|
Isn't crypto* usually from a bad ad or email attachment? It doesn't seem like AV would really help with that, although I don't have any experience with it other than saying "hey, we just got hit by something that could completely gently caress our only (probably not backed up) NAS" and being ignored.
|
#
?
Jun 29, 2016 22:40
|
|
|
|
| # ? May 28, 2024 00:06 |
|
|
Wonderful that you've all had good experiences with Meraki. I didn't. I had huge issues with their switches and firewalls. Lack of OSPF support, terrible BGP performance, dropping routes from the BGP tables, reconverging for no damned reason, poor switch performance especially with ACLs, the stupid loving permit any/any by default on ACLs, switch lockups, licensing issues and the inability to configure the platform exactly how I wanted to really bothered me. If the performance/crash/licensing issues have been worked out, then I think they're great for the small business world, point and click, pretty interface, standard implementations.
|
|
#
?
Jun 29, 2016 23:23
|
|
|
Meraki APs were 100% my poo poo when I worked at an MSP. It made life so goddamn easy because you didn't need a jumpbox on-site to diagnose/repair wireless issues.
|
|
#
?
Jun 29, 2016 23:24
|
|
|
MC Fruit Stripe posted:Ugh, god, you and me both buddy. How's the Phoenix deployment going?
|
|
#
?
Jun 29, 2016 23:48
|
|
|
ElGroucho posted:FrontRange Solutions help desk should just forward you to the suicide prevention hotline. It's pretty awe inspiring how lovely HEAT is.
|
|
#
?
Jun 30, 2016 00:18
|
|
|
Wrath of the Bitch King posted:It's pretty awe inspiring how lovely HEAT is. The IPCM guy had the loving nerve to criticize my server for not having IE9 to look at their dog poo poo web application. Its not my fault your software sucks dick, and is so loving flaky I'm afraid to upgrade it.
|
|
#
?
Jun 30, 2016 00:23
|
|
|
lampey posted:We recently moved from Symantec to Bitdefender. About 10% of the computers are still on Symantec for different reasons. In the last 6 months we had two cryptolocker issues with the Symantec ones and none for the Bitdefender group. It could just be chance but anecdotally Bitdefender is a better product. The real reason for the move was better integration with our other tools and and lower cost. There is a lot of older malware out there that will be stopped by any AV so it is worth keeping it installed and up to date. None of the AV products will protect you from accidental data loss, the newest malware, or hard drive failure. I'd like to hear your take on how you decided that Bitdefender is a "better product". Is it better than Symantec? Or are you comparing it to another vendor? How did you decide it was a "better product"? What qualifications did you make to decide on this?
|
|
#
?
Jun 30, 2016 00:46
|
|
|
OSI bean dip posted:I'd like to hear your take on how you decided that Bitdefender is a "better product". Is it better than Symantec? Or are you comparing it to another vendor? How did you decide it was a "better product"? What qualifications did you make to decide on this? decide decide decide
|
|
#
?
Jun 30, 2016 00:54
|
|
|
ElGroucho posted:The IPCM guy had the loving nerve to criticize my server for not having IE9 to look at their dog poo poo web application. Its not my fault your software sucks dick, and is so loving flaky I'm afraid to upgrade it. Gotta love when they demand deprecated, out-of-support browsers. It's even better when they try to say "but it works in Chrome!" despite the contractual condition of it working with IE10/11/Edge. We recently (within the last year) upgraded from some ancient version of ITSM (6.33?) to the newest version of HEAT. The amount of problems they've had implementing is staggering, and getting HEAT Discovery to work has been an enormous shitshow. And by "work" I mean be installed and integrated properly with ITSELF. Why we're bothering with discovery when we have SCCM is a completely different question, but I digress. I can only address so much stupidity at a time before my brain melts.
|
|
#
?
