Educause Security Discussion mailing list archives
Re: Microsoft Defender ATP
From: "Menne, Michael S" <michael.menne () MNSU EDU>
Date: Thu, 12 Mar 2020 16:15:44 +0000
We used it for a short time. The only reason we aren't is because of a migration from our own Office 365 tenant to a system wide Office 365 tenant where it isn't enabled yet. I'm hoping to get it up and running again by the end of the semester. We didn't catch a lot of stuff with it, but for the most part we don't have a virus/malware problem. It did continually flag a piece of software that was virtualized via a VMWare packaging solution due to the way it was fusing two pieces of software together. It wasn't malicious, but appeared as malicious due to the injection techniques used. I like the concept behind it of being behavior based rather than signature based. It still has the signature base of Defender, but adds the layer of the behavior analysis. The Windows solution was very easy to deploy. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 mnsu.edu/cyberaware<https://mnsu.edu/cyberaware> [signature_2008603909] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Watkins, Jameson Sent: Thursday, March 12, 2020 10:26 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Microsoft Defender ATP Hi all, Our Sophos anti-virus licenses are up for renewal this summer and we're reviewing the landscape. We've landed on looking at MS Defender ATP. It's ranked highly in the Gartner magic quadrant and reviews we've seen are favorable. The cost for us to move to the security option of the A5 license tier, when combined with everything else offered, makes it a hard deal to pass up. But I've not seen a peep out of customers using it, especially in higher ed. Is anyone using it? What are we missing? We also haven't seen details on how it handles ransomware. Sophos has a crypto guard that stops files from encrypting which has saved us at least once. Anyone have more info on how Defender handles it? Finally and more broadly, does anyone have advice on how you actually test endpoint detection without using live viruses? Thanks. Jameson Watkins Chief Information Officer Pacific Northwest University of Health Sciences 509.249.7719 www.pnwu.edu<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pnwu.edu%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cb8cda6b62871491a6c6b08d7c699bc25%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C1%7C637196235903702855&sdata=R5brz78p5pk%2BHi7nrDgFMSd6q3GtsVt0AHHm9u8C6kw%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Cb8cda6b62871491a6c6b08d7c699bc25%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C1%7C637196235903702855&sdata=Gj2YOg0YTOVqsqo1hBxduzQrNrNB4qEjFgeT%2BADflfQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Microsoft Defender ATP Watkins, Jameson (Mar 13)
- Re: Microsoft Defender ATP Menne, Michael S (Mar 13)
- Re: Microsoft Defender ATP Foss, Henry L. (Mar 13)
- Re: Microsoft Defender ATP Mercy Lopez (Mar 13)
- Re: Microsoft Defender ATP Brian Epstein (Mar 13)
- Re: Microsoft Defender ATP King, Ronald A. (Mar 13)
- Re: Microsoft Defender ATP Dexter Caldwell (Mar 13)
- Re: Microsoft Defender ATP Kimmitt, Jonathan (Mar 13)
- Re: Microsoft Defender ATP John Ramsey (Mar 13)
- Re: Microsoft Defender ATP King, Ronald A. (Mar 13)