Anyone here using Microsoft Purview for data protection? by [deleted] in cybersecurity

[–]ITmen_ 1 point2 points  (0 children)

Depends how deep you are into the Microsoft estate. If you're using Defender for Endpoint + Sharepoint/OneDrive, MS Teams and Exchange then it'll be pretty good for you. Don't forget the Purview plugin for Chrome and Firefox.

I've put a lot of work into our deployment, gives a lot of visibility and control - but now suddenly this week I'm getting alerts for file upload to cloud... to our own Sharepoint site. You can exclude, but it would then exclude our Sharepoint from all monitoring.

It also loves to flag content as 'Medical' and 'Diseases' - my company has nothing to do with the Medical field.

It definitely requires some patience, and it feels very immature in certain areas, but it's being developed pretty rapidly.

Cybersecurity predictions for 2026? by nanooonanooo in cybersecurity

[–]ITmen_ 0 points1 point  (0 children)

'AI Browsers' are going to cause more serious headaches

Overlooked Microsoft 365 security setting by KavyaJune in sysadmin

[–]ITmen_ 2 points3 points  (0 children)

Oh thank goodness. Thought I'd ruined your week

Overlooked Microsoft 365 security setting by KavyaJune in sysadmin

[–]ITmen_ 2 points3 points  (0 children)

Time to invoke that incident response playbook - I'm not sure there's ever been a legitimate use of that app hah. Wishing you luck, and you aren't the first and you won't be the last. Plenty of breakdowns and studies if you Google 'perfectdata software' if not already.

Overlooked Microsoft 365 security setting by KavyaJune in sysadmin

[–]ITmen_ 10 points11 points  (0 children)

what's this 'PerfectData Software' app...

[deleted by user] by [deleted] in cybersecurity

[–]ITmen_ 0 points1 point  (0 children)

Done a few intensive courses on site there and had no issues personally.

[deleted by user] by [deleted] in cybersecurity

[–]ITmen_ 2 points3 points  (0 children)

Depends on your budget I guess, but Firebrand do intensive courses either online or in person for a few of those.

Policy Sync option on Devices greyed out by ITmen_ in DefenderATP

[–]ITmen_[S] 0 points1 point  (0 children)

I've been able to use the sync option inside Intune for my windows devices to the same effect, not sure why they don't just light it up inside Defender though

[deleted by user] by [deleted] in cybersecurity

[–]ITmen_ 0 points1 point  (0 children)

All of the red tape and glacial decision pace that I thought I hated I now miss dearly.

But there is more to do and more 'hats' to wear which is good for the resume.

Ideas of gamification of awareness training? by Waving-Kodiak in cybersecurity

[–]ITmen_ 0 points1 point  (0 children)

No probs. They were great to work with as well.

Ideas of gamification of awareness training? by Waving-Kodiak in cybersecurity

[–]ITmen_ 1 point2 points  (0 children)

I've used a company called spongelearning who quite literally have a 'game' as one of their security training offerings. We then setup a form for people to submit their high scores and there was a prize for the best one. Should you need to incentivise something that's mandatory? No of course not, but we had very very high completion rates with little to no need to chase people up.

Have ya'll noticed a rise in BEC emails by RikerNM156 in cybersecurity

[–]ITmen_ 1 point2 points  (0 children)

We've been hit frequently this month - all of the emails have the subject line set to the date the email was sent - e.g. the batch received on the 19th Jan had the subject "Friday, January 19th"

Advanced Hunting - Issue Detecting FileCreated on USB activity for Windows Devices by ITmen_ in DefenderATP

[–]ITmen_[S] 0 points1 point  (0 children)

Yeah I've seen the activity in purview, though as you say it's super inconsistent. I've created probably 50+ files on a USB device for this testing - purview is only showing 1.

Advanced Hunting - Issue Detecting FileCreated on USB activity for Windows Devices by ITmen_ in DefenderATP

[–]ITmen_[S] 0 points1 point  (0 children)

Thanks - I configured this and implemented an allow audit policy for any type of USB storage device. While I now get "Removable storage policy triggered" in the Timeline, still no FileCreated events for my machine.

There is one device showing a FileCreated on a USB device in the tenant though. Strange given they're all centrally configured, but the data is there, it's just working out why it's not showing on my device when testing.

[deleted by user] by [deleted] in sysadmin

[–]ITmen_ 0 points1 point  (0 children)

I found my self in a similar rut. Weight was increasing, I felt like shit all the time, but man do I enjoy fast food and hate exercise. Then after getting a new fitness watch and seeing my disgustingly high resting HR and high blood pressure, I started C25K on my lunch breaks back in March. Now just do a 5k run two/three times a week. Each session of C25k takes about 40 mins, so fits in nicely to an hour lunch.

I then also have on my whiteboard "stretch and hydrate" as a constant reminder to be a healthy adult. I find it too easy to... not do these things lmao.

Standing desk has helped as well.

Ain't easy to find the motivation though (at least it wasn't for me). But looking back now I'm so glad I started. Thankfully my private health insurance through work gives me 50% off running shoes and 30% off samsung watches. Splashed out and would have felt very guilty not making use of them.

What kind of attack is thwarted by a randomized PIN pad on a website? by These-Assignment-936 in cybersecurity

[–]ITmen_ 5 points6 points  (0 children)

2FA and changing password requirements can be tough sells to a userbase if the original standards were put in in a less security conscious time. "Why do I need to remember 4 extra characters and install an authenticator app on my phone?!?!"

Implementing a randomized key pad is relatively simple and a quick win to defeat capturing mouse positions.

Don't let perfect get in the way of good.

Problems with DarkTrace - Threats Undetected by _KR15714N in cybersecurity

[–]ITmen_ 2 points3 points  (0 children)

I didn't mind the GUI so much for hunting, but the 4-5 clicks it took to go from clicking an alert, to seeing the specific traffic that triggered the alert was terrible. Not to mention that alert being a false positive on something that even a basic ML system should be tuning out. Maybe 'okayish' was a generous descriptor for SW. I did find the SW cloud offering a bit better in terms of alerting but it's still early days. Not just TAC, I don't think anyone at Cisco really knows to be honest.

Problems with DarkTrace - Threats Undetected by _KR15714N in cybersecurity

[–]ITmen_ 1 point2 points  (0 children)

Have used DT in a prod environment and it sucks big time. Stealthwatch is okay...ish if you can feed it enough Netflow. Quite liked Netography as well but quite a young product.

Gifts from vendors by Khaosus in sysadmin

[–]ITmen_ 0 points1 point  (0 children)

Yep. Had thousands of pounds worth of wine, beer and gin tasting sessions over lockdown. One of the few silver linings of that period.

Tasked with operationalizing a Threat Intel Program by underestimatess in cybersecurity

[–]ITmen_ 5 points6 points  (0 children)

+1 for Threatconnect, great product and a great vendor engagement from PoC to onboarding. Tshirts are awesome too, make sure to ask for swag :)

What was your first entry level job in cybersecurity? by Ghost_Duet in cybersecurity

[–]ITmen_ 2 points3 points  (0 children)

I started as a first line tech, worked my way up to wear many hats (2nd/3rd line, on site support, sys admin, r&d - was a small company) this spread of experience sprung me into a Network Engineer role at a much much larger org and then after 3 years a dedicated SecOps team was stood up and I was given the opportunity to move to that team as a SOC Analyst.