@Dashrender said in Evaluating Defender ATP:

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Ambarishrh said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

And security products straight from O365 admin portal subscriptions page:

These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

• malware protection, both behavioral and definition based
• ransomware protection
• phishing protection
• ids/ips
• device control
• exploit blocker
• botnet protection
• web filtering
• memory analysis
• central management, either cloud or local

And a full forensics audit trail?

I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

I'm having a hard time finding what the real price here is?

I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

The above posts have a dozen different security things listed.

As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Ambarishrh said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

And security products straight from O365 admin portal subscriptions page:

These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

• malware protection, both behavioral and definition based
• ransomware protection
• phishing protection
• ids/ips
• device control
• exploit blocker
• botnet protection
• web filtering
• memory analysis
• central management, either cloud or local

And a full forensics audit trail?

I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

Eset and Webroot for example. I think Sophos had most of above features last time I checked. I'm quite sure most AV on the market have all/most of the above, since all these are standard features now.

If you want full forensics, you go with SIEM solution, Defender ATP is not one.

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Ambarishrh said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

And security products straight from O365 admin portal subscriptions page:

These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

• malware protection, both behavioral and definition based
• ransomware protection
• phishing protection
• ids/ips
• device control
• exploit blocker
• botnet protection
• web filtering
• memory analysis
• central management, either cloud or local

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features.

Some may. But do they show any insight as to what's going on in your environment, or allow for any kind of "real" forensics?

I can't speak for all because I haven't used all, but these are pretty standard features.

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

While it may be more expensive than one's current A/V solution, it's definitely not 15-18 times more than a different centrally-manageable enterprise solution.

The cheapo 3rd party solutions really only offer definition based protection. That's pretty standard and is just the tip top of the iceberg of enterprise end-point protection. I'm not saying any blanket statements here, perhaps simple cheapo a/v is fine for some traditional or legacy environments, they are all different. I'm also not saying everyone needs all the features of DATP. My point is that while some can get away with a simple cheapo or free A/V or definition based protection, there's a ton of need for more than that.

I really haven't seen any AV in years that offered only definition based protection, well except maybe ClamAV. Every commercial solution has included advanced heuristic/behavioral detection, and a lot more features. Yearly cost is usually what Defender ATP cost monthly - including required subscriptions.

@Ambarishrh said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

And security products straight from O365 admin portal subscriptions page:

These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

@DustinB3403 said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@marcinozga said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@DustinB3403 said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

In addition to that, I would have to enable cron on every apple workstation, which while doable, is a pain in the rear should I ever need to make any changes to the backup operation.

Centrally managing this makes way more sense rather than the ad hoc approach.

And since when has cron been disabled in macOS?

For quite some time, it's still there, but you have to enable it, grant it root access etc.

That's simply not true. You don't have to enable it. And you don't have to give it root access unless you're writing somewhere you shouldn't be in first place.

@DustinB3403 said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

In addition to that, I would have to enable cron on every apple workstation, which while doable, is a pain in the rear should I ever need to make any changes to the backup operation.

Centrally managing this makes way more sense rather than the ad hoc approach.

And since when has cron been disabled in macOS?

@DustinB3403 said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@marcinozga said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@DustinB3403 said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@marcinozga said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@DustinB3403 Install rclone on each workstation and setup cron jobs on each machine. Brew and Ansible make this trivial. Do you really need Fedora Server in this setup?

This I considered, but would involve tinkering with each workstation.

That's why I mentioned Ansible. Your tinkering is limited to workstation that runs playbooks.

That's not at all accurate, I would have to install rclone on every workstation, have custom cron jobs on every workstation and then would have to validate that every workstation sync'd.

And all that you can do with Ansible.
Install rclone? https://docs.ansible.com/ansible/latest/modules/homebrew_module.html#homebrew-module
Setup cron? https://docs.ansible.com/ansible/latest/modules/cron_module.html#cron-module

@DustinB3403 said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@marcinozga said in Using Rclone from a server to backup multiple volumes from different SSH hosts:

@DustinB3403 Install rclone on each workstation and setup cron jobs on each machine. Brew and Ansible make this trivial. Do you really need Fedora Server in this setup?

This I considered, but would involve tinkering with each workstation.

That's why I mentioned Ansible. Your tinkering is limited to workstation that runs playbooks.

@DustinB3403 Install rclone on each workstation and setup cron jobs on each machine. Brew and Ansible make this trivial. Do you really need Fedora Server in this setup?

@Dashrender said in Simple Password Compromise on MailGun:

@marcinozga said in Simple Password Compromise on MailGun:

@Dashrender said in Simple Password Compromise on MailGun:

@marcinozga said in Simple Password Compromise on MailGun:

And no, SMS or email 2FA support doesn't count as it's easily spoofed.

OK SMS I get, but email?

When someone breaks into your account, they most likely got your email credentials already. So when a service sends you 2nd factor codes to compromised email, it's pointless. 2FA principle was based on one thing that you know, and 2nd that you have. Email is not something you have, as it's accessible to anyone at any time. U2f key or phone with an app is something that only you have.

that's a pretty big assumption, that they already have your email credentials.

When you target someone that's usually first step, gain access to email account.

@Dashrender said in Simple Password Compromise on MailGun:

@marcinozga said in Simple Password Compromise on MailGun:

And no, SMS or email 2FA support doesn't count as it's easily spoofed.

OK SMS I get, but email?

When someone breaks into your account, they most likely got your email credentials already. So when a service sends you 2nd factor codes to compromised email, it's pointless. 2FA principle was based on one thing that you know, and 2nd that you have. Email is not something you have, as it's accessible to anyone at any time. U2f key or phone with an app is something that only you have.

I've seen it on tv that NYC had a big problems with them few years back. Freezing was usually the best method to kill them. You'd need dry ice snow and some way to spray that onto affected areas. Your local home improvement store might have some solutions too, bug sprays, etc.

And can't your CEO get Verizon or whoever is in the area to run fiber to his house? Judging by the size of the house it looks like he could afford that.

You need a router between ViaSat modem and switch. From your description it looks like Pepwave is a router/modem, but I'd get dedicated router, Ubiquiti has many options.

Banks are using it because that was the most popular Unix years ago, with great support and hardware from Sun Microsystems, years before Oracle acquisition, and financial software was written for it.

I don't think RHEL was even around back then, it was just Red Hat, without enterprise options.

@DustinB3403 said in SSH Access to Windows 10 Pro Workstations:

@scottalanmiller said in SSH Access to Windows 10 Pro Workstations:

On Server, no issue. SSH the same as with Linux. SSH on Windows 10 is "single user" just like anything else on Windows 10.

So then why would they have the statement about "usually to correct problems" as to me this would be a two person use. One who is using the desktop and the other administrator who is working on fixing an issue via ssh (presumably while the other user is using said system).

The same statement says to share an active session. 2 users sharing the same session, not 2 users with 2 different sessions.

Damn, I just signed up with them yesterday. I need them for some apps I have deployed on my home server, now I'm worried because I had to give them cc info.

At least they support 2FA, so I give them some credit for that. Unlike most banks. And no, SMS or email 2FA support doesn't count as it's easily spoofed.