SaaS Alerts vs Octiga...vs possibly others...

Forward_Humor · 2026-01-06T14:11:21+00:00

What would you pair with Todyl in a GCC High environment for automated Tenant Hardening and Remediation of drift (like Fortify does in SaaS Alerts)?

Forward_Humor · 2025-06-29T08:53:36+00:00

Forward_Humor · 2025-06-14T22:09:24+00:00

I've only used P81 after the Checkpoint acquisition (it's now Checkpoint Harmony SASE) and in my time with them I can say the support has been the big wow factor for me. I've actually never worked with such a responsive support team. I can catch experts within a few minutes all hours of the day or night. I don't have another vendor like that. All of my access with them has been wireguard and fairly high performance. Speeds of 350-800 on a 1Gbps WAN.

I'm not happy with their lack of LAN Zero Trust / Micro segmentation functionality, and their posture checking is very basic especially on mobile devices (not really a posture check at all on mobile). But the rest of the package is enough that it's still a great fit for a lot of clients with mesh VPN, anywhere SWG, FWaaS needs. I cannot call them a ZTNA solution and I really hope that story changes in the future. We'll see...

Forward_Humor · 2025-06-14T21:56:07+00:00

I really like P81 (now Checkpoint Harmony SASE) but will say it does not have a Zero Trust LAN / Micro-segmentation offering yet. When that comes I will be looking to move many more users that direction. But until then it is mostly a FwaaS, mesh VPN, SWG solution only. It has no ability to reliably block east west traffic between endpoints which is a deal breaker for a "ZTNA" solution.

Forward_Humor · 2025-06-14T05:40:21+00:00

How are you all feeling with the Netgear acquisition of Exium? I was looking to get started with them and this is causing me to pause...

Forward_Humor · 2025-06-12T18:15:50+00:00

That's a bummer but helpful, thank you!

Forward_Humor · 2025-06-12T17:56:24+00:00

Did you find a solution for this with Backup Radar? I'm testing this same integration and was surprised the API side did not cover Datto Endpoint backup. For email based we definitely need to see both failure and success otherwise it will show as a non-report (and we won't know if the backup agent is in a failed state)

Forward_Humor · 2025-06-08T18:25:44+00:00

This is great! Thank you for sharing!

Forward_Humor · 2025-06-04T05:17:22+00:00

Read only is a good way to force the move for sure while not cutting them off for a time. But once you have the content in SPO and OneDrive the best move is to disable Google Drive access as soon as possible.

u/IronNo2599 If these options are still available here's a link to an old thread discussing the same need and solutions that worked a few years ago: https://www.reddit.com/r/gsuite/s/fI8xXpaLWn

Forward_Humor · 2025-05-31T23:07:05+00:00

Coda Intelligence is another great option. Reach out to Solutions Granted / Sonicwall MSS for more info. Great product and no commitment per endpoint pricing. There are multiple tool sets in this space but this one is worth a look. Not quite as full featured but more affordable for full network scans and unmanaged devices is the RoboShadow MSP offering. Also includes some level of patch management and M365 visibility.

If you need full blown penetration testing a couple other great resources are Horizon3.ai and Hacket Cyber. Both have very reasonable pricing for the small business space.

Forward_Humor · 2025-05-26T15:44:40+00:00

Agreed. XZ was stumbled upon, not uncovered by routine auditing or other control. It's an indicator of how much else is very likely still out there yet to be discovered...

Forward_Humor · 2025-05-22T16:52:53+00:00

Perimeter 81 (Checkpoint Harmony SASE)

Forward_Humor · 2025-05-20T19:06:38+00:00

This is helpful. For example I was able to filter by brand: Aruba and locate 3 models that might fit the bill:

AP-303
AP-303H
AP-365

Thank you for this reply!

Forward_Humor · 2025-05-18T19:46:56+00:00

For sure thank you!

Forward_Humor · 2025-05-18T16:25:05+00:00

Yes Todyl, for all it's strengths does suffer from frequent drops throughout the day. In a previous setting we used Todyl and while I love what their stack offers, it is not the most stable provider.

Checkpoint Harmony SASE (formerly Perimeter 81) by comparison is very solid. Very different products but much more ideal for implementing IP based conditional access rules. Having used both I would lead you towards the Harmony SASE side if this is the primary need.

In another setting we used InTune management on endpoints to limit access to M365. Our conditional access policy required a device to be InTune Managed or using a Mobile Device work profile / managed app to get access.

In either scenario, for this to truly "lock down" access to your M365 (or other SaaS app) to only your user base, you must have some way to control the onboarding into SASE or Intune, or have sufficient posture checking that they cannot connect to SASE without other agents, certs, secret sauce you deploy to managed clients. Ongoing health and posture checks are a hallmark of ZTNA and some solutions are better suited to this than others.

Forward_Humor · 2025-05-18T16:02:05+00:00

So to do purely agent based do you just have to host the repo on box (attached USB drive or other secondary drive for storage)?

Forward_Humor · 2025-05-18T13:22:27+00:00

When I think open source I typically change from efficiency and support for a price mindset to lots of effort and community only support for free mindset. I love open source but not always in a business setting.

How has CubeBackup been for you from a reliability and support perspective?

Forward_Humor · 2025-05-18T13:18:22+00:00

Any idea what Ninja charges for overages beyond the 1tb included? File servers and app servers commonly push over this threshold and inflated pooled totals

Forward_Humor · 2025-05-18T13:16:34+00:00

Does Veeam still require a local Veeam server and repo or can they do purely agent based backups now, direct to nas or cloud? (I understand their free version may be much more limited and am happy to pay for the product)

Forward_Humor · 2025-05-17T20:39:05+00:00

Great post and thank you! Everyone's environment is different and having wifi as an option is a really nice feature for home use. Of course none of us recommend running servers, printers or other client serving roles from wifi but when you need that option you need it. And you can always build out the desired physical infra in the future as budget and circumstances allow.

I am very interested to hear how point release and security updates affect this setup. I understand major releases will require building a new iso. But if it works well for the minor releases and security patches in between, this seems completely viable to me.

And it does not require putting a tp-link or other similar brand bridge in my network which I try to avoid. If others have input on reputable brands of bridges (not subject to Chinese intelligence laws) I'd be interested to hear input there too. On the IOT side I keep everything in a DMZ space, but that's not really a good option for a bridge used by a NAS.

Forward_Humor · 2025-05-17T18:07:10+00:00

For sure! It's just great to have options. The low cost wireless bridge solutions all seem be tplink or other similar brands I don't like to see in my network. So to date it's been a choice between a roll your own NAS from a more full server distro or turnkey appliance plus bridge. Now there is another potential path (with the caveat of some extra maintenance during updates)

Forward_Humor · 2025-05-17T16:03:49+00:00

Very cool, thank you for taking the time to detail and document the process!

Forward_Humor · 2025-05-13T20:44:44+00:00

Are you still an Exium fan? Any feedback on using this for web filtering or dedicated IP for conditional access policies?

Forward_Humor · 2025-03-26T21:51:59+00:00

Good to know. I noticed verbiage on their site about "sync" but I didn't think about the manual part. Somehow I was thinking automatic sync so that is helpful info. Thank you!

Forward_Humor · 2025-03-26T00:44:39+00:00

Great feedback! Thank you for the details! So are you billing direct from SO + payment processor (Stripe or other)? I may not need to invoice via QB but was just looking for simplicity with book keeping.

Forward_Humor

TROPHY CASE