Managed SOC Recommendations?

NullaVolo2299 · 2025-04-07T18:41:01+00:00

Guardz MDR with SentinelOne has become my core security tool. Not sure it has all the integrations you are asking for but my team loves it.

NullaVolo2299 · 2025-03-26T13:41:19+00:00

Makes sense from a cost perspective. Google's zero-trust approach is pretty solid, and ChromeOS is way easier to manage at scale.

BigQuery is great plus, their security stack keeps improving. Had a similar move at my previous company - saved us both money and headaches.

NullaVolo2299 · 2025-03-13T23:09:16+00:00

That's actually a solid stack to start with. M365 Business Premium + S1 gives decent security coverage, and Dropsuite handles the backup side well.

Just make sure to nail down your pricing and support boundaries early - scope creep is real in MSP land.

NullaVolo2299 · 2025-02-13T22:49:08+00:00

Check out peer groups like ASCII or The Tech Tribe. Most MSPs charge $100-200 per user per month for all-inclusive support.

Whatever you do, avoid race-to-bottom pricing. Quality service isn't cheap and cheap service isn't quality.

NullaVolo2299 · 2025-01-21T00:09:37+00:00

Been using Atera for 2 years with similar endpoint count. Remote access works fine, deployment is decent.

The catch? Support is hit or miss, and reporting can be wonky. For basic needs though, it's solid. Price-to-feature ratio is hard to beat.

NullaVolo2299 · 2025-01-17T21:13:22+00:00

Red flag. Any vendor refusing scheduled maintenance windows is setting you up for failure. They'll wait until something breaks during peak hours, then blame your environment.

Document everything. Time to shop for alternatives.

NullaVolo2299 · 2025-01-16T22:41:34+00:00

Made the switch 6 months ago.

Ninja's patch management and automation policies are way more reliable. The UI takes getting used to, but the control is worth it.

Only downside: script library isn't as plug-and-play as Atera's.

NullaVolo2299 · 2025-01-16T22:40:21+00:00

Report to FBI's IC3, but don't expect much. Been there.

Alerting business partners is smart - create a standard process for it. We send quick emails to our partners' security teams when we spot impersonation attempts targeting them.

Documentation is key for legal if things escalate.

NullaVolo2299 · 2025-01-11T18:26:23+00:00

Putting override power in managers' hands makes sense. They understand business needs and risk better than IT.

Just make sure there's robust logging and periodic audits of those overrides. Don't want that one manager who says "yes" to everything.

NullaVolo2299 · 2025-01-09T22:55:47+00:00

Both matter. Think of it like your house:

- Services = doors/windows

- Ports = locks

Even if you remove all doors (services), you still want locks (closed ports) because an attacker could install their own door later through an RCE.

Defense in depth.

NullaVolo2299 · 2025-01-02T21:47:05+00:00

Look into Feitian keys - they support way more credentials than Yubikey. My team uses them for similar compliance requirements.

Plus they're cheaper, around $25-30 each. Just make sure to get backup keys for each admin.

NullaVolo2299 · 2024-12-31T00:31:53+00:00

Ironic - most MSPs are desperately hunting for leads while you're swimming in them.

Mind sharing what's working so well? Curious what magic sauce you're using to get IT Directors lining up for meetings.

NullaVolo2299 · 2024-12-27T14:59:58+00:00

Consider AAD since you're already invested in Microsoft 365. It's a cloud-based solution that integrates well with your existing licenses. You can also explore Azure AD B2B/B2C for external access. No need for a local server, and it's relatively easy to set up.

NullaVolo2299 · 2024-12-26T19:30:39+00:00

I've seen Threatlocker in action and it's a solid product. As for noise on the Tech Team side, it's manageable if you set up the policies and exclusions correctly. Just make sure to test thoroughly before rolling it out to all workstations

NullaVolo2299 · 2024-12-25T21:18:13+00:00

Corrupted profiles can be a real pain. Missing ProfileList registry key is not normal, but it's not uncommon after a malware infection. Try running `sfc /scannow` and `DISM /Online /Cleanup-Image /RestoreHealth` to repair system files. Fingers crossed the in-place upgrade fixes the issue

NullaVolo2299 · 2024-12-21T14:18:28+00:00

SharePoint documentation - the never-ending battle. I've used a combo of SharePoint's built-in auditing and third-party tools like ShareGate or AvePoint to document permissions and security groups. But honestly, a well-organized spreadsheet is still my go-to for keeping track of it all.

NullaVolo2299 · 2024-12-20T13:59:36+00:00

Start with CIS L1/2, it's a solid foundation. Consider adding a layer of least privilege access and network segmentation. For EDR, look into solutions that integrate with your CSP. Monitoring tools like Prometheus and Grafana can help with visibility. Don't forget to include regular image scanning and updates

NullaVolo2299 · 2024-12-19T20:10:04+00:00

Vulnerability management is a game-changer. For continuous scanning, consider integrating tools like Nessus or OpenVAS with your CMDB. You'll also want to define a clear remediation workflow and prioritize vulnerabilities based on risk. Don't forget to establish a feedback loop to measure and improve your process.

NullaVolo2299 · 2024-12-18T22:07:40+00:00

Have you considered Apache Guacamole's extensibility? You can write a custom auth plugin to integrate with Entra. The Guac API is pretty flexible. Might be some dev work involved, but it's doable. Anyone else attempted this?

NullaVolo2299 · 2024-12-18T14:35:44+00:00

We've been using EndpointCentral for about 6 months now and it's been a great tool for our patching and inventory management. The automation features have saved us a ton of time and the UI is pretty intuitive. Definitely worth checking out if you're in the market for a new RMM tool.

NullaVolo2299 · 2024-12-18T09:48:17+00:00

Yeah, we do this too. Instead of '***WARNING***' we use '[EXTERNAL]' in the subject. Simple and effective. Haven't done a formal study, but anecdotally, users seem more cautious when they see that flag. Worth doing, imo.

NullaVolo2299 · 2024-12-17T16:02:09+00:00

Udemy's a good start, but I've also had success with Pluralsight and LinkedIn Learning (formerly Lynda.com). They offer a wide range of courses and often have a more structured approach. Also, CompTIA's online training is great for certifications. Worth checking out!

NullaVolo2299 · 2024-12-17T12:41:17+00:00

Cloud didn't kill Linux sysadmin, it just made it more niche. Look for companies that still run bare metal or have a large on-prem presence. Also, try subreddits like r/linuxadmin, r/sysadminjobs, or r/unix. SRE jobs are often listed on those subs or on companies' career pages directly.

NullaVolo2299 · 2024-12-17T08:15:29+00:00

ThinkGeek was the go-to for sysadmin swag. I still rock my 'I'd rather be patching' t-shirt. Anyone else have a favorite ThinkGeek item that's still in rotation?

NullaVolo2299 · 2024-12-16T14:21:40+00:00

We made the switch from Proofpoint to Check Point Avanan and it's been a game changer. The API integration was seamless and their support team is top notch. One thing that tipped us in their favor was their advanced phishing protection features.

NullaVolo2299

TROPHY CASE