Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [EXTERNAL] Re: [SECURITY] Endpoint protection vendors

From: "Bridges, Robert A." <0000008d8011d045-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Fri, 20 Nov 2020 21:07:21 +0000

FWIW, the AI ATAC 1 challenge
https://www.challenge.gov/challenge/artificial-intelligence-applications-to-autonomous-cybersecurity-challenge/

was the largest scale test of these tools to our knowledge.

Winner was announced last spring:

https://www.fireeye.com/blog/products-and-services/2020/03/fireeye-supports-cyber-security-non-profits-with-navwar-ai-challenge-earnings.html

Worth noting that the challenge required no cloud connections, as I think is required for Crowdstrike.

Research results show that it is worth running an endpoint signature-based detector AND an ML-based detector as they 
complement each other and all varieties of both are relatively low true positive rates (relative to what salesmen/ 
-women often tout).

Also consider the Mitre Evaluation:

https://attackevals.mitre-engenuity.org/APT3/results/fireeye/


Robert A. Bridges, PhD
Acting Cybersecurity Research Group Leader
Oak Ridge National Laboratory


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Benjamin Stein 
<000001b2a02f8b85-dmarc-request () LISTSERV EDUCAUSE EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, November 20, 2020 at 3:30 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [EXTERNAL] Re: [SECURITY] Endpoint protection vendors

Our unit has been happy with Crowdstrike – about 18 months usage.

Aside from the obvious, it has also been useful for things like tracking down the processes related to outbound SSL and 
other traffic.

And another plus is that with what Crowdstrike is collecting we don’t need to try to collect as much OS data in our 
local Splunk.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, November 20, 2020 at 10:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Endpoint protection vendors
I have experience with Crowdstrike (Enterprise) and Defender ATP.  Crowdstrike is an excellent solution, and I 
recommend considering Defender ATP if you have Microsoft Premier support (for better technical support and eligibility 
for add-on services).

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Adams, Jason
Sent: Friday, November 13, 2020 5:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Endpoint protection vendors

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you 
recognize the sender and know the content is safe.

Hello,

We are looking into replacing our traditional anti-virus (Avast) with “next-gen” EDR/EPP products. We are doing POC’s 
with Crowdstrike and SentinelOne (their enterprise-type package) but also looking at Cyberreason and possibly Sophos. 
Does anyone have experience with any of these and recommend one over the other? Is there another product we should 
consider?

Thanks in advance!

------------------
Jason Adams
Senior Director of Information Technology
Denver Seminary
6399 South Santa Fe Drive
Littleton, CO 80120
303-762-6936
www.denverseminary.edu<http://www.denverseminary.edu/>

Technology Questions? call: 303-762-6983 (x2020) or click here to email<mailto:helpdesk () denverseminary 
edu?subject=%20&body=Provide%20detail%20on%20how%20we%20can%20help%20you:> | IT Tips and 
News<https://denverseminary.sharepoint.com/sites/IT>
We are hiring! Visit: https://denverseminary.edu/about/employment/


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: