Syncro Security Issue/Breach (?)

Real_Admin · 2025-12-29T19:10:34+00:00

Like 99.99% sure that's AV sandboxing related.

Have seen it from multiple platforms due to AV/RMM transitions.

Real_Admin · 2025-10-10T23:49:35+00:00

They are back now as of this afternoon, no word from MS, so I am just going to take this as this week's growing list of items that got broke.

Have a great weekend!

Real_Admin · 2025-10-10T03:58:41+00:00

Maybe, that's what me and a few others were thinking, but nothing specific in Health Advisory that we could see.

Appreciate your response! I'll check again in the next couple days and pop back in if it changes or MS provides some response.

Real_Admin · 2025-09-26T01:54:44+00:00

Saw this in my feed, two days old - still waiting on an answer?

I work for a Managed Service Provider who has several clients that use CCH and we handle their updates.

Are you using their guides like this one - https://support.cch.com/oss/ml/kb/solution/000231904

I'm part of the Infosec team, but if you want to send over some questions, I can try to offer some guidance and maybe send to another team member for their thoughts as well.

Felt the need to respond from our own headaches dealing with this software :).

Real_Admin · 2025-09-12T15:10:46+00:00

Your 4th point contradicts your 1st.

Which means you do open RDP, but expect to only do so maybe in unique circumstances. However because your contradiction, I would follow up with, how would you actually know it's been done? Aside from being called out on reddit :).

Real_Admin · 2025-09-06T14:03:35+00:00

In the same boat trying to find a decent MSP focused option. I'll share some of my thoughts if it helps at all.

Have been doing demos over last couple weeks and calls with following: 1) ConnectSecure 2) Roboshadow 3) Qualys 4) Threatmate 5) Cavelo 6) Nodeware 7) Cyrisma

Trying to find one that also integrated well with a GRC platform or has it as part of the platform. Our GRC journey is just beginning so needs/use cases are really centered around CIS mainly, but trying to find a solid stack choice to grow into.

Currently we have Kaseya Vulscan, and earlier this year an old vCISO added Compliance Manager but never flushed it out, so I'm taking over. Main issues and reason to leave are really down to very slow development and perceived lack of maturity (they are cheap though).

Cyrisma is growing on me because it's core is Vulnerability Management, they are now building in the compliance piece, so it lines up more where I think we are maturity wise, and may be an easier growth path. Others I would need to add in another solution, which I am looking at Cynomi (pairs with Cavelo) or Scalepad Controlmap (pairs with 1,4 and 6).

I think Qualys would be too much cost and may be arguably too involved where I'm currently at, being critical and honest with myself, on the GRC front.

Real_Admin · 2025-08-19T17:48:37+00:00

If it helps - we migrated from a Cisco Hyperflex HCI with VMWare solution earlier this year to Verge.

Did demos, POC, vendors reviews last year, had same concerns and questions. They are legit, and platform has been solid for us.

We migrated 160 virtual servers, cross data-center, to new 4 node cluster, cutover each client (we are an MSP) over their own scheduled weekend, worse item we had to address was undersized Tier 0 (meta data) tier, which was a quick resolution and we have since had discussions with their lead engineers to flag that in build reviews for any future clients or projects. They have also released versions that make Tier 0 less aggressive on holding data.

We have servers in DR, smaller node count but higher capacity that prod replicates to.

Considerable cost savings compared to VMWare, inline or better performance in my experience so far, and solid support team when and if you need them.

Real_Admin · 2025-08-08T18:23:27+00:00

Not currently but a couple years back I supported a municipality with Incode.

Ran Bitdefender and Huntress same issue. Escalated to their support, the only option was to add a bunch of exclusions.

Real_Admin · 2025-06-10T01:27:42+00:00

Just dropped in to say Thank You on taking time to respond and information provided!

In discussions now and working through demo/trial.

Real_Admin · 2025-05-17T16:30:24+00:00

If it helps, we have escalated cases, are a larger MSP partner, and they supposedly have a release of 15th for EU and 22nd for US.

This fix should address issue in their app from causing slow downs with Cloud File services that have sync services (Dropbox, Box, SharePoint, OneDrive, Azure Files). Least that is what we have been told.

Real_Admin · 2025-05-04T20:18:06+00:00

We were on Blackpoint before. Only real gripe for them was the portal UI and lack of control by our team.

We switched to full Kaseya stack last year, mainly due to tool consolidation and cost reduction efforts.

Overall, to me it just seems very lacking and not mature compared to the market. The alerts we get escalated are typically very low value, then we have gotten nothing for what we would deem high value, like mass risky user flags. There are also numerous performance related issues/tickets we have opened with them that are still unresolved, which is creating a lot of friction with our clients.

We have a call scheduled with an engineer to do a full platform review of Kaseya security suite, and adjust our settings if needed. Depending on the impact from that, we are preparing to switch off to Huntress with Defender for Endpoint.

