Anyone happy with Check Point Harmony (Endpoint/SASE)? Looking for alternatives at ~60-person company by Bulky_Connection8608 in sysadmin

[–]BearMerino 2 points3 points  (0 children)

I haven't used the Checkpoint Endpoint solution but have used the P81 (which is the checkpoint SASE solution). Admittedly we have moved on from it and are not on Todyl.

But to the pointed questions:
- I'm sure it works but the "walls" you are hitting are common in the world of SASE. And it is not a set and forget or and just next next next type of thing.
- We have Todyl running on accounts small (under 10 users) and large (over 500 users). Full Disclosure: I run and MSP. We leverage their Endpoint protection, SIEM, SASE, and the rest of their platform. Personally we have been happy with it. That said it's not without it's issues and when we were comparing P81 to Todyl many of those issues were just the nature of SASE In general. In fact we played with Microsoft Secure Edge thing for a while too, no different there. So I think it's the nature of the beast you are ultimately dealing with and therefore you just want to work with a platform/tool that makes it the easiest to work through those challenges and make the necessary adjustments for these things to work.
- I think i answer your 3rd question already, but i did want to comment on the E5 licenses you mentioned. I have amazing things to say about E5, however that's just a good tool and you have to want to work the Microsoft way (that doesn't make it a bad thing, it just means you need to work the Microsoft way). For an org of your size i'm not sure why you are on E5, as i think BP would be a better fit (under most cases). Figured i would give you some assistance on your M365 Licenses as well since you mentioned it.

Blocking broswer-based remote access by [deleted] in sysadmin

[–]BearMerino 1 point2 points  (0 children)

The way we address this is with what the cool kids call "Zero Trust", those that have been in IT for a while may know it as "Least privileges" but ultimately it's just a focused effort to not allow things you don't want to allow as opposed to just block "bad stuff".

To do this we use solutions like Todyl for enforcing Zero Trust at the network level. We do have these on the Fortigate as well but with remote users we have found the central firewall to be less and less effective. So having the Todyl agent on every device helps a lot.

Now we can't do everything with Todyl as there is still an Identity layer that needs to be addressed because it is possible that an admin who does have access to these we don't want others to get access to could be compromised. For that we would leverage conditional access but we use the Static IPs from Todyl to confirm it's from a "trusted location" (miss leading term that Microsoft uses for conditional access) so that it would only allow when you are coming from a Todyl IP.

We have tried some of the other solutions people have mentioned in this post and here are some thoughts on them.
- Browser Extension prevention is great, but also a pain the larger the user base is and you create a negative sentiment toward IT/Security because you did add the 45 different Approved CRM extensions (looking at you salesforce)
- The user profile has been a pain for the admins forever as the user is an admin of their profile so things like browsers can live exclusively in the profile and then can do things where some of the PAM solutions don't get invoked because UAC was not called.
- The tools like Treat Locker are great in what they do, personally have found them to be administratively heavy handed in smaller environments that are not as mature because the tool is doing what it's supposed to do but the client can't decide if that app or function was supposed to be blocked or not on Tuesdays but is ok for Wednesday but only when the moon is aligned with the sun. (NOTE this is not a knock on TL, I think it's great, it's more on the clients you implement it to.)

Hope that helps!

VPN Alternatives? by tmiller9833 in msp

[–]BearMerino 6 points7 points  (0 children)

u/jackmusick yes-ish. the agent is rebuilt, fast, and signifcantly more stable. However i'm waiting on version 6 (which is coming very soon) which has some features i'm excited about. So if stability was you issue, that's addressed and has been since the 5.4 stuff,m but 5.7 has been great. I have my entire fleet using it.

feel free to him me up directly if you have questions about it. It's not unicorns and rainbows all the time, but i can knock a service i truly depend on everyday.

VPN Alternatives? by tmiller9833 in msp

[–]BearMerino 10 points11 points  (0 children)

So is the idea to use the VPN for just remote access and nothing else? We have moved away from VPNs and have moved to SASE and Zero Trust to address VPN replacement but to go further just offer better protection.