Jun 30, 2016 01:05
|
|
|
Today was the first day of 'summer work', so most of the department met at the middle school to go over the plan for the next few days. The district and middle school tech had collected all the kids' laptops (we're 1:1), and had them sorted for insurance claims and warranty repair. We learned of a manufacturing flaw present in most of the laptops, and Lenovo agreed to send us the replacement parts and a team of techs to install them. The flaw is the trackpad flat cable goes over this stamped wire guide prong next to the battery, and the prong isn't smoothed or bent over, and it's reasonably sharp, so after months of student use, enough pressing down on the system caused the prong to rub into and start shorting the cable. The replacement cable has a little reinforcement patch we hope will fix the problem for good. Once into the groove, our techs could do a swap in 5 minutes, unscrewing the bottom, moving the battery, replacing the cable, and putting it all back together. The problem is the team of techs was awful. They had to cancel the first day. The second day, they came in late and our tech said they looked like they walked out of Duck Dynasty and smelled like piss. In the first 4 hours, the three of them replaced 20 cables. Their allotted half-hour lunch took two hours, during which they apparently did another bid. After they came back, they did another ~45 laptops. These three techs did ~65 in 8 hours. They argued that they weren't hourly and we weren't their supervisor. We dug in the garbage to count the old cables and also discovered a cup with 6 screws in it--one of their techs forgot nearly every screw on one laptop, and decided to just toss them. There were also several broken screw-hole things in the cup that probably came off due to kid damage, but you never know, and they weren't marked for additional repair. Today, during our meeting, they came in late, argued with the building tech since they started grabbing laptops that weren't on Lenovo's fix list, brought in backpacks and other things we told them not to bring in (there's a half-million dollars worth of laptops in this one room), then spent the next hour doing nothing but walking back and forth to their car. We stupidly didn't have someone babysitting them, but after a count, we're reasonably sure they didn't steal any of the laptops. Then after they had been there an hour, they all walked out, got in the car, and left, without a word to anyone. Lenovo contracted the job out to a local firm, who contracted the 'lead' tech, who hired his own help. The local firm was horribly embarrassed and has sworn the techs will never work for them again and started scrambling to get us a new team because we've got a pretty tight deadline. All of us could probably knock it out in another day, but we don't think we can spare anyone for something Lenovo promised to fix.
|
|
#
?
Jun 30, 2016 01:50
|
|
|
I am super envious of the main corporate branch of one of our clients. Apparently in Sweden the company takes a 5 week vacation in July. We are in a mad scramble to get some ESXi hosts up before they just up and leave. Gotta move to Sweden...
|
|
#
?
Jun 30, 2016 02:06
|
|
|
Pyroclastic posted:Today was the first day of 'summer work', so most of the department met at the middle school to go over the plan for the next few days. Name and shame the local company. That's just hosed in so many ways.
|
|
#
?
Jun 30, 2016 03:03
|
|
|
Pyroclastic posted:Lenovo contracted the job out to a local firm, who contracted the 'lead' tech, who hired his own help. The local firm was horribly embarrassed and has sworn the techs will never work for them again and started scrambling to get us a new team because we've got a pretty tight deadline. All of us could probably knock it out in another day, but we don't think we can spare anyone for something Lenovo promised to fix. Sounds like the typical hardware repair business. This was my first IT Gig at a grand total of $11/hr but goddamn management didn't give two shits you could read or write as long as you could twist a screw driver.
|
|
#
?
Jun 30, 2016 03:32
|
|
|
OSI bean dip posted:I'd like to hear your take on how you decided that Bitdefender is a "better product". Is it better than Symantec? Or are you comparing it to another vendor? How did you decide it was a "better product"? What qualifications did you make to decide on this? dude dont you like have your own thread for pissing contests
|
|
#
?
Jun 30, 2016 04:03
|
|
|
OSI bean dip posted:I'd like to hear your take on how you decided that Bitdefender is a "better product". Is it better than Symantec? Or are you comparing it to another vendor? How did you decide it was a "better product"? What qualifications did you make to decide on this? Pretty sure the words "could just be chance" and "anecdotally" succinctly answer a question that didn't need to be asked. I mean, it's pretty clear they didn't do any sort of rigorous comparison or technical rundown. Nor did they claim to.
|
|
#
?
Jun 30, 2016 04:08
|
|
|
Aside from a few specific instances, there aren't absolutes when it comes to AV and compliance. HIPAA doesn't expressly require it, even PCI (for at least the self assessment) has it worded "AV on vulnerable systems that support it." So, you can interpret that as you want. You can say your systems don't support it because it would become an operational or performance burden. You can say that the systems aren't vulnerable due to other mitigating controls. Mitigating controls is what it comes down to. IF you don't have AV in place, you typically have to prove that you are doing something else that's just as good. The auditors come in and look at your SOC2 controls and notice that you don't state you have AV on production servers. You counter with statements like "AV would interfere with the operation of the business and access is so limited and lock down that there very few vectors to get infected." They may counter back saying "I get what you're saying, but I'm still not confident that you've satisfied this control." At that point, you can usually demonstrate SOMETHING else that tips them over the edge in satisfaction. It can be something as simple as a weekly sweep against known malware signatures that you can get with Nessus. Hell, even the monthly release of Microsoft's malware toolkit may be enough if you can demonstrate you keep up with that. That said, IF you have AV, it needs to be centrally manged with log retention (at least 6 months, probably a year.) It isn't enough to say "Oh, I have the free windows defender enabled on all machines." It's a trap in a way. In that case, having nothing might actually be better than having something when it comes to compliance. Having something you can't report and provide metrics on is often worse than not having the solution at all. You've admitted that AV is a part of your security posture, but now you can't prove it's functioning the way you are expecting it to across the organization. It would be better to not have it at all and show how not having it doesn't affect your risk. At the end of the day, when you have an incident (Yes, when. It's always when. You don't ever have the luxury of saying 'if'), you will nearly always be in a better CYA position as an organization if you have AV. That's just where we are right now. If you don't, you better be drat sure you had good people working on your controls to cover you in every direction. The language is slowly shifting to cover any sort of system that will detect anomalous activity, but we aren't likely to ever break away totally from security products. I don't like AV and wish we could do without it. I also don't really think it provides much benefit in the grand scheme of things, but it does make audits easier. I personally like Netflix's approach which monitors traffic signatures and reports on anything that's anomalous. After all, what we really care about is data leakage for the most part and as long as you can ensure that data is coming and going on the network via approved methods from approved sources with predictable patterns, you can really intercept most of the known and unknown threats out there.
|
|
#
?
Jun 30, 2016 04:33
|
|
|
Judge Schnoopy posted:Even in enterprise environments with in-house IT staff, Meraki is great for remote site management. Having three branch offices with Meraki firewalls / APs plus 3 work-from-home users with Z1 gateways prevents a LOT of headaches. Sickening posted:Its okay to dispel some superstitions from time to time. AV is going the way of the fax machine. Its there to meet some checkboxes for some folks out there that have to do it for some kind of governing body requirements. In the meantime they offer little to no value (sometimes negative value) and more often than not come at great cost and maintenance. gently caress both in 2016.
|
|
#
?
Jun 30, 2016 04:33
|
|
|
The problem is AV is outdated, and more to the point there isn't value in a vendor solution over what is provided natively with Win 7/8.1/10. There are better solutions that do a better job: firewalls, web filtration, e-mail filtration and anti-spoofing platforms (ex. Ironport), various flavors of IPS sensors, etc. There's a thousand times more value in keeping security patches up-to-date on clients and controlling internet browsing behaviors than AV. It's not even a contest. To put it another way: within the past 15 years a concerted effort has been made at the corporate level to remove administrative rights from the typical computer user. Most AV products/suites run as either the Admin or in the SYSTEM context. This is bad for a number of obvious reasons.
|
|
#
?
Jun 30, 2016 04:40
|
|
|
I was under the impression security was best done in layers - Edge Firewalls, Rights Management, Identity Management and Anti-Virus.
|
|
#
?
Jun 30, 2016 04:45
|
|
|
jaegerx posted:Name and shame the local company. That's just hosed in so many ways. Couldn't tell you; I wasn't involved in any of it beyond being there today and counting the laptops afterwards. Sounds like the contractor needs to do better vetting (or supervision) of her subcontractors, though. This'll all make it back up the Lenovo corporate chain (our tech kept saying that this was a service agreement that went pretty high up into the 'This is a known manufacturing flaw, and you will fix it, Or Else' realm). Some of our techs recently got Lenovo-qualified, so maybe they can get paid OT by Lenovo to do it ourselves after hours, since our position isn't allowed any OT this summer.
|
|
#
?
