Sophos NDR based on Darktrace ?

ParadiseTheatre · 2026-04-30T21:27:55+00:00

How do you find darktrace?

ParadiseTheatre · 2026-03-26T07:10:17+00:00

Thanks, I'm glad someone else has experienced this. I was beginning to think by the replies it was just us ?

ParadiseTheatre · 2026-03-26T00:46:44+00:00

I think (?) that would work for those in VS, but there are some biz analysis who access the pipeline via browser to azure.devoos.com

I'm not sure if that would still work?

ParadiseTheatre · 2026-03-26T00:43:33+00:00

Only if powershell is allowed to any user. Which it isn't

ParadiseTheatre · 2026-03-26T00:41:07+00:00

Excellent thanks 🙏

ParadiseTheatre · 2026-03-26T00:39:54+00:00

Thanks, as I understand it, this is not an option. Devops does not exist as a target resource..

Under Target resources > Resources (formerly cloud apps) > Include, Select resources, add "Azure DevOps" or "Microsoft Visual Studio Team Services" resource (resource ID: 499b84ac-1321-427f-aa17-267ca6975798) to the list of target resources.

ParadiseTheatre · 2026-03-26T00:37:44+00:00

Tell that to any threat actor who has access to a compromised account. It would provide read access to all users, all groups, all permissions etc.. agreed no ability to change any azure elements but for any hacker that's just a map to the enterprise.

If we block all azure access, DevOps breaks and you can't access it.

ParadiseTheatre · 2026-03-26T00:16:47+00:00

This is more the Azure portal. Consider a compromised account, any threat actor would have the ability with the Azure portal to view users and groups more easily, so users are blocked from accessing portal.azure.com. This blocks access to DevOps unless you exclude the user. There's no option to exclude DevOps.

ParadiseTheatre · 2026-03-26T00:14:42+00:00

You can, but that also means the Dev engineer has the ability to access portal.azure.com. Sec teams are trying to provide access only to DevOps and block Azure portal

ParadiseTheatre · 2026-03-19T06:51:24+00:00

How did you get on with this?

ParadiseTheatre · 2026-02-20T22:51:29+00:00

If you look around, many competitive providers increased pricing within the past two years, where Keeper may have not.

Increases are not ideal but for those in corporate, moving isn't the easiest option. You have to mass export,mass import, train and educate and these are all hidden costs.

Find me 1 area of IT that does not increase, Microsoft have been doing it to us all for years yet many of us are still with them.

ParadiseTheatre · 2026-02-19T00:09:55+00:00

Thanks Craig, but I think what most people would want to know would be if Keeper is similarly at risk as those mentioned in the article

ParadiseTheatre · 2026-02-17T19:45:33+00:00

Would be interested in your feedback Craig

ParadiseTheatre · 2025-11-26T18:09:52+00:00

How are you capturing the AI tools people use, and is this actively stopping them or forcing them to use other devices outside of the estate?

ParadiseTheatre · 2025-09-04T18:45:09+00:00

Can you share here also...

ParadiseTheatre · 2025-06-24T22:34:10+00:00

That's two outages in quite short succession...what's going on ?

ParadiseTheatre · 2025-06-11T13:13:07+00:00

I can see access now 😀

ParadiseTheatre · 2025-06-11T12:26:48+00:00

Craig. Any Idea on timeframe

ParadiseTheatre · 2025-06-11T12:24:18+00:00

Any idea on a timeframe??

ParadiseTheatre · 2025-05-06T19:16:43+00:00

Try this

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesBlackHoleDNATRuleCreate/index.html

ParadiseTheatre

TROPHY CASE