As we all know, there are a lot of bad actors who use the internet to try to steal information, money or access to vital computer systems. Antivirus software attempts to identify malicious code that is running on your computer and helps to remove it. Carleton has been using and recommending antivirus programs for years. Other articles in this newsletter highlight ransomware, password managers and ways to protect your privacy.
As time has progressed, the threats to our data and privacy have grown. The antivirus software we have used in the past is no longer sufficient to safeguard the data on our campus computers and servers. A new class of software called Endpoint Detection and Response (EDR) has been created to meet today’s challenges. Malwarebytes is the EDR application that Carleton has recently started deploying to all institutional Windows and macOS devices.
This application continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware. It doesn’t just look for known malicious software; it can also identify never-before-seen threats by monitoring applications and processes to identify suspicious activity. It can prevent users from visiting websites that are known to be dangerous, or stop downloading files that may contain malicious code or present a threat to a user’s privacy.
Malwarebytes can speed the investigation of, and recovery from, a security incident. Malwarebytes includes a process logging capability that acts like a flight data recorder, allowing an analyst to follow the events that lead to a security incident. It is an effective preventative measure to stop ransomware or other security incidents before they can start.
Along with enhanced security, there are privacy issues of which community members should be aware. EDR software works best when there is a security officer at the institution who can analyze the reports it generates. Malwarebytes provides new opportunities for monitoring endpoints (devices connected to our network). It grants privileges for a few people in ITS to connect to any Carleton device with this software installed, to gather information and investigate or remediate a security incident. As with our other existing endpoint, systems, and network management and monitoring tools, ITS takes user privacy seriously. These privileges are only used for sanctioned business purposes, such as investigating the source and remediation of a malware attack.
Malwarebytes is already working to improve the security of our campus systems and data. In just a few weeks, the application has blocked thousands of malicious processes and websites. It is providing genuine security for our personal and institutional data.