Educause Security Discussion mailing list archives

Re: AV (AI or otherwise) for older servers?

From: Steven Alexander <steven.alexander () KCCD EDU>
Date: Fri, 8 Nov 2019 18:19:25 +0000

We evaluated Sentinel One, Endgame, and CrowdStrike.  We had calls/web demos on a few other products but we only tested 
those three.  We chose CrowdStrike because we felt it was the most mature product. We've been happy so far and, after 
attending the user conference this week, I'm excited about some of the new features coming out (host firewall 
management, grouping alerts into incidents, container support).

Deploying the CrowdStrike agent is simple (we use PDQ to push it) and it does not require a reboot.  We run the agent 
on Windows 7, 10, 2008, 2012, and 2016.  It can block malware using its "next-gen AV" and also blocks/detects 
suspicious behavior (e.g. tampering with LSASS.exe).  It has real-time response (you can run commands, retrieve files, 
etc.) for Windows.  It has blocking and detection for Mac, detection only for Linux.  It provides a lot of data for 
alerts and gives you the ability to search across many hosts (e.g. to look for a specific hash or a process name).

We're still learning the product and there's more to it that we're not really taking advantage of yet, but so far so 
good.

Regards,

Steven Alexander
Director of IT Security
Kern Community College District

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Kimmitt, Jonathan
Sent: Thursday, November 7, 2019 10:13 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] AV (AI or otherwise) for older servers?

Hi all,

  Does anybody have any recommendations or success stories for any particular AV-ish type product to run on older 
Microsoft Servers (2012, 2008)?  (something like a Cylance, Sentinel One, etc)

Thanks!

-Jonathan


~
Jonathan Kimmitt
CISSP, PCIP, CEH, CIPM, GPEN, CIPT, CIPP/E
Chief Information Security Officer
Information Technology
The University of Tulsa
918.631.2743



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

AV (AI or otherwise) for older servers? Kimmitt, Jonathan (Nov 07)
- Re: AV (AI or otherwise) for older servers? Pete, Andrew (Nov 07)
  - Re: [EXTERNAL] Re: [SECURITY] AV (AI or otherwise) for older servers? William Greg Price (Nov 07)
- Re: AV (AI or otherwise) for older servers? Kimmitt, Jonathan (Nov 07)
- Re: AV (AI or otherwise) for older servers? Steven Alexander (Nov 08)