Main Nav

Message from russ.leathe@gordon.edu

We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care to give me your pro's/con's, what you would do differently, etc. Perhaps you went another direction? Thanks! Russ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet Sent: Wednesday, January 09, 2013 2:25 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Pentest Agreement Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: http://www.counterhack.net/permission_memo.html Hope this helps, Sam

Comments

Hi, I guess we fall in the category of "went another direction" :-) Enjoy! Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Thursday, January 10, 2013 3:11 PM +0000 Russ Leathe wrote: > We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care > to give me your pro's/con's, what you would do differently, etc. > > Perhaps you went another direction? > > Thanks! > > Russ > > > > -----Original Message----- > From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet > Sent: Wednesday, January 09, 2013 2:25 PM > To: SECURITY@LISTSERV.EDUCAUSE.EDU > Subject: Re: [SECURITY] Pentest Agreement > > Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: > > http://www.counterhack.net/permission_memo.html > > Hope this helps, > Sam > >
Thanks Joel, this is very informative! Regards, Nico A. Stein Network Administrator The Catholic University of America 202-319-6416 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joel Rosenblatt Sent: Thursday, January 10, 2013 1:25 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Malware remediation? Hi, I guess we fall in the category of "went another direction" :-) Enjoy! Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Thursday, January 10, 2013 3:11 PM +0000 Russ Leathe wrote: > We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care > to give me your pro's/con's, what you would do differently, etc. > > Perhaps you went another direction? > > Thanks! > > Russ > > > > -----Original Message----- > From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet > Sent: Wednesday, January 09, 2013 2:25 PM > To: SECURITY@LISTSERV.EDUCAUSE.EDU > Subject: Re: [SECURITY] Pentest Agreement > > Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: > > http://www.counterhack.net/permission_memo.html > > Hope this helps, > Sam > >
We recently upgraded our firewalls to Palo Alto Networks' next-gen hardware. We are very happy with them. They have threat (IPS) detection and prevention, AV detection and blocking, and URL filtering. We subscribe to their Wildfire service, which is comparable to the FireEye we tested late last year. When the firewalls detect and new EXE is downloaded, the file is also downloaded to a virtual testing system on their network where they monitor its actions, create a report of potential malware, and sends it to us. It has been very effective. I will admit, I have been skeptical of the "all-in-one" boxes in the past, but, the PAN firewalls are doing the work of four different devices very effectively. Ronald King Security Engineer Norfolk State University http://security.nsu.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Russ Leathe Sent: Thursday, January 10, 2013 10:12 AM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: [SECURITY] Malware remediation? We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care to give me your pro's/con's, what you would do differently, etc. Perhaps you went another direction? Thanks! Russ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet Sent: Wednesday, January 09, 2013 2:25 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Pentest Agreement Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: http://www.counterhack.net/permission_memo.html Hope this helps, Sam
Message from russ.leathe@gordon.edu

We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care to give me your pro's/con's, what you would do differently, etc. Perhaps you went another direction? Thanks! Russ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet Sent: Wednesday, January 09, 2013 2:25 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Pentest Agreement Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: http://www.counterhack.net/permission_memo.html Hope this helps, Sam
Hi, I guess we fall in the category of "went another direction" :-) Enjoy! Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Thursday, January 10, 2013 3:11 PM +0000 Russ Leathe wrote: > We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care > to give me your pro's/con's, what you would do differently, etc. > > Perhaps you went another direction? > > Thanks! > > Russ > > > > -----Original Message----- > From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet > Sent: Wednesday, January 09, 2013 2:25 PM > To: SECURITY@LISTSERV.EDUCAUSE.EDU > Subject: Re: [SECURITY] Pentest Agreement > > Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: > > http://www.counterhack.net/permission_memo.html > > Hope this helps, > Sam > >
Thanks Joel, this is very informative! Regards, Nico A. Stein Network Administrator The Catholic University of America 202-319-6416 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joel Rosenblatt Sent: Thursday, January 10, 2013 1:25 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Malware remediation? Hi, I guess we fall in the category of "went another direction" :-) Enjoy! Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Thursday, January 10, 2013 3:11 PM +0000 Russ Leathe wrote: > We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care > to give me your pro's/con's, what you would do differently, etc. > > Perhaps you went another direction? > > Thanks! > > Russ > > > > -----Original Message----- > From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet > Sent: Wednesday, January 09, 2013 2:25 PM > To: SECURITY@LISTSERV.EDUCAUSE.EDU > Subject: Re: [SECURITY] Pentest Agreement > > Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: > > http://www.counterhack.net/permission_memo.html > > Hope this helps, > Sam > >
We recently upgraded our firewalls to Palo Alto Networks' next-gen hardware. We are very happy with them. They have threat (IPS) detection and prevention, AV detection and blocking, and URL filtering. We subscribe to their Wildfire service, which is comparable to the FireEye we tested late last year. When the firewalls detect and new EXE is downloaded, the file is also downloaded to a virtual testing system on their network where they monitor its actions, create a report of potential malware, and sends it to us. It has been very effective. I will admit, I have been skeptical of the "all-in-one" boxes in the past, but, the PAN firewalls are doing the work of four different devices very effectively. Ronald King Security Engineer Norfolk State University http://security.nsu.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Russ Leathe Sent: Thursday, January 10, 2013 10:12 AM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: [SECURITY] Malware remediation? We are currently poc with bit9 and FireEye for malware detection. I like both products so far. Do you currently own one of these products? Would you care to give me your pro's/con's, what you would do differently, etc. Perhaps you went another direction? Thanks! Russ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Gaudet Sent: Wednesday, January 09, 2013 2:25 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] Pentest Agreement Ed Skoudis has a good boilerplate memo he shares with his students that is designed to protect employees in a situation similar to yours: http://www.counterhack.net/permission_memo.html Hope this helps, Sam
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.