![]() Got the heat turned up enough and the number of machines tested to be large enough to hit a landmine - a ransomware delivery system hiding in a Word document that was saved on a local machine in October, 2015 - and here we were in February, 2016. ![]() A few meetings with a sales engineer helped me get my head wrapped around how the levers, knobs and buttons worked, good enough. Puckering.ĭid a POC of Cylance, deployed to specific OU's with GoverLan (a fraction of the hassle of Sophos Central). I took apart some of the samples my buddy sent me, obfuscating the code to change the signature is a trivial task that completely breaks the traditional hashfile signature approach almost all AV products use. Was VERY interested to hear about Cylance's claims, and VERY skeptical! Had an incidental contact with ransomware with a user's machine at home, and heard plenty about attacks from a friend who supports small businesses, so that kind of rapidly iterated attack code really had my hackles up. I had time left on the contract so wasn't in a huge hurry to cut over (back in 2015). ![]() As in, zero results from support, problems just had to age out. I dumped VIPRE for a Sophos combo (hardware, too) as the quality of support went from mediocre to SUCKS on the few occasions I had to use them. I'm guessing the on-prem console is at least as functional as VIPRE for push install/uninstall, but even if you are cloud based, having an offline installer in the box seems a reasonable expectation. The installer is a joke, pushing it out means a giant download at each machine, OR cobbling together an offline installer that gets out of date five times faster than the web installer expires. ![]() Had to send out a registry entry by policy to avoid the barrage of popup notifications about blocked content - hundreds of Web ads later, my testers were getting pretty tired of it. The web filtering isn't particularly granular, and breaks stuff occasionally, but it's way better than just telling users "don't be stupid!" The Sophos product is good as a traditional AV, and is very nice for offsite/mobile systems that aren't protected by a UTM. I'm of the opinion that anti-virus is pointless on an application server/restricted filesystem host. I run Sophos Central (cloud offering) and Cylance both on my endpoints, and Cylance on the few servers that have end-user accessible filesystems. You would test it for yourself! Shocker, I know. In the end, you should never buy a product based off reviews - you wouldn't buy a car based off reviews. We do participate in VirusTotal now: Opens a new window Here is our position (quoted): Opens a new window Here is the article you are referring to: Opens a new window Here is a fact - We did not game the system. Isn't there negative press about everyone? Seriously I have read a lot of negative press about Cylance which makes me a little nervous considering them but it seems a lot of he said she said regarding tampering with tests and not participating in a lot of industry testing competitions. I would imagine some products are better than others at this and there would be cases where only after it is run would it be detected but the aim would be the pre detection on all of the AV packages, I wouldn't consider it unique feature of Cylance. It seems a strange comment, I am no security specialist but my understanding is all AV packages should be able to detect an infected file before it is run. Someone commented to me recently that Cylance is known for its pre execution detection of infections and they hadnt seen a product like this. The Anti Phishing and web control was quite appealing as well although protecting us from infections and attacks are obviously the most important things. Sophos features seem quite impressive from the demo I have seen but of course demos are designed to dazzle. We are looking to protect Win 2016 and Win 2012 servers including VMS, Win 7 and some MAC machines and are looking for a good endpoint package. Has anyone had experience with these products?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |