Again, it's all low effort attacks being blocked by a mostly low effort system (granted, EPO has a lot more effort to it than many AV products). And it occasionally catches developers who are more curious than careful when installing stuff. We've had malicious Office documents picked up, which might have led to more serious incidents. That said, it does catch the occasional malvertising script, as our users flit about the web. It usually means a whole lot of work proving that some official installer isn't actually infected with something bad. I groan at every "Artemis" alert showing up in my queue. I mean, I don't even get file hashes in the alert emails, WTF? The false positives out of it are legion. And I whole heatedly agree, its a flaming pile of dung. I'm over on the infosec side of the IT fence these days, and regularly respond to alerts from McAfee EPO (of all things). It's a low effort way to stop low effort attacks which manage to make it through every other layer of security. Or one of the myriad of drive-by-download malware attacks. AV exists to stop your users from being infected when they open a phishing email with an infected Word doc from some random group who just bought and configured TrickBot with their own info. But, you (hopefully) have other tools for that. Sure, it's not going to stop some novel attack from an APT. While I'd agree that AV is mostly just a compliance checkbox item, it does serve as one more layer in your security. It reminds me of my excitement when I discovered pfSense, except this also does layer 7. But any time I use a PA I'm just blown away at how good they are and how thoughtful the engineering is. I'm not really enthusiastic about much tech these days, I think engineering is a lost art. A logging system with a really powerful, wireshark-style filtering mechanism.SSL decryption model that works incredibly well (including giving clients the option to accept bad certs).an application database that includes the latest applications- Tor, DNS-over-TLS / HTTPS.An XML-based configuration that makes doing manual backups really easy, and recovering if everything blows up possible (again, see REST / CLI options).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |