Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [EXTERNAL] Re: [SECURITY] EPS Review

From: "Bridges, Robert A." <0000008d8011d045-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Wed, 6 Jan 2021 22:57:37 +0000
All,
TLDR: research on commercially available malware detection tools https://arxiv.org/abs/2012.09214 (you can go to 
arxiv’s website and search for “Beyond the Hype” so you don’t have to click a link). See the results and the last 
section for takeaways.


Our team has begun focusing on performing evaluations of commercial off the shelf tools to inform SOCs on what is worth 
purchasing. We have just released this paper https://arxiv.org/abs/2012.09214 while it is under review for academic 
publication. It focuses on comparing malware detectors, and it compares 4 tools that can broken into: 2 host v. 2 
network level detectors, 1 signature-based vs. 3 ML-based, and 3 static vs 1 dynamic analysis tool. We created a 
simulation of how a SOC would use the tool to boil all the factors to dollars saved/lost.

**The last section is “Actionable Takeaway” to assist SOCs in what to consider when buying tools.**

Note that part of the agreement to test these commercially available tools is to keep them anonymous, so I cannot give 
specific recommendations.

Our goal is to push the scientific research community to evaluate what is actually being used for security and produce 
useful results for SOCs. If anyone looks at this and has feedback on how we can be more helpful, we have a few more of 
these types of experiments in the works.

Best
Bobby



Robert A. Bridges, PhD
Acting Cybersecurity Research Group Leader
Oak Ridge National Laboratory


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Curt Kappenman 
<ckappenman () ANDERSONUNIVERSITY EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, December 11, 2020 at 10:08 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [EXTERNAL] Re: [SECURITY] EPS Review

Bryan,
  We have been using Cylance for 3+ years and we are thoroughly pleased with it. The detection pattern is different 
than most of the other products I am familiar with.  I would be happy to give you a show-n-tell of the products we use. 
 We also use their Optics product, which is an EDR type product that works hand-in-hand with the Protect product to 
give us another point-of-view into what is going on with our endpoints.
Curt Kappenman
Security Compliance Officer
Anderson University
Anderson, SC

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Barton, Robert 
W." <bartonrt () LEWISU EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Thursday, December 10, 2020 at 5:21 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] EPS Review

Evening,

We are reviewing End-point Protection Suites (EPS) and would love to hear what people think of any of the four options 
below.  We are moving away from our current vendor because of issues with the software and licensing changes.  Anything 
you care to share would be appreciated (please send privately if you don't wish to be noted).  If anybody is willing to 
give me a 30 minute show-n-tell of their software, that would be welcome as well.

Blackberry Cylance
Carbon Black
CrowdStrike
Sophos

Robert W. Barton
Executive Director of Information Security & Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: