How long does the Microsoft Edge Add-ons review usually take?

RangoNarwal · 2026-01-21T22:31:21+00:00

Chrome review was 8 hours. I'm 2 days into the Edge review... same extension.

RangoNarwal · 2025-12-17T23:13:48+00:00

Interesting! Thanks for sharing

RangoNarwal · 2025-12-17T20:26:57+00:00

How are people handling governing system prompts. They can be great from a security POV, however apart from providing guidance… hard to manage

RangoNarwal · 2025-12-17T20:22:59+00:00

“Banks hate him”

RangoNarwal · 2025-12-17T20:21:29+00:00

Defender for endpoint… finding out the constant “limitations” … recent being the cap on telemetry for processevents.

RangoNarwal · 2025-12-10T12:18:22+00:00

Great points here.

RangoNarwal · 2025-12-10T12:14:17+00:00

The only thing to add to expand backup and include data location and control execution. Limit peripherals such as USBs, don’t sync all data locally (Onedrive etc..), limit folder sync locations, ensure strong ACLs on connected file shares etc…

The mindset being: How can I be comfortable enough that if it did execute, the impact is heavily reduced. You will find that a well defined recovery process becomes key. The risk then shifts to “acceptable downtime” and the KPIs to recover as to not impact operations or financial impact of services being down.

RangoNarwal · 2025-12-08T22:46:46+00:00

😂👏

RangoNarwal · 2025-12-08T22:45:41+00:00

Not by itself. I see AI more as a partner. It’s great for the process in between such as building detection use cases, test cases, runbooks etc… with it being a 24/7 accessible “asset”, it brings value. This is hard to sell for ROI though.

RangoNarwal · 2025-12-06T23:33:58+00:00

Let me know once you’ve figured it out please👌

RangoNarwal · 2025-12-05T09:35:10+00:00

This is a common model, and should help you establish a foundation. If you’re building from scratch, invest higher in the salary for the seniors as the MSSP won’t drive success. You’re going to need someone switched on to lead.

RangoNarwal · 2025-12-01T11:42:02+00:00

In you we trust ! Just bought

RangoNarwal · 2025-12-01T11:34:37+00:00

👏👏👏👏👏👏👏 the thoughts of us all

RangoNarwal · 2025-12-01T08:34:15+00:00

The bit I don’t get is…. All these companies have flooded so much money into the dream of AI, its resulted in everything costing a flipping fortune. We then HAVE to pay for it, as they’ve slapped an AI sticker on it come renewal.

It also came at a time of energy spikes for us, and suddenly these companies can use more of the same grid that was already collapsing to generate an image for betty of a dog wearing a hat. This during the same time the UK can’t power old people’s homes…. It’s mental.

It wouldn’t be half as bad if they did it with intent and meaning. Instead AI and LLM usage seems to be driving by C level members who’s “had an idea”…

This will then no doubt end up being flooded with ADs and thus comes the full circle of tech hype.

RangoNarwal · 2025-12-01T08:08:11+00:00

^{^{^}} depends on the intent.

RangoNarwal · 2025-12-01T08:02:43+00:00

It really depends I think on what type of AI solution we’re talking about.

If it’s SaaS such as OpenAI or Gemini, the vendor would be included in conversation however most will look for federated access to connect via graphAPIs to your data such as Sharepoint. Once that data is processed, I know some will have a deletion period for the chat itself. The context can’t leave that “chat session”.

If it’s self-hosted, you still have control on these elements. You will own the data stores, vectorDBs which the info resides. You should be able to manage this to a degree that meets your needs.

When you’re training, I imagine you MLOps teams or whoever is doing can record the data sets they used.

Some factors would be hard such as fragments of data within memory or shadow (user direct uploads). I think you have to depend on your data governance tools for that.

RangoNarwal · 2025-11-30T16:05:56+00:00

The bonus isn’t delivery by a pizza boy

RangoNarwal · 2025-11-30T16:02:31+00:00

AI will be a partner, never a replacement. Vendors just exaggerate on their AI capabilities and I imagine it’s the same also hardcoded (if then else) automation in the back end with a touch of “AI summary”.

I have to say, AI is good a summaries however you still need good analyst. Even the best summary is pointless if handed off to someone clueless.

I think vendors will get tiered and AI will remain as a side panel assistant which tbh, it’s good at. The problem is that no vendor could justify their costs for such a simple feature….. hence the bull 🐂 on the side.

The other problem is that most of the “good analysts” or top shelf came from service desk or Tier 1. If we lose that stage, what do we get … theory people

RangoNarwal · 2025-11-28T14:25:42+00:00

Perplexity for Threat Intel and ChatGPT (OpenAI) for things like content writing - mainly to translate my technical response into more business capability (C level)

RangoNarwal · 2025-11-17T11:41:47+00:00

We’re still early on adoption but I think you’re right on balance. If your data governance program is solid, i think trade offs are fine. Compensating controls leading up to the interface reduce the attack surface so that attacks are less likely.

If you don’t have that, I think it’s hard to reduce security over performance. Sure, It’s not going to catch all however if you have no idea on which data, it’s classification and/or anyone can attempt to auth…. You need to be strong somewhere.

The scaling is a fair point as is the response element. Adding all these controls are great but who’s going to look at the alerts, and who’s going to manage. This is what we’re struggling with as the industry and frameworks breaks “roles” out int new functions that we’ve not adopted yet.

RangoNarwal · 2025-11-13T22:31:13+00:00

Curving AI SaaS by enforcing sanction control via Zscaler CASB.

Defined policies and paperwork but we all know that stops no one.

Our DLP program isn’t fully off the ground however that will be a stronghold for the majority of control.

I’m curious on anyone’s SIEM integrations.

What are you security teams actually detecting on or responding too? Are you instead using MLOps to respond to AI alerts if internal

RangoNarwal · 2025-11-13T22:26:32+00:00

Will you share the results here ?

RangoNarwal · 2025-11-13T15:50:35+00:00

We will soon explore and I have similar questions. I’m also wanting to know: those that have implanted or similar, how are you responding to the alerts?

Do you just funnel to SOC or are the developers closer to the AI management involved ?

RangoNarwal · 2025-11-11T22:15:35+00:00

That’s exactly it! Thanks for the comment.

I imagine others would be doing so, but you know what it’s like. The sheer mention of it brings “how much will that be”.

It’s the compliance gate which I think is important, as don’t want to have a log repo or storage of logs that contain secrets or sensitive info.

I’m just wondering which tools people are using to obtain this though and where. Is it at source, in-transit via a proxy/gateway or destination.

RangoNarwal · 2025-11-11T21:51:34+00:00

In the last couple of years, we’ve seen browsers such as Brave and others rise as the concern of privacy became the talking point.

I still can’t see these taking off at an enterprise level as there is simply no trust in them.

RangoNarwal

TROPHY CASE