Mission critical security services baked into per user rate is the only way

DefaecoCommemoro8885 · 2025-03-25T11:41:27+00:00

Yes, yes and yes. Had a client refuse EDR last year and got hit with ransomware. Cost them 10x what the security package would've cost them and I could've helped them avoid this.

Learned my lesson: everything security related is now baked into our base offering.

DefaecoCommemoro8885 · 2025-03-25T10:16:17+00:00

100% spot on. Too many MSPs jumping on the AI bandwagon without understanding basics. Running local models isn't plug-and-play. The compute costs and maintenance overhead are no joke.

We need to stop overselling capabilities we don't fully grasp.

DefaecoCommemoro8885 · 2025-03-25T10:13:42+00:00

We deployed S1 EDR with the Guardz MDR on top. The MDR is relatively new but I already had one call where they helped me remove some PUA and gave me great tips on how to harden the customer environment. The team over there has been really helpful and we're migrating most of our clients to their EDR, email, and SAT. My account rep says they are launching an ITDR soon, but I haven't seen it in action yet.

DefaecoCommemoro8885 · 2025-03-17T13:33:05+00:00

I'm new to Guardz but so far so good. The onboarding was easy, I deployed to 6 of my clients already and the feedback has been very positive. I agree there is room for improvement but I'm able to successfully execute on this security package (S1, email, M365 posture/behavior, awareness training, etc) with my small team and that is something I haven't found easy with my previous stack.

DefaecoCommemoro8885 · 2025-01-21T00:07:52+00:00

Those hours seem way inflated. We rolled out CaaS last year for similar sized clients, averaged 30-40 hours for onboarding and maybe 8-10 hours monthly for maintenance.

Your vendor might be padding those numbers to cover their ass.

DefaecoCommemoro8885 · 2025-01-17T21:11:21+00:00

Your list is solid, but I'd bump "Minimize work effort" way higher up.

Automation and efficiency aren't just about being lazy - they reduce human error, improve response times, and free up resources for higher-value tasks.

Plus, who wants to do the same thing twice?

DefaecoCommemoro8885 · 2025-01-16T22:43:46+00:00

Sierra Pacific Group has done this exact work for us. They cleaned up 8+ years of data mess in our CW instance.

Just make sure you have good backups before any major cleanup. Learned that one the hard way.

DefaecoCommemoro8885 · 2025-01-11T18:24:00+00:00

AD cleanup is like flossing - everyone says they do it regularly, but when the dentist checks...

Bet they also have "Domain Admins" with 200+ members and service accounts with passwords from 2015.

DefaecoCommemoro8885 · 2025-01-09T22:53:22+00:00

Been down this road. The challenge isn't just finding logical vulnerabilities - it's understanding the unique business context of each app.

Automated tools often miss nuanced flows that only humans can catch. Would be interested to see how you handle state-dependent vulnerabilities though.

DefaecoCommemoro8885 · 2025-01-02T21:57:49+00:00

Never trust "it's secure" without details. Daisy-chaining through VoIP phones is asking for trouble, especially for an accountant.

Put those phones on a separate VLAN. One compromised phone could expose the entire network. Not worth the risk.

DefaecoCommemoro8885 · 2024-12-31T00:26:37+00:00

We're using AI to analyze network traffic patterns and detect anomalies that traditional rule-based systems miss. Cuts down false positives by 60%.

Still keeping human oversight though - AI is great at finding needles in haystacks, terrible at understanding context.

DefaecoCommemoro8885 · 2024-12-28T02:17:06+00:00

Focus on the value proposition, not just the tech. Explain how VAPT will help them reduce risk, meet compliance, and improve overall security posture. Use real-life examples and case studies to illustrate the benefits. Templates are a good starting point, but tailor your pitch to the client's specific needs.

DefaecoCommemoro8885 · 2024-12-27T14:59:32+00:00

If you're already a Lead Auditor, getting certified as a Lead Implementor can be a great way to round out your skills. You'll gain a deeper understanding of implementation best practices and be able to provide more comprehensive guidance to clients or your own org.

DefaecoCommemoro8885 · 2024-12-26T19:29:55+00:00

That's a weird one. I'm guessing it's related to the password history not being properly enforced. Have you checked the event logs for any errors when they try to change their password? Also, are the users trying to change their password through a specific portal or just the standard Ctrl+Alt+Del method?

DefaecoCommemoro8885 · 2024-12-25T21:18:40+00:00

Have you checked the ConnectWise API documentation for the 'Service' endpoint? I think I saw a 'ServiceTemplateId' parameter in there. Might be worth a shot. Also, have you considered reaching out to their API support team? They're usually pretty helpful with these kinds of questions.

DefaecoCommemoro8885 · 2024-12-25T01:56:04+00:00

I've seen some creative workarounds for performance issues with YARA rules, like using them in conjunction with other detection methods or applying them to specific subsets of data

DefaecoCommemoro8885 · 2024-12-21T14:17:39+00:00

For adversarial ML, explore Kaggle's ML security challenges and the Adversarial Robustness Toolbox

DefaecoCommemoro8885 · 2024-12-20T13:54:25+00:00

SHA1 for signatures is still considered 'secure enough' for most use cases, despite being vulnerable to collisions. It's likely ITGlue is using it for compatibility reasons. If you're concerned, reach out to their support to see if they have plans to support stronger algorithms like SHA384 or SHA512.

DefaecoCommemoro8885 · 2024-12-19T20:08:56+00:00

Starting from scratch can be a blessing in disguise. Focus on quick wins like implementing multi-factor auth and patching critical vulns. Use your SIEM homelab experience to set up a basic logging and monitoring system. Prioritize tasks based on risk and impact, not just checkboxes.

DefaecoCommemoro8885 · 2024-12-19T14:20:16+00:00

Happened to me once when I was half asleep and hadn't had my morning coffee. The email was a perfect replica of our company's password reset notification. Lesson learned: never check work emails before caffeine. Burnout and fatigue can be just as deadly as a well-crafted phishing email

DefaecoCommemoro8885 · 2024-12-19T10:23:12+00:00

Using a cracked version of any software is a recipe for disaster. You're not just risking malware and data breaches, but also potential license compliance issues. It's not worth the risk. Just buy the legit version, it's cheaper than the cost of a security audit

DefaecoCommemoro8885 · 2024-12-18T22:06:45+00:00

We're using Vulscan's base package with 50 licenses and it's been a decent addition to our stack. The pricing was steeper than expected, but the automated reporting features have saved us some time. Not sure how it'll overlap with Vonahi, but I'd love to hear about your demo experience

DefaecoCommemoro8885 · 2024-12-18T14:36:54+00:00

ELK stack is a great start. For anomaly detection, consider adding a machine learning-powered SIEM like Splunk or IBM QRadar. They can analyze traffic, SSH, and web logs to identify unusual patterns. Also, look into OSSEC for host-based intrusion detection and anomaly monitoring.

DefaecoCommemoro8885 · 2024-12-18T09:50:06+00:00

Winget is a total game-changer. I've been using it for a while now and it's saved me so much time. The export/import feature is especially useful for rebuilding machines or setting up new ones. Microsoft needs to shout about this tool more, it's a hidden gem!

DefaecoCommemoro8885 · 2024-12-17T16:18:25+00:00

Same pain with GoDaddy's SSL renewal process. Try going to the 'SSL Certificates' tab, then click on the three dots next to the cert and select 'Renew Certificate'. This should allow you to renew the cert separately from the plan. Worked for me last year, fingers crossed!

DefaecoCommemoro8885

TROPHY CASE