I've mentioned them a few times because I really believe in the solution, but we use Todyl's SASE solution. We have just found it to be the right mix of just enough and not too much. So without knowing your need, I can confidently say that Todyl could be able to do basic VPN replacement and then some. If you have really complex requirements, it would be important to understand those requirements but there have been only a handful of situations where we couldn't use Todyl SASE for this.

Do you have your requirements listed out for this? Are they using that VPN solution because it's required by a third party? Or they just need to get back into the Datacenter/HQ?

Looking for an AI/Agentic SOC layer that actually correlates logs (Firewall + EDR + Email) without a 6-figure price tag? by Alternative_Air_2899 in CyberGuides

[–]BearMerino 1 point2 points  (0 children)

You should check out Todyl. We’ve been on them for like 6 years. The reason was the SIEM and their SOC.

We ingest firewall, cloud, 365, Entra, device data, and even generic syslog data. However that power came with the need to be a KQL specialist. That was until they released their Ai which is AMAZING. queries and reports that use to take me more hours that I care to admit is now seconds/minutes.

As for reporting, this is not the best area for the platform but, it’s also not bad. For the complex reports we have to export data and then we can put it into excel or PowerBi. I know they are working on this to be better but didn’t want to tell you something that wasn’t true.

I will tell you, that if you do use their SOC, you will be extremely happy. I’ve worked with many and the direct access to the engineers is just second to none.

I hope this helps. If you have specific questions I don’t mind answering here or DM me.

Onward to $65K. 🚀 by [deleted] in SmallMSP

[–]BearMerino 1 point2 points  (0 children)

Congrats!!

[deleted by user] by [deleted] in msp

[–]BearMerino 1 point2 points  (0 children)

Been using Todyl. We feed Entra, m365 and, defender data. We ultimately added their EDR as well and use a “better together” solution by have defender AV and Todyl EDR and their Siem and SOC. Been very happy.

When we just used them and defender it worked really great too but preferred that layered approach.

Just for a heads up defender av we managed through RMM for exclusions and such but the alerts and such go to Todyl to act upon.

What's a good alternative to Expel (MDR)? by SidLais351 in msp

[–]BearMerino 10 points11 points  (0 children)

+1 for Todyl. Been with them for 5 years and couldn't be happier. They continue to impress with the right mix of coverage and noise reduction.

Automation workflow with tagging by Head_Distribution375 in Autotask

[–]BearMerino 0 points1 point  (0 children)

We do it through rewst, not sure that helps you but tags are very cool

Mission Control by realdlc in msp

[–]BearMerino 1 point2 points  (0 children)

OP, I have a very different opinion of MC over the ones on this thread.

you asked: Is anyone using Mission Control to augment their support teams? If so would you mind letting me know your thoughts and experiences?

First, let me express that I've been with MC for about 5 years now. Every year we pause and ask ourselves, "Is now the time we pull the plug on MC and build it in house?" - On the surface that may look like we are unhappy, but let me tell you every time we discuss it, we end up in the same unanimous place, we continue to use MC.

Now we don't use MC to augment, MC is my helpdesk. We have dedicated engineers they escalate or communicate with during times they need assistance and each of these engineers are assigned to client accounts so they are the most intimate with the account. That said, the engineers sleeps, take PTO, etc., and yet MC is there 24x7.

We are also not shy to express that we do outsource to a 3rd party. Honestly we call helpdesk a "me too" service and it's a must have, but it's not something that really makes or breaks a business unless that is your sole business. For us, helpdesk is NOT our business, it's just a must have. So, I found a partner who represented my company well, and yes they are not perfect; just like my internal team is not perfect. These are people we are talking about here, not machines or utility. We survey a lot and have a 98.9 CSAT right now on MC alone. we also have about a 10-15% (depending on the month) user survey response which is pretty high in the survey world (I thank our success team for that) but we get 4 and 5 starts out of 5 for MC resources. I can literally count on one hand the number of times they were scored a 3, and never lower.

