Educause Security Discussion mailing list archives

Re: Cylance

From: "Haas, Mike" <mhaas () LRHSD ORG>
Date: Thu, 8 Jun 2017 00:27:33 +0000

http://www.govinfosecurity.com/blogs/anti-virus-wars-sophos-vs-cylance-p-2172

Sent from my iPhone
-------------------------
Michael Haas
Information Technology Coordinator
Lenape Regional High School District

On Jun 7, 2017, at 20:21, Brian Basgen <brian_basgen () EMERSON EDU<mailto:brian_basgen () EMERSON EDU>> wrote:


 I haven't been able to get a straight answer out of Cylance about their efficacy. The sales pitch is great: sensible 
and logical. But is there a qualitative analysis of how much better a next gen product is compared to the old? It is a 
fair statement that the old model is structurally problematic, but it also works at a certain level of quality, and I'm 
not clear on exactly how these next gen products compare. Finally, it doesn't help that these products are "the hot new 
thing", and thus are quite expensive.

--------------
Brian Basgen
Associate Vice President, Information Technology
Emerson College | 120 Boylston Street | Boston, MA 02116


On Wed, Jun 7, 2017 at 6:13 PM, Baillio, Aaron <abaillio () ou edu<mailto:abaillio () ou edu>> wrote:
I must agree with the previous statement, traditional antivirus can’t keep up.  Gartner has listed endpoint detection 
and response and signatureless detection in their top 10 technologies for the last 2 years.

This is actually a very nuanced topic and unfortunately not a lot of consistent information available except that 
signature based antivirus is dead.  Even well reputed AV test firms can’t agree, especially where it comes to next gen. 
 After a lot of study, even the most “level” of antivirus tests you’ll see published has a little bit of vendor favor, 
spin, etc.

There are pros and cons to going to next gen or staying with the known.  Traditional AV is a $9B/yr business where next 
gen is only around $500M.  Not bad, and it’s growing, but people are used to the traditional approach and the 
saturation is such that it’s just about ubiquitous.

People are coming around to next gen and I think it will continue to grow, especially as they merge with EDR 
capabilities (like Carbon Black, Tanium, etc.).  Next gen touts 95%-99% effectiveness.  We’ve tested live malware, 
including ransomware, on production systems and never lost a beat.

We decided to move away from Sophos and go with the Dell branded Cylance product.  Pros and cons there as well, but we 
couldn’t be happier.  Each next gen product, IMO, has their key selling point.  None of them are similar so it really 
comes down to what fits you best.  I definitely recommend you kick the tires on a number of vendors, side by side 
preferably, in order to make your own determination.

B. Aaron Baillio
Managing Director, Security Operations and Architecture
University of Oklahoma, IT
O: 405-325-7948<tel:(405)%20325-7948>
C: 254-400-6404<tel:(254)%20400-6404>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Stefan Wahe
Sent: Wednesday, June 7, 2017 2:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Cylance

We have been piloting Cisco AMP and Palo Traps on our campus as a possible alternative to tradition anti-virus.  We are 
working on comparison data of what is detected, false-positives and time-to-remediate. Cylance is an interesting player 
in this space, however, they came to us after the TRAP and AMP discussions.

Stefan Wahe



*****************************
Stefan Wahe
University of Wisconsin-Madison
Office of Cybersecurity
Associate Chief Information Security Officer
HIPAA Security Officer
608-265-1177<tel:(608)%20265-1177>
[cid:image001.png@01D2DFB1.53A678F0]




From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Rob Milman <rob.milman () SAIT CA<mailto:rob.milman () SAIT CA>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Wednesday, June 7, 2017 at 2:16 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Cylance

Hi Shaun,

I agree with the comments about moving on from signature based AV, but with caution. Some “next-gen” endpoint 
protection does not have the quarantine and disinfect capabilities that we have grown so used to over the years. I 
can’t speak for Cylance, but most are running a combination of both traditional AV and “next-gen” behavior based 
endpoint protection.

As a side note, we are piloting Microsoft Advanced Threat Protection on our Windows 10 machines and it’s been nothing 
short of impressive. It has alerted us to one ransomware infection that was stopped before any damage was done and 
provided a complete chain of event that led up to the infection. I  was impressed by how far Microsoft has upped their 
game in this area.

Regards,

Rob

[id:image004.png@01D18F19.9217E950]

Rob Milman
Security & Compliance Analyst
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 – 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401<tel:(403)%20774-5401>  (Cell) 403.606.3173<tel:(403)%20606-3173>
rob.milman () sait ca<mailto:rob.milman () sait ca>





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shaun 
Gray
Sent: Wednesday, June 07, 2017 12:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Cylance

Anyone have any experience with Cylance? I’m strongly considering moving on from Symantec. The sales pitch sounds great 
with the intelligence, but a part of me wants to hold on to my old definition based AV. Anyone have thoughts on this 
product or approach?


Dr. Shaun L. Gray, GSEC
Network Engineer
Medford Township Board of Education
P / 609-975-6159<tel:(609)%20975-6159>
<image003.jpg>


********************************************************** This electronic transmission and any documents transmitted 
as attachments contain information from the Lenape Regional High School District that may be proprietary, confidential 
and/or privileged under state or federal law. The information is intended for the sole use of the individual(s) or 
entity named above. The individual(s) or entity named above as the receipt of this information is expressly prohibited 
from disclosing this information to any other party unless required to do so by state or federal law or regulation. If 
you are not the intended recipient, be aware that any disclosure, copying or distribution or use of the contents of 
this electronic transmission and any document attachments is expressly prohibited. If you have received this electronic 
transmission in error, please notify the sender immediately by replying to the address listed above and delete or 
destroy all copies of the original electronic transmission. The Lenape Regional High School District does not ensure 
that any electronic transmission of health or educational information will be secure or virus-free, and the sender does 
not accept liability for any errors or omissions, viruses or security breaches which may arise as a result of this 
electronic transmission.vstaff20051130
Current thread:

Cylance Shaun Gray (Jun 07)
- Re: Cylance WALTER KERNER (Jun 07)
- Re: Cylance Shettler, David (Jun 07)
- Re: Cylance Rob Milman (Jun 07)
- Re: Cylance Ladwig, John M (Jun 07)
- Re: Cylance Bernardo Manuel Vasquez (Jun 08)
- <Possible follow-ups>
- Re: Cylance Stefan Wahe (Jun 07)
  - Re: Cylance Baillio, Aaron (Jun 07)
    - Re: Cylance Brian Basgen (Jun 07)
    - Re: Cylance Haas, Mike (Jun 07)