606.3173rob.milman () sait ca

 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun 
Gray
Sent: Wednesday, June 07, 2017 12:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cylance

 

Anyone have any experience with Cylance? I’m strongly considering moving on from Symantec. The sales pitch sounds great 
with the intelligence, but a part of me wants to hold on to my old definition based AV. Anyone have thoughts on this 
product or approach?

 

 

Dr. Shaun L. Gray, GSEC

Network Engineer

Medford Township Board of Education

P / 609-975-6159

Attachment: smime.p7s
Description:

Current thread:

Cylance Shaun Gray (Jun 07)
- Re: Cylance WALTER KERNER (Jun 07)
- Re: Cylance Shettler, David (Jun 07)
- Re: Cylance Rob Milman (Jun 07)
- Re: Cylance Ladwig, John M (Jun 07)
- Re: Cylance Bernardo Manuel Vasquez (Jun 08)
- <Possible follow-ups>
- Re: Cylance Stefan Wahe (Jun 07)
  - Re: Cylance Baillio, Aaron (Jun 07)
    - Re: Cylance Brian Basgen (Jun 07)
    - Re: Cylance Haas, Mike (Jun 07)