Improving Windows Defender Update Efficacy

Today we’re going to talk about the best (and worst) methods for Windows Defender definition/intelligence updates and how to configure them. This post from SwiftOnSecurity got me thinking about the way we handle our fallback for definition/intelligence updates, and while I was originally planning on a broader coverage of things like exclusions and other policy … Continue reading “Improving Windows Defender Update Efficacy”

Assess your Active Directory before someone else does (BloodHound)

Hey all, back again with another AD assessment tool. Last week I talked about PingCastle which covers some areas that Bloodhound does and some areas that it does not, so I’d highly recommend going through that one first, and then move to Bloodhound to address escalation paths and things that may have been missed by … Continue reading “Assess your Active Directory before someone else does (BloodHound)”

Assess your Active Directory before someone else does (PingCastle)

Hey all, two of my favorite Active Directory auditing tools have been updated in the past couple of weeks – PingCastle and BloodHound! First up is PingCastle which is what I’ll cover today, and then I’ll try to cover BloodHound tomorrow. Both of these tools are used to audit AD and can give you some … Continue reading “Assess your Active Directory before someone else does (PingCastle)”

Using Shodan.io to protect your school district

A huge shout out to Eric Arline for raising awareness on this. I had heard Shodan provided free accounts to education, but I was always under the impression it was higher education only. Next thing I know, Harold Gale was nice enough to ask the following: So, let’s talk about Shodan Monitor If you aren’t … Continue reading “Using Shodan.io to protect your school district”

Using transport rules as a security tool (Part 3)

This is Part 3 of our series on using transport rules as a security tool. Each article will be linked in the table below as they are published: Part 1 – Setting up the mailboxPart 2 – It’s all about those transport rulesPart 3 – Reducing the haystack (you are here)Part 4 – Alerting and … Continue reading “Using transport rules as a security tool (Part 3)”

Using transport rules as a security tool (Part 2)

This is Part 2 of our series on using transport rules as a security tool. Each article will be linked in the table below as they are published: Part 1 – Setting up the mailboxPart 2 – It’s all about those transport rules (you are here)Part 3 – Reducing the haystackPart 4 – Alerting and … Continue reading “Using transport rules as a security tool (Part 2)”

Using transport rules as a security tool (Part 1)

At a conference last May, I had an opportunity to facilitate a session focused around email security covering topics such as SPF/DKIM/DMARC/MTA-STS, spam/phishing filtering, message routing, archiving/holds, and more. During that session, I shared about the methodology I use to track current trends of spam and phishing attacks rather than relying on the native spam filtering in our email platforms…

It’s the fundamentals that keep you safe

With the increase in cyber attacks against school districts this year, I’ve had numerous vendors attempt to use fear to push their products as a remedy to my cyber woes. In communications with other districts, this seems to be a common thread where already cash strapped districts are being pushed to purchase more expensive, exotic … Continue reading “It’s the fundamentals that keep you safe”

How to Get a Handle on Patch Management

The start of school this year has been unlike any other in the past. The headlines have been littered with school districts who are struggling with email compromise and malware/ransomware attacks. To get a sense of the gravity of the situation, take a quick trip to Twitter and check out Doug Levin’s feed: https://twitter.com/K12CyberMap This … Continue reading “How to Get a Handle on Patch Management”

Guide to the NIST Cybersecurity Framework: A K-12 Perspective

April was recently asked to guest post her guide to the NIST Cybersecurity Framework for K-12 on Doug Levin’s fantastic K-12 Cybersecurity Resource Center. She does an amazing job of outlining and simplifying the content for those of us who don’t enjoy reading the policy equivalent of man pages 😉 You can check out her … Continue reading “Guide to the NIST Cybersecurity Framework: A K-12 Perspective”