Wins of the Week and Upcoming Events
Jim shared a positive update about a new partner from New York who was impressed with the SaaS Alerts' onboarding process. Ben discussed the recent token theft issue in Arizona, which his team has been actively addressing. Amy announced an upcoming event with Channel Program, where Ryan Riccardi will be a speaker.
CIS Framework Update and Rule Template Alignment
Amanda provided an update that the CIS framework has been updated to version 8, which is going through the development cycle before being published to production shortly. Steven raised a concern about aligning rule templates with the new framework, particularly for new detections. Chip agreed but noted it would require development time.
Unify Device Categorization and Management Discussion
Adam discussed the categorization of devices based on their management status and security level. He explained that devices are initially categorized as 'unknown' if they don't match any device in the RMM. However, if a device is found in the RMM with a 50% or greater level of certainty, it is classified as a 'managed known' device. Adam also mentioned that a device can be 'unmapped', meaning it is found in the RMM but not associated with an account or set of accounts. He emphasized that these classifications should not automatically trigger blocking actions, but rather be used as information to enhance existing response rules.
Unify Device Mapping and Automation Discussion
Adam discussed the process of identifying and mapping devices in their system. He explained that a device is considered unmapped if it is found but not associated with anyone, and this is indicated by a question mark icon. He also mentioned that an automation tool can be used to automatically map devices with a confidence level above 65%. Andy asked if they could create tickets for unmapped devices, to which Adam confirmed they could, but suggested it might be too much work for large numbers of devices. Andy also asked about the possibility of implementing this as a policy, to which Adam responded affirmatively. Adam also demonstrated how to manually map a device and how to use the automation tool to map multiple devices at once.
Addressing Event Analysis and Unmapped Devices in Unify
Adam discussed a common issue with the event analysis in their system, where a near 100% match to a device for an event was observed, but the device in Unify was unmapped with far less than a hundred percent. He suggested that a support ticket should be logged for specific situations. He explained that the comparison algorithm used is the same, but the amount of history differs on each side. Adam also clarified that the confidence level is calculated differently, taking into account millions of events over the last 30 days. Billy, a relatively new customer, confirmed that they were experiencing a large number of unmapped machines, despite the analysis showing near a hundred percent match.
Unify System Issues and Compliance Policy Discussion
Adam and Steven discussed a potential issue with their system, specifically regarding the handling of unmapped devices.They also discussed the possibility of implementing a policy to restrict work to only personal computers assigned to employees. Steven mentioned a plan to set up an SMS account for non-compliance notifications.
Unify Device Mapping and Security in Shared Devices
Adam discussed the process of associating multiple accounts with a single device, particularly in shared devices like RDS boxes or conference room computers. He highlighted the importance of mapping users to devices for security reasons, especially for high-risk accounts like the CFO or the Dev team. Chip countered Adam's suggestion of simplifying the mapping process, arguing for a balance between security and availability. He praised the machine learning fuzzy logic algorithm developed by Adam's team, which allows partners to select their desired confidence interval for mapping. Chip emphasized the need for careful configuration to minimize the risk of a compromise, while also considering operational efficiency. T
Unify Device Management and UI Improvements
Kshitij expressed concerns about the current system's complexity and suggested a simpler approach where a device could be tagged as a shared device, allowing any user to access it. Adam clarified that 'unmapped' devices are known devices but not specifically assigned to users, and suggested a UI change to make this clearer. Chip proposed an enhancement request to allow automatic association of devices with tenants, but Adam pointed out that this might not provide additional benefits over the current 'unmapped' status. Andy suggested the introduction of authorized and confidential device/user attributes to improve clarity, but Adam was unsure about the feasibility of this. The team agreed to further discuss these ideas and consider potential UI improvements.
Негізгі бет Saa$y MSP Community Call | 09.19.24
Пікірлер