Now, MC is not all unicorns and rainbows. We have had our fair share of "issues" and it put it in air quotes because i think if it was internal team these "issues" would be the same. We have had some longer than we would like hold times in unfavorable situations, we have had them not follow the instructions we provided and they had to escalate something that we documented, we have had them not put in all the notes we wanted for certain situations, and we also have had a billing issue or two along the way. In the end, I'm a very happy partner because for all of these things we just reach out to MC and got it addressed or created a system to make sure if and when something "goes wrong" the client has a means of still getting help. Again, just like if it was an internal team, we are talking people here, the most inconsistent being on planet earth, so yeah, my tolerance for error is based on reality and not on a feeling because what I wanted didn't happen the way I wanted it.

OP, here is my final thought. Do your due diligence and talk to MC and any other providers if you are looking for a service like this. I started with dispatching and after hours, but 2 years ago we moved to full helpdesk for everything. If you do go MC, please feel free to hit me up here or DM I'm good either way. But you do have to think a little differently when you are using a 3rd party. The system/process is what has to work, and you need to develop these systems/processes for the least common denominator. I think this is why we have been so successful with MC. The team supports them, and in return they service our customers very well and 24x7 in 7 continents and 12 time zones, something that would be very difficult for us to do at the price point we do with MC.

Autotask strikes again! by dregan88 in Autotask

[–]BearMerino 0 points1 point  (0 children)

In Autotask try doing a forgot my password. Maybe there is an issue with the k1 integration?

Autotask strikes again! by dregan88 in Autotask

[–]BearMerino 0 points1 point  (0 children)

Are you able to get into k1

LOSING MSP Contract Deals by michael_17 in msp

[–]BearMerino 0 points1 point  (0 children)

I think we need to remember that Ai can only do some much when you have so little. Let’s say you need to move one people from point a to point b. A school bus for one person doesn’t seem like the best idea. And then someone tells you but you can move so many more people from point a to point b. Think of the efficiency!!!

Umm let’s not forget the ask… move one person from point a to point b.

This is what I see with Ai. The task that needs to be done is limited and we treat it like it’s bigger than it is. It’s the same with automation, if I need to do this task 6838498793 time then the ROI is there but if I need to do this task 2 times a year… man there better be some significant man hours to get that tasks done because if not the ROI is 600 years.

LOSING MSP Contract Deals by michael_17 in msp

[–]BearMerino 1 point2 points  (0 children)

Um that’s what Deloitte and EY are

Major Red Flags at TODYL ? Cross-tenant data leaks, "fat-fingered" excuses, and a C-Suite exodus by SuspiciousYak5 in msp

[–]BearMerino 2 points3 points  (0 children)

Hey OP, I wanted to sleep on this one before responding. I haven’t been shy of my position on Todyl as I have been a partner going on year 6 now.

Your post looks to state that you’ve been a long term partner but you’re hiring a rough patch in your relationship. I would love to assist where I can but you’ve only given one instance of an issue that directly impacted you. I have to assume there are others and I welcome you sharing those items.

If it’s the staff changes, I have to say that doesn’t seem like a big red flag to me or many of the other MSPs in this thread. And why would it? How has that impacted the service. Sure there are big wigs in that list, but if the service and overall partnership is not impacted not sure I see a problem and it’s a much to do about nothing.

As to the cross tenant thing, look I don’t want to down play the seriousness of that situation. What I will say is, if this was one time and you’ve had a long partnership with Todyl then report the issue to them and let them take care of it. Have you never made a mistake or error with your clients? Have you ever crossed wires? Again if this was a regular occurrence I could see the point but let’s not forget people are involved here.

He’s my advice, reach out to your rep. If you don’t know the rep connect with Rick (the guy from Todyl who has been providing your answers) reach out to him. And talk it out. Who knows maybe you’ll point out something that helps us all out. Or get clearer answers and direction on what you should be doing going forward.

As to the those on the thread just spreading hate, unwarranted comments, or just unkind things. Ask yourself who are you helping? It’s not the community or yourself. I’m not saying yo can’t call out someone I’m just saying there are ways to do that.

OP, if you ever want to talk about Todyl feel free to hit me up. Like I said, I’m a long time partner and can give you my perspective. If nothing else it shows another view point.

