Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malware Bytes

From: "Weissbohn, David" <dweissbohn () GOVST EDU>
Date: Thu, 5 Nov 2020 17:19:36 +0000
While I understand that these questionnaires can be a pain, any vendor who pushes back on completing one is an 
immediate red flag. Depending on how hard they push, I would not waste my time with them and instead find a vendor who 
is willing to cooperate. I’d be more concerned with their attitude towards cooperation than actually having the full 
HECVAT.

Dave Weissbohn
Director - Information Security and Compliance

Governors State University
1 University Parkway
University Park, IL 60484

Office: (708) 235-2204

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Menne, Michael S
Sent: Thursday, November 5, 2020 9:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Malware Bytes

Hello all,
We are trying to enter into a site license agreement with Malware Bytes for their Incident Response enterprise cloud 
package.  We are quickly coming to an impasse over the HECVAT and redlining the Master Services Licensing Agreement.

They have a pre-filled out a HECVAT lite. I’ve asked them to complete a full HECVAT.  They are pushing back pretty hard 
against the redlining and filling out the full HECVAT.  Redlining the agreement is non-negotiable based on the way our 
University operates.

I’m wondering how hard I should push for the full HECVAT.  My thought is that the Malware Bytes scanning engine has 
access to ALL of our data, including potentially PCI and HIPAA where I need the most protection.  We already have 
Microsoft Defender ATP, but I find it very difficult to use and understand.  It’s great at forensics, but not as an 
ad-hoc scanning tool when we receive alerts from other sources.

For those that use the HECVAT and HECVAT lite, am I being too much of a hard ass asking for the full HECVAT?


Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
Cell: (507) 405-0717
https://mankato.mnsu.edu/cybersecurityawarenessmonth

[signature_1780264119]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Previous By Date Next
Previous By Thread Next

Current thread: