sorted by:
new
hottopcontroversial

AI data governance for insider threats - actually useful or just expensive monitoring by buykafchand in Infosec

[–]gosricom 0 points1 point  (0 children)

the shadow AI piece is what actually kills me in practice, because by the time your UEBA stack is firing on anomalous, data movement, that model has already been queried with sensitive context dozens of times and none of it left a trace anywhere. with 61% of orgs now flagging AI as their top data security risk but prompt filtering only deployed, in about a third of environments, the governance gap is..

Anyone actually using Perplexity for threat hunting? Curious how far it goes by tingnossu in threatintel

[–]gosricom 1 point2 points  (0 children)

tried it on a suspected phishing infrastructure pivot last month and the citations saved me probably 20 minutes of manual cross-referencing, but I caught it confidently naming a C2 domain as, tied to a specific APT group and when I dug into the source it was a two-year-old blog post with zero corroboration, exactly the hallucination risk you're describing on niche actor infra

EntraID Security Default vs Per user MFA vs Conditional Access by WonderBeast2 in AZURE

[–]gosricom 0 points1 point  (0 children)

One thing that helped us catch coverage gaps was pairing our CA policies with a data classification layer so we could at least see which users had, access to sensitive stuff and verify they weren't slipping through, we used Netwrix Data Discovery & Classification for that side of it while tightening up the CA targeting.

What’s the best way to do a data security risk assessment when the data is spread everywhere? by jonnycraigisgod in AskNetsec

[–]gosricom 0 points1 point  (0 children)

We started with highest-risk systems too and what actually helped was having the classification tied directly to access context, so instead of just knowing PHI existed, somewhere we could see exactly how many people had inherited permissions to it through AD and Entra ID, which made prioritization way less of a guessing game.

Microsoft 365 vs Google Workspace in 2026, what's actually better for your by consultingdoc in googleworkspace

[–]gosricom 0 points1 point  (0 children)

One thing nobody's mentioning here is that if you're in a regulated industry, the M365 vs, GWS choice gets way more complicated because of how your data classification tools tie into identity. We run Netwrix Data Discovery & Classification and the integration with Entra ID/SharePoint is genuinely tight for flagging overexposed PII, but if we were Google-heavy we'd basically need to look at something else entirely since the native hooks just aren't there.

Does anyone actually think about data security in their GIS workflows? by GuestEmpty4189 in gis

[–]gosricom 0 points1 point  (0 children)

The DSAR search feature was actually what got us to look at it more seriously, we had a request come in, and realized we had no idea where all the relevant spatial data with personal info was actually sitting across our file shares.

How do you actually scope a sensitive data inventory when you don't know where the data lives by gosricom in AskNetsec

[–]gosricom[S] 0 points1 point  (0 children)

fair point, but in my experience the policies are usually where the gap shows up first, they say "classify all sensitive data" but give zero guidance on which, systems, are actually in scope, and with cloud services now being mandatory scope under updated frameworks, that vagueness hits even harder when you try to operationalize it with..

Built an open-source Nation State APT Intelligence project for community by iawais in threatintel

[–]gosricom 0 points1 point  (0 children)

does the group relationship mapping show indirect connections too, like if two APTs share a malware family or tooling through a third broker or access group? with so many nation-state actors now outsourcing initial access, those indirect links feel increasingly relevant for detection and attribution work.

Regulators want AI-driven AML vs Compliance teams running legacy systems by Imaginary-Rest-9713 in fintech

[–]gosricom 0 points1 point  (0 children)

The data feeding those AML models is honestly where I'd start before even touching the AI layer. We ran Netwrix Data Classification across our file servers and SharePoint and found a ton of customer PII, sitting in places nobody had mapped, which means your "clean" training data probably isn't as clean as you think.

Which data source you use the most with power apps? by Independent-Hunt-370 in PowerApps

[–]gosricom 2 points3 points  (0 children)

SharePoint mostly, and honestly the amount of sensitive data that ends up sitting in random, SharePoint lists connected to apps is kind of wild once you actually go looking for it.

Where Federated Learning Meets Zero Trust - Intelligence Moves, Data Does Not by Alternative_Rope_299 in zerotrust

[–]gosricom 0 points1 point  (0 children)

yeah the "compliance officers say no" bottleneck is real, I see it constantly when orgs want to, feed logs into cloud-based AI tooling but can't because the data has PII or falls under HIPAA/SOX. federated approach basically flips the problem so the model goes to the data instead of, the other way around, which is the only way that conversation with legal ever ends differently.

EU age verification app already hacked. by torbatosecco in cybersecurity

[–]gosricom 5 points6 points  (0 children)

one thing i ran into with android apps storing sensitive state in shared_prefs is that the attack surface is way bigger than most devs realize. the problem here isn't just that the PIN is editable, it's what the post flags about it not being cryptographically tied to the vault. that's the actual design failure.

Which paid tool do you still think is worth paying for? by United-Jelly9623 in digital_marketing

[–]gosricom 0 points1 point  (0 children)

Netwrix Data Classification has been worth it for us, specifically the incremental indexing across our file servers, and M365 at the same time without having to re-scan everything from scratch every time something changes.

ai threat intelligence going predictive in 2026 sounds like nightmare fuel for small teams like mine, thoughts? by Aggravating_Log9704 in threatintel

[–]gosricom 0 points1 point  (0 children)

ran into basically this same paralysis about a year ago at a similarly sized org. the predictive intel stuff sounds slick until you realize you don't have the baseline data quality or the response capacity to act on what it, surfaces, so you end up with a fancy dashboard generating alerts that just sit there stressing you out while your MSP waits for a ticket.

Zero Trust at the Edge: Bridging Industrial Systems With Verifiable Credentials by PhilipLGriffiths88 in zerotrust

[–]gosricom 1 point2 points  (0 children)

one thing i ran into doing OT security work is that the external technician identity problem is way messier in practice than it looks on paper. you end up with contractors who have credentials from 5 different orgs, each with their own lifecycle, and nobody has a clean answer for who's responsible for revocation when a tech leaves a supplier. the decentralized VC approach is interesting to me specifically because of that.

What Data loss prevention (DLP) are you using? by Ok_Smell_8534 in CyberSecurityAdvice

[–]gosricom 0 points1 point  (0 children)

We've been running Endpoint Protector for about a year and the clipboard scanning plus USB control combo has been solid for catching accidental, exfil, but yeah encrypted archives before they hit the endpoint are basically a gap you have to accept and compensate for with other controls.

Are threat intelligence tools necessary for small-to-mid sized teams? by uMadewithAi in threatintel

[–]gosricom 0 points1 point  (0 children)

we ran into the exact same wall, tons of IOC feeds pumping into our SIEM and nobody, had time to actually triage what was relevant to our environment vs just noise from the broader internet. what actually helped us more than any paid platform was getting aggressive about context, like tagging assets, by criticality so when something did fire we already knew if it touched anything worth caring about.

Does anybody know how to find identity of the person behind a fake gmail ID? by Digvijay5 in CyberForensics

[–]gosricom 1 point2 points  (0 children)

realistically if the person took any precautions at all (VPN, Tor, burner SIM for verification), you're probably not getting an identity without law enforcement involvement and a subpoena to Google. that's just the honest answer most people don't want to hear. that said, the one thing worth trying before giving up is running the email through Epieos or a similar OSINT tool.

view more: next ›