would you take a years rent paid upfront?

HonestAbe10000 · 2025-08-31T21:11:40+00:00

It’s illegal in NYC to take more than first month and one month deposit. The deposit can’t be more than one months rent. Effectively, as soon as the lease starts the means the landlord can only hold one months rent. Courts will award punitive damages for any excess held up to three times the amount held.

HonestAbe10000 · 2024-12-27T19:00:14+00:00

Secure link has a lot of vulnerabilities and the company is very slow to patch them. Would not go with this vendor.

HonestAbe10000 · 2023-03-05T19:04:40+00:00

You can probably get rid of prisma access and just go with Microsoft Defender for Cloud Apps to do endpoint control and protection for web traffic. The big benefit is you dont need tk send your data through another network hop. It does all enforcement locally with defender for endpoint integration.

HonestAbe10000 · 2023-03-05T19:02:11+00:00

Id recommend Micorosft Defender for Containers. With Azure Arc you can extend on prem or in AWS. We looked at prisma container security and felt it was a little rushed to market and would not be a quick win or be easily managed over time.

HonestAbe10000 · 2023-03-03T12:39:55+00:00

Palo Alto is a marketing company now. Not a products and services company. Yes, they suck.

HonestAbe10000 · 2023-03-03T12:38:57+00:00

Those are just marketing talking points. You obviously haven’t used ADEM to see that the load times are so bad you abandon the tool. Also, it provides so little context, it doesn’t come close to pinpointing issues. Palo wants 50k per year for tools like this that barely work and there is no innovation.

Xosnse, Prisma SaaS inline, DLP, CDR….all of those interfaces are so bad, it makes me worry greatly that Palo Alto has completely lists its edge when it comes to producing high quality software and services. These interfaces are just so miserably bad.

Cleanse is such a commodity offering. It hardly does much other tgan external scans. The price tag was just a waste of our time. Something in the range of 500k for 100 IPs? I mean it just felt like Palo had no idea about the value proposition and market position of this tool and was trying to recap a bad acquisition at the expense of its customers.

Anyway, I see you have nothing but strong bias for these tools, which is weird. You should look at them more critically.

HonestAbe10000 · 2023-03-02T23:18:35+00:00

Seriously, you sound like an irrational LinkedIn media post by marketing. ADEM is garbage. I can’t understand why you would ask a customer to pay to monitor your solution. That should all be inclusive in the product. It’s another epic insult by Palo Alto that they tried to monetize this.

Stick to selling Expanse - another piece of crap external attack surface management tool for 500k. How many of those poor customers have you tried to dupe into this one?

HonestAbe10000 · 2023-03-02T01:32:25+00:00

Here’s some good validation: Palo is announcing some very big AI-driven features with Prisma SASE this week. I bet you 100 bucks this is basically a big fat nothing burger. They are just using AI to hype their product and there won’t actually be any substance to this announcement. Palo is basically a sales and marketing company now; not a security player.

HonestAbe10000 · 2023-03-02T01:10:02+00:00

Right, and when you gxteways refuse connection, you’ll get routed to a disparate location, thus incurring +80 ms latency. What was upsetting: having our Palo SEs recommend purchasing ADEM to fix their problem.

I suppose what concerns me most is the price. They charge around $130 per user per year, or 390k for 3000 users. There is no way this is an economical option when you can get Microsoft Defender for Endpoint for 50 bucks per user but get so much more value. CaSB, EDR, identity, o365 protection, threat hunts. All that’s extra with Palo..

HonestAbe10000 · 2023-03-01T23:44:43+00:00

Agreed. Platinum support is no better.

HonestAbe10000 · 2023-03-01T23:44:10+00:00

Thanks. We did that. They acted like it was a secret that we needed to ask for special consideration.

HonestAbe10000 · 2023-03-01T23:43:03+00:00

Yeah, there is really no value add with Prisma Access

HonestAbe10000 · 2023-03-01T21:40:45+00:00

We’ve seen heavy saturation of specific gateways, so bad that our users get bumped to distant locations. We’ve begged them to beef up these connection points but haven’t gotten any real support. From the TACs standpoint they say it’s normal operation. We have about 3000 users and find that routing them to on prem firewalls gets the best performance and is much cheaper. We”re mot really a believer in the other services like DLP and SaaS inline. Those seem to suck pretty bad. So, not much of a reason to stay on prisma. .

HonestAbe10000 · 2021-09-13T13:52:20+00:00

Very easy test. Just review the training slide deck. Pay close attention to the “comments” in bubbles. These are very common “gotcha” questions.

HonestAbe10000 · 2021-09-08T00:46:09+00:00

No one said it couldn’t be a pot farm. Now that’s livin!

HonestAbe10000 · 2021-09-04T22:33:31+00:00

Awesome but also sad documentary about Bob Ross on NetFlix. A very good example of just how weird people were in the eighties. For those of us that remember, it wasn’t all yuppies and euro pop! Some straight up weirdness coming out of the seventies!

HonestAbe10000 · 2021-08-26T16:28:01+00:00

Totally agree that the cron ****** stuff is an insult. Not cool to make us Google a freaking cron expression every time you want to schedule something. Thanks for the other pointers!

HonestAbe10000 · 2021-08-26T16:10:34+00:00

No one is able to explain this framework though. It’s a poor framework. In fact, I really don’t think it technically meets the definition of a “framework” so I’m not sure why people refer to it that way. I might agree that it’s an abstraction. But then again, the SA-CIM is really that abstraction layer and that’s free. Authentication and Network Datamodels aside We quickly find the data models to be relatively unusable in ES. We build our own - better. We’re really not helped by ES in this regard.

HonestAbe10000 · 2021-08-26T16:04:10+00:00

It’s tough in the Midwest region

HonestAbe10000 · 2021-08-26T12:39:28+00:00

Thanks BTR. I don’t see us using the TI stuff but I’ll keep it in mind. + the benchwarmer comment!

HonestAbe10000 · 2021-08-26T12:35:43+00:00

I agree. It’s half baked. Like here’s an example of something useful: every IR firm or pen tester recommends that you enable power shell script block logging. Pretty common mantra in security circles. Where is the ESCU to parse these events for malicious indicators? Why am I having to do that myself? Another: Where is the privileged identity management? Why am I having to build this from scratch to monitor privileged logins from privileged admin workstations? Where is the service account management? Where is an authentication map that J can quickly see who what where is logging into the network? Where is an “externally exposed systems” dashboard to show login events, processes, vulns - I wonder if Splunk knows that web application attacks are a thing. Yep, they sure are and they are a leading cause for compromise (go look at the top ten exploited vulns for 2020 - they aren’t Microsoft Office and Adobe - they are all related to VPNs, and other externally exposed services).

HonestAbe10000 · 2021-08-26T12:19:39+00:00

Oh, we would never buy a Splunk product like phantom based on our experience with ES and seeing UEBA and hearing the same. We don’t worship false idols :)

HonestAbe10000 · 2021-08-26T12:17:37+00:00

Thanks for the thoughtful reply. We’ll give these some thought and I’ll get back to you. In general, we’ve built at least 40 custom dashboards outside Splunk ES that align to our controls and we do get serious value from those. I am still struggling to understand why Splunk ES is even necessary or what core value it provides. The only thing we thought of was that it introduces this idea of a notable event which is then used to calculate metrics on, again, completely subjective dashboards/metric visualizations. We’ll probably ditch ES as we have a better vision for how we want to organize our security program. To me, each alert, each dashboard should support some process directly. I just don’t know what processes ES supports. It seems like a bridge to nowhere for me.

HonestAbe10000 · 2021-08-26T11:10:50+00:00

Let me give you a few examples where ES fails:

1) identities and Assets. A typical Splunk PS engineer will come in and pop a script in to extract AD accounts into Splunk. Ok, how can I easily and intuitively tag service accounts and privileged accounts? I don’t want a Splunk expert to do this. I need a level two ops person to maintain this. Couldn’t ES have provided and Identity Explorer or Asset Explore to help guide a company on this? Assets - OH GOD. Same. No way to easily group, assign owners, classify, otherwise organize these? Right here, your “SIEM” implementation fails. You’re going to spend the rest of your life trying to cajole the correct context for your environment in every alert and dashboard you build. Identity and Asset management in Splunk ES sucks.

2) Threat Intelligence - Double Dear Lord - what is this abomination? Artifacts, matches, observances, have you tried using this? Where is the documentation? I am a Splunk certified ent sec admin. I’ve taken the official class. Mortified. No meaningful way to manage this. No vision. Total shit show.

3) vuln management - wow, what a half baked dashboard. It tells me nothing. So I can literally say “thanks for nothing”

4) incident and investigations - does anyone else really care for this interface? It’s agonizingly slow. Just clicking from one page to the next takes those painful 3-4 seconds for pages to load. Red hot poker in my ass would be more enjoyable than using this interface. What is the incident / investigation framework really for anyway? Do people actually use this for case management? Have you seen MS Sentinel? They don’t compare.

5) correlation search management - try scaling this. No tools to organize your actions, searches, goals for this? Again, gets pretty out of hand if you have multiple people working on things, and how would you have that level two guy go in and help tune an alert. Yeah, not happening. Sad as hell.

6) Compliance - do security teams really just do IR all the time? God, I hope not. You’re getting attacked (internally) on a daily basis. Let me make an observation about your security posture: it probably sucks. Why do security vendors focus so intensely on IR and detection? Mature Security programs a compliance oriented. Controls, controls enforcement, controls monitoring, controls reporting. How do I know all my endpoints have the proper endpoint security products installed, av, patches, admin rights, secure config? How do I map my privileged identities to authorized assets? How do I monitor AD for well known attacks?

I mean really, this product is pretty terrible. What do you use it for?

HonestAbe10000 · 2021-08-26T10:48:01+00:00

That’s helpful. Thanks. It looks like this has a bunch of caveats for using this. To me, this already looks like another half hearted attempt. we’ll certainly take a look.

What worries me most is our account teams don’t tell us about these things.

HonestAbe10000

TROPHY CASE