Educause Security Discussion mailing list archives
Re: ATP vs. just Defender in lab/clinic environments
From: Catherine Ullman <cende () BUFFALO EDU>
Date: Thu, 14 Jan 2021 20:56:06 +0000
Just to make sure our request doesn't get derailed -- I think it's great if folks want to have a conversation about the licensing features, but the goal of this message was really not about understanding the differences in licensing per se. It was ultimately to determine whether it makes sense, specifically in a couple of use cases, to pay the extra fee for machine licenses so that shared machines can run ATP. I apologize if that was not clear from my original request. We have an A5 license for most of our faculty/staff, but not students. Furthermore, that does not cover shared machines. Shared machines are licensed for an extra cost above and beyond our licensing, since we don't cover students. For student personal machines, they're expected to use the built-in Defender installation. What we want to know is what entities are doing for the shared machine use cases below - are you just running the Defender that is built in or are you paying for the licensing for full ATP in some capacity (whether it's because you license everyone or you pay the additional fee)? Campus Public Labs: These are VDI machines that are used by students. The machines are provisioned on demand and destroyed upon logout. Department Labs: These are bare metal machines shared by students located in a shared space within a specific school. Campus Clinics: These are VDI/Citrix desktops that are used by students, like labs they are provisioned on demand and destroyed upon logout, but process more sensitive information than the labs. Thanks! Best, Cathy From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Blake Brown Sent: Thursday, January 14, 2021 1:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] ATP vs. just Defender in lab/clinic environments A5/E5 general conversation would be most helpful. We are A3 and looking at the A5 Security Add On. Thanks, Blake From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > on behalf of John Ramsey <000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU <mailto:000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU> > Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > Date: Thursday, January 14, 2021 at 10:53 AM To: "SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> " <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > Subject: Re: [SECURITY] ATP vs. just Defender in lab/clinic environments External Email We are using E5 extensively and pretty much leveraging everything. Am happy to have a conversation on this. Also, if there are a few interested in A5/E5, maybe a broader conversation is warranted as well. John Ramsey, Chief Information Security Officer National Student Clearinghouse Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT 2300 Dulles Station Blvd., Suite 220 Herndon, VA 20171 703.742.4428 | <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.studen tclearinghouse.org%2F&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f2 26408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637462472987730 932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h aWwiLCJXVCI6Mn0%3D%7C1000&sdata=t2vB2U%2BNypUgEvzr%2FqLgqdERPDGXOjOoFbMHXzW5 sJc%3D&reserved=0> studentclearinghouse.org <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linked in.com%2Fcompany%2Fnational-student-clearinghouse&data=04%7C01%7Ccende%40buf falo.edu%7Ca0ff56cac4704c8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a202 50%7C0%7C0%7C637462472987730932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DrP4k4ZlBcBw%2Fk EwAPjTVNFtq%2BQ6gy3RwHjNGiStPik%3D&reserved=0> LinkedIn | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.c om%2Fnsclearinghouse&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f22 6408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6374624729877408 86%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha WwiLCJXVCI6Mn0%3D%7C1000&sdata=ppFW6sTlhCuDJvFc6woulaRR1Jd64ab1L2aE3wJBBq0%3 D&reserved=0> Twitter | <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebo ok.com%2FNSClearinghouse&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c 8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637462472987 740886%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I k1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ViMwY9%2BorbFmfW3Ae8n6hSBSNz62jma2Fm%2BR8 jfiogc%3D&reserved=0> Facebook | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.stude ntclearinghouse.org%2Fnscblog%2F&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56 cac4704c8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6374 62472987750844%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=d%2BBYOjKXecQ87ptlHit6eqxZF808KLp KphzMZB3ExAk%3D&reserved=0> Blog | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.insta gram.com%2FNSClearinghouse%2F&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac 4704c8f226408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6374624 72987750844%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FLqFXpZzdh%2BkhLpqDzU%2FsE9wydn9RH opGD5rMWIVOus%3D&reserved=0> Instagram Serving Education Since 1993 This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain confidential or privileged information. If you receive this message in error, please contact the sender and delete all copies. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > On Behalf Of Catherine Ullman Sent: Thursday, January 14, 2021 12:08 PM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] ATP vs. just Defender in lab/clinic environments Hi Folks! We, at the University at Buffalo, have recently moved to a Microsoft A5 license and are currently working on rolling out many of the new features. Currently we are planning our Windows Defender for Endpoint (Advanced Threat Protection) rollout and have some decisions to make which we were hoping to hear how others implemented this. We have a few different shared computing paradigms in which we are trying to decide if licensing the machine for Defender for Endpoint is appropriate or if using just the embedded windows defender from the operating system is adequate. Some of these systems are as follows: Campus Public Labs: These are VDI machines that are used by students. The machines are provisioned on demand and destroyed upon logout. Department Labs: These are bare metal machines shared by students located in a shared space within a specific school. Campus Clinics: These are VDI/Citrix desktops that are used by students, like labs they are provisioned on demand and destroyed upon logout, but process more sensitive information than the labs. Any thoughts or lessons learned from your implementation would be greatly appreciated. Thanks in advance! Best, Cathy Dr. Catherine J Ullman Senior Information Security Forensic Analyst Information Security Office University at Buffalo cende () buffalo edu <mailto:cende () buffalo edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f226 408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63746247298775084 4%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW wiLCJXVCI6Mn0%3D%7C1000&sdata=MmMcDqC7%2FRp9B%2FwjCd0hXSWDZyp54pOnKulQvPxcP8 g%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f226 408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63746247298776080 0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW wiLCJXVCI6Mn0%3D%7C1000&sdata=3iDq4GNgiXfWrC9mG9NafiTYuytgY4pgtQ9lUbxU%2Fa0% 3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ccende%40buffalo.edu%7Ca0ff56cac4704c8f226 408d8b8bde22a%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63746247298776080 0%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW wiLCJXVCI6Mn0%3D%7C1000&sdata=3iDq4GNgiXfWrC9mG9NafiTYuytgY4pgtQ9lUbxU%2Fa0% 3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
smime.p7s
Description:
Current thread:
- ATP vs. just Defender in lab/clinic environments Catherine Ullman (Jan 14)
- Re: ATP vs. just Defender in lab/clinic environments John Ramsey (Jan 14)
- <Possible follow-ups>
- Re: ATP vs. just Defender in lab/clinic environments Blake Brown (Jan 14)
- Re: [External]:Re: [SECURITY] ATP vs. just Defender in lab/clinic environments Ferland, William (Jan 14)
- Re: ATP vs. just Defender in lab/clinic environments Curt Kappenman (Jan 14)
- Re: ATP vs. just Defender in lab/clinic environments Jamie Schademan (Jan 14)
- Re: ATP vs. just Defender in lab/clinic environments Catherine Ullman (Jan 14)