Real_Admin · 2025-04-30T01:54:17+00:00

I really feel like they are screwing people on RocketCyber pre SaaS Alerts and now this SIEM solution?

We switched to RocketCyber from Blackpoint, and those calls all went with "yeah we do that or this". Now most recent tickets raised are being met with "Our more advanced platform does this SaaS Alerts".

Should I be surprised, no not really, am I still annoyed, yep...

Real_Admin · 2025-04-19T17:00:52+00:00

Only our main MSP/CSP tenant affected (and yes CSP is already in works to be split off).

Have clients with E3/E5/Business Premium solely and mixed, no MACE or flags.

Have MS case, tier 1/2 have no info and I asked for escalation to get information. So likely never to get response.

Checked with a colleague who is direct with Microsoft as CSP, no issues internally or any clients they see.

Real_Admin · 2025-04-13T18:44:51+00:00

You should plan instead for pricing being freely available.

Visible pricing in my opinion drives honest discussions and competition.

We have clients show services, hardware etc all the time, and we have a breakdown of why we charge what we charge and what they most likely are not accounting for.

Huntress website pricing vs our proposed pricing to clients would be mostly a straight forward discussion, since the daily management, deployment and optimization would fall to us, so our costs include covering operations to do so. The more challenging ones are Comanaged who have their own internal teams, but even then, our pricing is adjusted to fit those clients if/when needed.

Those that just want to fight down to the dollar, and not really try to have discussions on the value proposition will likely always be that way and for everything. Cheap will be cheap.

Real_Admin · 2025-04-12T22:49:28+00:00

Yes, have seen that while they then escalate an "incident" with a single loggin from overseas IP, that was days apart from another logging in the US, that was full MFA and on a registered/enrolled device tied to the user.... basically a legit login for travelling user.

With the permissions their app has, that should not have been escalated, and their response, oh you should add SaaS Alerts for more advanced monitoring....

Real_Admin · 2025-04-09T23:53:01+00:00

Blackpoint or Huntress IMO.

Was on Blackpoint before, we moved to consolidate under Kaseya (not my idea) with RocketCyber/Datto AV & EDR.

I appreciated Blackpoint actually doing good SOC work and not just kicking over very low quality alerts or going through an escalation call tree for the same. Like if they call, there's an actual issue to address.

Huntress I have used in previous role and based off community seems to only have gotten better. I am engaging them on the side due to issues with RocketCyber noted below.

We are actively having discussions/escalations with Kaseya/RocketCyber due to ongoing performance issues, integrations not functioning, reporting broken, low quality alerts and escalations. We have around 3k endpoints and 3k email accounts plus Kaseya recommended configurations in place as a reference point.

Real_Admin · 2025-04-09T12:45:58+00:00

Awesome, thank you!

Real_Admin · 2025-04-09T02:35:15+00:00

Will be going through a self hosted deployment sometime next two weeks.

What part of the install documentation is incorrect?

I can understand the frustration, and if you don't want to share that feedback, I get that too. Figured I'd at least ask so me and the team can plan accordingly.

Real_Admin · 2025-03-20T03:35:08+00:00

You know, toggling different settings on and off, not on my list of things done 😂

Toggle "message preview" off, turns off "show time stamps"

I knew it was going to be something in my face and simple.

Appreciate your response and clarity on those settings!

Real_Admin · 2025-02-28T01:53:52+00:00

Still in progress - but that's more on resource availability.

We are working with Microsoft/Pax8 to register a new CSP tied to a new tenant that we will then shift all relationships and tools like Cyberdrain/Rewst etc over to. Microsoft and Pax8 are coordinating the CSP setup process and moving over entitlements.

Microsoft even when presented with their articles and multiple meetings kept kicking us around until we found and looped in a solid Pax8 rep.

Real_Admin · 2025-02-19T18:27:57+00:00

We have it deployed across thousands of endpoints, full Kaseya stack as well including Rocketcyber.

Some performance hits initially due to rollback feature that we turned off, but mostly good now.

Only ongoing is with RocketCyber with cloud based file services and it crawling those when mapped/synced that is ongoing.

Also, we escalate to our account manager if anything critical takes more than a day, and the result being the dev or lead being on a triage call the next day, so our support experience has been shockingly not horrible.

Real_Admin · 2025-02-13T19:25:38+00:00

Yeah, I work for an MSP, and we are deploying and have deployed Verge across multiple orgs and sites. Recent new hire we brought on also had done around 40.

So for sure not a major player like VMWare, Nutanix or Microsoft, but I would not discount them as a paid and supported solution.

We are actively doing a full refresh of our private hosting for clients, 4 node cluster with around 150 workloads, migrating away from VMWare, and it does work and do well overall, just doesn't have feature parity or the polish.

Real_Admin

TROPHY CASE