Jun 30, 2016 04:46
|
|
|
Wrath of the Bitch King posted:The problem is AV is outdated, and more to the point there isn't value in a vendor solution over what is provided natively with Win 7/8.1/10. You can't export a report with the native antivirus/antimalware solutions that comes with windows that shows on June 3rd, 2016, that all systems had up to date definitions within 24 hours of release. That's a problem when it comes to compliance, a big one. It isn't enough that the protections are in place, you have to demonstrate that they are functioning properly across your organization and that function falls in line with your stated controls. You also likely have to provide evidence that they are functioning properly at any arbitrary point in time that the auditors choose to examine. At the very least, if you want to use the Microsoft stuff, pony up for a System Server license and all the relevant CALs necessary to deploy the enterprise version of that software across your org. Where solutions like McAfee become attractive is the additional solutions they supply. You can have a client contractual requirement for network AND endpoint DLP. Endpoint DLP isn't something that you can get from WIndows Defender. But you can get it from McAfee AND it bundles in AV, so it makes a bunch more business sense to go with one vendor for it. It really doesn't matter that a determined person can circumvent these protections if they really want to leak data, you just have to prove you did everything you could to prevent it.
|
|
#
?
Jun 30, 2016 04:56
|
|
|
Definitions for defender are delivered via WSUS in any org worth a poo poo, which you can definitely report on. All an auditor cares about is a checkbox for compliance, which this satisfies. DLP is governed by systems like Varonis in any org worth a poo poo. "Endpoint DLP" is managed by restricting local resources to nothing but compute, forcing storage of sensitive materials to a SAN or otherwise secure network location. I get that not all orgs have these things, but not all orgs are good. That said, I completely agree re: SCCM. Wrath of the Bitch King fucked around with this message at 05:05 on Jun 30, 2016 |
|
#
?
Jun 30, 2016 04:59
|
|
|
Wrath of the Bitch King posted:Definitions for defender are delivered via WSUS in any org worth a poo poo, which you can definitely report on. You can't report on when the scans were done or their results with WSUS. Also, the WSUS report may not past muster with some auditors. It shows the software was delivered successfully at the OS level. It doesn't necessarily provide positive evidence that the software loaded the definitions properly.
|
|
#
?
Jun 30, 2016 05:04
|
|
|
It reports on installation and compliance, not just reception. It's not like it just shoots the update into the pipe and hopes for the best. You're implying that MS isn't trustworthy with their reporting while some third party AV vendor is. Wrath of the Bitch King fucked around with this message at 05:09 on Jun 30, 2016 |
|
#
?
Jun 30, 2016 05:07
|
|
|
bull3964 posted:You can't report on when the scans were done or their results with WSUS.
|
|
#
?
Jun 30, 2016 05:08
|
|
|
Do auditors really check for scans? Like, as bad as AV is isn't it readily understood that real-time/active execution scanning is the only thing that catches anything or actually matters? Keep in mind "matters" is pretty subjective given the context. If anything they should look at your AV policy rather than some stupid bullshit like how often you execute a full scan.
|
|
#
?
Jun 30, 2016 05:14
|
|
|
anthonypants posted:Are you one of those auditors who follows rules they don't understand, like the ones everyone else keeps complaining about I'm not an auditor, I've just been through a bunch of them. They tend to not like ambiguity. From a practicality perspective, WSUS is enough to be sure your updates are deployed. But the auditors see it as a delivery mechanism and not a management system for the security product. They want to see that admin console that shows the definitions were applied separate from the system that deployed them. It's the same line of thought that just showing WSUS isn't enough to prove you are keeping up with OS updates, you have to have a vulnerability scanner as well that provides positive and independent confirmation that these things were applied. Wrath of the Bitch King posted:Do auditors really check for scans? Like, as bad as AV is isn't it readily understood that real-time/active execution scanning is the only thing that catches anything or actually matters? Keep in mind "matters" is pretty subjective given the context. Every time we've had an audit they ask for proof of scans and have asked for a random sample of logs for a specific machine. Your mileage may vary depending on who is auditing you and what type of audit is being performed. A lot of it is security theater. It sucks, it's a huge time sink, but you have to do it to keep everyone happy. Keep your controls specific and simple and you have a lot easier time. That's one of the reasons why AV from a vendor is attractive. You can use a single line on a control pointing at the product that's simple to demonstrate when the auditors show up. Otherwise, you are stuck saying that you do 'x,y, and z' to satisfy the control which ultimately is more effective at the risk management, but it's a lot harder to demonstrate. So, you do x,y,and z as your real risk mitigation and you have something to check the box for the auditors. bull3964 fucked around with this message at 05:32 on Jun 30, 2016 |
|
#
?
