clubjuggle

Back from vacation 2 days and already she's toying with us...

At a previous employer, I fought this battle and lost. In the network group, we lacked the knowledge to fully understand what was needed for AD integration, and our server group didn't consider this a priority.

Sharing this with our InfoSec people. Great post!

As a former auditor, I think the challenge is that you can only restrict so much. Someone has to have Domain Admin rights, for example, and there's always the change they could use those powers for evil. In some cases, the best you can do is have mitigating controls in place to detect rogue activity quickly, and make sure…

My luck is that this prize is the one I would win, since I have no place to put it.

Interesting conundrum. There are advantages to cloud-based security services, in that they can detect event correlation across multiple customers, where an in-house solution can't do that. They'll also have additional visibility into emerging threats.

For us (as far as I know, I'm looking out from the NOC), the only databases we have in the cloud are for apps in the cloud. It wouldn't surprise me, however, if that changed in the not-too-distant future. At that time, I'm sure we'll be tasked with monitoring responsiveness.

I'm not the administrator for our log management system (LEM), but I work with him. I think we keep 6 months at least.

It's critical to know both your endgame as well as your plan (including timeline) for getting there. In our environment, the system we have was rolled out with promises of additional features (such as knowledge base) being turned up "later". Needless to say, "later" never came.

Thanks for the great series. It's been one of the best in a while.

You spelled clubjuggle‌ wrong again! Seriously, congratulations kurtrh‌!

I agree. I know this is a hard thing to retrofit, but it's the kind of thing that can become and audit/regulatory concern.

Great post. I can't see us needing to track the location of devices outside the network, but inside is helpful.

Speaking for myself, I prefer SLAs based on response. While there is the potential for abuse (responding quickly to the ticket and then ignoring it from there), that type of abuse usually gets uncovered pretty quickly in the user/customer satisfaction surveys.

Cool, thanks. My main interest, though, was in finding out more generally if there's a way we can check this going forward (or, if not, if that can be added to the forums). Thanks, ~Terry

Ask, and you shall receive!

It must be the LUNkey. They sound a lot like the Woot flying monkeys.

At least the first four. The fifth one is mainly an IT/security thing.

Thanks for the detailed instructions. This is extremely helpful, and I can see how the techniques described would carry over to other situations as well.

Warning: Pregnant women, the elderly, and children under 10 should avoid prolonged exposure to Happy Fun Ball. Caution: Happy Fun Ball may suddenly accelerate to dangerous speeds. Happy Fun Ball contains a liquid core, which, if exposed due to rupture, should not be touched, inhaled, or looked at. Do not use Happy Fun Ball…

I don't use enough minutes to make it worth switching to an unlimited-minute plan. Switching to a Mobile Share Value plan would increase my bill ~$20/month, mostly because of the amount of data I use. They'll pry my unlimited data plan from my cold, dead hands.

Some interesting food for thought. I've typically focused on log analysis in the past. I wouldn't be sure where to start in using NetFlow for threat detection. It seems to me that picking out the valuable part from the sea of information would be the biggest challenge.

I love this. We have the same situation.

Don't forget to install Solarwinds Sandwich Monitor to make sure the hamburgers get cooked perfectly every time.

Sounds awesome. I wish I could be there!

Agreed, this is very helpful. Bookmarking it here as well.

We're getting there. Also Bahlkris‌, great article. I can already think of a few people with whom I would like to share it.

Well played, sir.

Same here. Great list of resources.

I got a blank page after I submitted. Hope I'm not the only one?