Educause Security Discussion mailing list archives

Re: Endpoint Protection - App Whitelisting?

From: "Hudson, Edward" <ehudson () CALSTATE EDU>
Date: Mon, 13 Nov 2017 18:43:46 +0000

Chad

Interesting experience with CB. We have it fully deployed on all endpoints in High Enforcement mode and have had no 
problems and little technical overhead once we got the library built and started dialing in the enforcment. As part of 
our endpoint approach (AV, Whitelisting and BU) we haven’t re-imaged an endpoint due to malware/ransomware in over a 
year. We are not fully deployed with CB on servers.

Ed

 

 

Ed Hudson

Interim CISO 

401 Golden Shore

Long Beach, CA 90802

Tel 562-951-8431

ehudson () calstate edu

 

I subscribe to e-mail classification: i=Information, a=Action, u=Urgent

 

 

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Chad Tracy 
<chad.tracy () COLBY EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, November 13, 2017 at 10:19 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Endpoint Protection - App Whitelisting?

 

Good afternoon,

 

We currently use Carbon Black's CB Protection (application whitelisting) on some of our end user computers (we have a 
licensing for 300 endpoints... however we only ever got it working on around 70 Windows machines...) It has not been 
working out well and we are looking to move in a different direction. 

 

I recently learned, from a call with Gartner, that "typically" application whitelisting is utilized on servers and 
systems that are fairly locked down (think of machines used by the insurance and medical industry, kiosks...) 

 

Knowing this, we are looking to see what you all are doing to lock down your systems to assist in ransomware and 
zero-day incidents:

 

Have any of you had luck in deploying application whitelisting on their end users machines... or is this a lost cause 
that takes to much money and FTEs to support?

 

Do you have Endpoint protection deployed on your campus? 

 

If so, who with?

 

Kind Regards,

 

Chad Tracy 

Director of Information Security

Colby College 

Waterville, ME 04901

207 . 859 . 4199

chad.tracy () colby edu

Attachment: smime.p7s
Description:

Current thread:

Endpoint Protection - App Whitelisting? Chad Tracy (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Scott Stoops (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Hudson, Edward (Nov 13)
  - Re: Endpoint Protection - App Whitelisting? Erik D Evans (Nov 14)
- Re: Endpoint Protection - App Whitelisting? BRIAN R GRILLI (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Shen, Philip *HS (Nov 13)
- <Possible follow-ups>
- Re: Endpoint Protection - App Whitelisting? James McClure (Nov 13)
- Re: Endpoint Protection - App Whitelisting? Rich Graves (Nov 13)