Jun 30, 2016 05:30
|
|
|
My work's reaction to Sophos not catching a crypto locker a couple weeks ago is to get more antivirus. We now have McAfee Stinger as well 
|
|
#
?
Jun 30, 2016 05:34
|
|
|
People who have used System x servers before and after the IBM->Lenovo thing: complete poo poo product/services post-transition, or mostly okay?
|
|
#
?
Jun 30, 2016 06:00
|
|
|
Vulture Culture posted:People who have used System x servers before and after the IBM->Lenovo thing: complete poo poo product/services post-transition, or mostly okay? Same stuff. Former IBM VAR.
|
|
#
?
Jun 30, 2016 06:10
|
|
|
Tab8715 posted:Same stuff. Former IBM VAR.
|
|
#
?
Jun 30, 2016 06:14
|
|
|
Vulture Culture posted:Sales, service, hardware replacements, etc., no noteworthy issues? More mustache-sales guy trying to push worthless crap and techs aren't as good as they used to be there's still decent.
|
|
#
?
Jun 30, 2016 06:17
|
|
|
OSI bean dip posted:I'd like to hear your take on how you decided that Bitdefender is a "better product". Is it better than Symantec? Or are you comparing it to another vendor? How did you decide it was a "better product"? What qualifications did you make to decide on this? Symantec support would take multiple business days to respond to any request. We were using SEP.cloud and the process to whitelist a folder or directory is tedious and time consuming. Only some tasks could be changed for all clients and the MSP related features were lacking. It costs about 3 times as much in licensing. Bitdefender/and is integrated into N-able for reporting, management and deployment. When you have a problem with Bitdefender we have to work with the nable support in Ontario before working with the Bitdefender support in Europe. This is a negative but both are responsive and resolve any issues. We have had a few bugs that required the av to be uninstalled with Bitdefender. With Symantec the updater would break more frequently, blocking dns and requiring a safe mode boot to remove remotely. The av engine resource use and definitions were similar. If you are a much larger business the shortcomings are not as applicable and you can get faster support. I know we did when working for the government and we paid a lot more but the software was the same. It is a huge time savings to have all of the reporting and remote management in one place.
|
|
#
?
Jun 30, 2016 06:39
|
|
|
1000101 posted:The only Meraki products I dislike are the firewalls since they don't do OSPF. Wireless stuff and switches seem to be humming along just fine for me. Also no link aggregation on the MX LAN ports. And no PVST. But yea, their stuff is pretty solid and it really is substantially easier to manage for small shops, not to mention the added easy visibility into what's connected where.
|
|
#
?
Jun 30, 2016 09:17
|
|
|
adorai posted:How often do you gently caress up your device configs? I have 70 sites and i think I can count on one hand the number of times I have had to dispatch someone to a site because they hosed up a change. It's not about loving up, it's about insight. Clients love to complain about slow internet to msps. Being able to quickly show who is syncing Dropbox or downloading iOS updates over wifi and then react with bandwidth throttling is invaluable. Like mentioned before, it's also really handy to not need a jumpbox when configuring a new site to site vpn or NAT rule (especially the work from home folks where a jumpbox is impractical).
|
|
#
?
Jun 30, 2016 12:22
|
|
|
It's also nice because I can let our helpdesk person (who is ... not great with networks) do things like whitelist/blacklist clients, go poke around and find which idiot is downloading from iTunes while complaining about the internet being slow, etc. instead of having to do it myself via the CLI/Netflow or whatever. Meraki, for all its faults, saves us a ton of money because we don't have to hire someone to do network stuff full/part time.
|
|
#
?
Jun 30, 2016 13:02
|
|
|
I just discovered Jobr which is a Tinder-esque app for jobs. I would love to hear if anyone has gotten a bite from this spam whale holy grail George H.W. Cunt fucked around with this message at 14:13 on Jun 30, 2016 |
|
#
?
Jun 30, 2016 14:08
|
|
|
poo
Chickenwalker fucked around with this message at 05:17 on Sep 23, 2018 |
|
#
?
Jun 30, 2016 14:17
|
|
|
|
| # ? May 28, 2024 00:06 |
|
|
SaltLick posted:I just discovered Jobr which is a Tinder-esque app for jobs. I would love to hear if anyone has gotten a bite from this
|
|
#
?
Jun 30, 2016 14:21
|
|