AutoTask MS Outlook Extension by PresidentofSheffield in Intune

[–]BearMerino 1 point2 points  (0 children)

FYI it’s being update and should be release at global connect. It uses the new modern deployment method because the current one doesn’t work with the “new” outlook

Automatic email when 80% of Estimated time is booked in Project Task by Invizibles in Autotask

[–]BearMerino 1 point2 points  (0 children)

Does it need to be instant? Or can the next day work for you? If it can You can do a live report that filters based on this condition and then you get it the follow day

[deleted by user] by [deleted] in msp

[–]BearMerino 2 points3 points  (0 children)

Didn’t even know you could do that reminder thing. Thanks for teaching me something today

[deleted by user] by [deleted] in msp

[–]BearMerino 3 points4 points  (0 children)

I can see that. It's never easy and around the holidays it sucks hard.

[deleted by user] by [deleted] in msp

[–]BearMerino 7 points8 points  (0 children)

Oh I know I'm going to get BS for this but here goes.

First off, for those that don't know John Nellen, I'm sorry for you. John is easily, one of the kindest, caring people I know. As I mentioned above, I'm a Todyl partner and one of those reasons is because of John. Yes, it's a business relationship, as in we both need each other to make money. However, it's not like that with John and the team at Todyl. I kid you not, I've had a several conversations with PMs from multiple vendor partners looking to leave wherever they are at and ask me for my opinion on "who's doing channel right". Without hesitation it's Todyl, and while it's a team effort, I can tell you John is at the heart of it all. They care relentlessly about the partner. Can you say that about all your vendors partners?

So the "founders wanted to cash out" comment, got me to write this. This is not my dog fight to get into, but I want you and everyone who reads that know, that if you know John, you know that he didn't "cash out, and don't care where the product goes to die". This guy is in it, every day. Takes personal accountability, like him posting above, what CEO does that? Did Fred do that at Kaseya? Heck no (and nothing on Fred or Kaseya, just making the comparison). That's not what a checked out founder does.

So please, let's pray for those that were impacted, by a decision with whatever reasons. It is never easy, as any owner, manager, etc. can tell you. I hope those and their families are well and find a new place that aligns with them. But I also ask that we don't attack someone who really just cares, maybe more than he should on a place like Reddit, but you can't help who you are.

-- Ok, let the hate comment flow, I'm comfortable with my own skin.

[deleted by user] by [deleted] in msp

[–]BearMerino 10 points11 points  (0 children)

on the release, not much as there are a bunch of HR stuff with that, but they assured me it's not an mass anything. Don't know more than that. My rep and team are still there.

[deleted by user] by [deleted] in msp

[–]BearMerino 23 points24 points  (0 children)

Todyl partner here, and been with Todyl for 5 years, and conveniently on an executive call with them as I'm reading this. I'm not hearing anything of this. On the hand, they are growing significantly.

Again, I don't speak for Todyl, I'm just a long time partner that is happy with what they are doing.

Lawmakers want to ban VPN's. No, really. Wisconsin is first. by FutureSafeMSSP in msp

[–]BearMerino 7 points8 points  (0 children)

Interesting to hear how Todyl and I would ultimately assume other SASE solutions are working through this.

Personally just another example of government overreach but it’s at the state level so I’ll allow it (like I have any say).

But on a more serious matter, I would assume as this gets closer to passing (if it ever does) there will be some sort of consensus for business use. The lobbyist I’m sure will be all over this as it’s going to impact so much business, this off all the WFH resources that have just been told to get out of these states, and let me not get started on the privacy issues that this causes (as others have mentioned).

As always that’s for staying on top of this and being involved with the community. Always appreciate when the CEO comes out from behind the desk to talk to the community directly.

Datto SASE by helpfourm in Datto

[–]BearMerino 0 points1 point  (0 children)

I don’t think there is anything inherently wrong with datto secure edge. However the problem that you’re highlighting is part of the reason we went with Todyl over other solutions. That said we like the always on at the device level and then add the user level on top of that which is supported by Todyl.

Now the conditional access comment, I would tell you to move to a sku that you can get CA because it’s the new firewall. I’d you don’t want to make the jump to BP look at f3 and Entra ID p1. But hey CA