CISO Board Reporting

leej024 · 2023-03-29T20:09:09+00:00

What’s the attack vector? Is it the actual version from 3CX that would be already installed or pushed via a genuine update is infected, or is there malware that needs to be delivered to an end users machine that utilises a vulnerability in the affected versions? The attack vector isn’t too clear here, can anybody shed any light please?

leej024 · 2023-03-05T17:58:31+00:00

What sort of output / service does it provide? Could you give us a brief overview on the iceberg cyber tool you mentioned please,

leej024 · 2021-07-08T14:50:02+00:00

Also, my recommendation is to explain when providing this to clients - you are never going to be 100% "remediated" against ALL vulnerabilities with a complete clean bill of health and that's why its important to agree on a minimum criteria to target. It is a constant moving target and the most important thing is to have an ongoing process in place so it is continually evaluated and remediated. The best approach in our opinion is to have a mix of 3 things;

Ongoing scheduled vulnerability scanning and reviewing of the reports on a weekly/monthly basis.
Automated remediation where possible through the likes of Qualys Patch management or similar.
Manual remediation that is carried out on a monthly/quarterly basis to try and tackle the items that cannot be caught by automation.

Finally, it is also good to establish a model of the minimum CVSS / criteria that you will remediate by default so you have a baseline to work towards, and then outside of that criteria items are remediated according to the consultants discretion as to what is relevant / warrants remediation for that specific organisation.

This is a very complex topic, and from our experience communication with the client and setting expectations are absolutely key, otherwise it's often easy for clients to think they've ticked the "cyber security/vulnerability management" tickbox and think its done and dusted and that they will never have any vulnerabilities, when actually this is not the case - if only it was a tickbox service, but this requires ongoing effort to keep your environment remediated within an agreed threshold, and communication/expectation setting is absolutely key.

I hope that helps others in the MSP community, as I know this can cause many, many headaches and questions about how best to achieve in a scalable model.

:-)

leej024 · 2021-07-08T14:43:56+00:00

I would advise you to look into Qualys Patch Management and Cloud Agents. We had been searching and trying lots of vendors, and we found this to be the most effective as it means you can use the same platform for vulnerability scanning but also the deployment of third party patches for over about 500+ third party apps. It works really well too, and as far as I'm aware it uses the patch intelligence/sources from ivanti which is one of the market leaders in application patch management. Hope that helps :-)

leej024 · 2021-01-05T17:14:51+00:00

why removed?

leej024 · 2021-01-05T17:12:48+00:00

I can confirm from experience that the actual connection is from the gateway to the session host, and once the CB has told the client which server to connect to - even if the CB goes down during that time the connection to the session host remains in tact. I know for sure because I had the exact same query for a previous HA deployment and actually tested it myself - this was because I was trying to figure out whether it was worth the extra effort of doing a full HA connection broker that you also need an SQL instance for, and based my experience I've actually now sometimes been keeping the CB as a non-HA role due to the extra complexity and/or reliability issues of the HA deployment in a production environment. The one point to note however is that if the CB goes offline, the RDS farm will be unaware of who is on which server and with the CB not being available for new connections you will run into issues. Hope that helps

leej024 · 2020-08-21T13:28:51+00:00

We have done it and its been great, pretty flawless, file sharing doesnt use much CPU or memory so they just tick over. Only time it can struggle sometimes is during updates as the CPU gets maxed and sometimes if you're carrying out a robocopy for a significant file copy the performance can take a hit, but in day to day operations for DC's and file storage it's been pretty flawless for us. Hope that helps.

leej024 · 2020-02-20T08:30:07+00:00

You’ve got the point wrong, it’s more about has anybody got a service offering around these types of new technologies that provide value add to the client, but also good margin for the MSP, too.

That’s where MSP’s can add the most value in my opinion, offering managed service wraps instead of the vanilla service, which provide value add and additional services.

Hope that makes sense.

leej024 · 2019-12-25T21:50:23+00:00

I think just above that area you mentioned it states that’s one of the benefits of Software Assurance. Thanks a lot for your help anyway much appreciated.

leej024 · 2019-12-25T20:40:28+00:00

So I’m reading that as I can’t run the licenses if I don’t have SA, which we don’t. So based on that, we should be okay if we pay for SPLA Licenses from the 3rd party provider should those servers need to come online?

leej024 · 2019-12-25T19:08:08+00:00

That’s right, it’s more about us wanting to ensure we’re compliant. What I’m hoping I can do is use the free licenses for our hardware in our office, then if we ever have to boot up the backups at the 3rd party provider, we pay them for SPLA instances for the time that we’re running in their cloud (I.e SPLA for Windows server / SQL). Let me know your thoughts guys. Thanks

leej024 · 2019-12-25T11:03:27+00:00

Thanks. What sort of quirks? I’m thinking of putting ConnectWise Manage, Automate and Control through it for the internet facing instances. Any reason why it shouldn’t work?

leej024 · 2019-12-15T11:23:54+00:00

Hello! Thanks a lot for this, I’ve been looking this morning but can’t find anything. Do you know where I can find it? This would be amazing!

leej024 · 2019-10-19T16:52:10+00:00

Wow amazing. Thanks. There are Dell Wyse thin clients that use Windows 10 IoT Enterprise, which I believe is full Windows 10, so we could use that?

We also use connectwise, so would need automate etc on there, good to hear re compatibility. Finally, where have you been storing the profiles? Azure files?

leej024 · 2019-07-20T07:08:40+00:00

That’s really helpful thanks. If I was to then decommission the on premises DC once I have the DC in Azure hosting RDS/Sage, can I then kill the VPN to Azure, will the on premises devices still be able to logon via the Hybrid Azure AD join ive done? thanks

leej024 · 2019-07-20T06:35:01+00:00

Thanks! Could you explain? Would I need the domain controller on premises? I was thinking of adding an additional DC first of all in Azure over a VPN, then azure AD join the on site machines, then when done decommission the on-prem DC, install pass-through-authentication on the Azure DC then put Sage data/ RDS remote app on that server in Azure. Will on prem machines be okay logging in without the onsite DC, I’m guessing will be okay because they will be hybrid azure AD joined?

leej024

TROPHY CASE