Implementing the right technology,
at the right time

Leftovers, for some, mean enjoying that good dish a second time. For others, it’s just a repeat of a bad cooking decision. No matter how you look at it, someone is either going to eat it or toss it in the trash. Regardless, the food is going to leave the refrigerator in a few days—unless you stick it in the freezer to be enjoyed in a couple of months. At least, that’s the idea. 

But what about Microsoft’s new feature called Recall? Since it takes a fresh screen capture of your screen, will it serve that data to you—or to someone else—later? 

Microsoft's new Recall feature is designed to enhance data recovery and management by allowing users to retrieve, restore, or review specific data from past activity across various applications. The feature works by capturing snapshots of data interactions, such as edits, deletions, and transfers, within supported Microsoft platforms. These snapshots are stored to create a robust history log, enabling users to recover mistakenly deleted items, audit changes, or retrieve lost content. The primary purpose of Recall is to provide an additional safety net for users, reducing the risk of accidental data loss and improving organizational transparency and compliance. 

However, this convenience comes with potential risks. The data captured by Recall often includes sensitive or confidential information, raising concerns about where this data is stored and how it is secured. Currently, the snapshots are stored in Microsoft-managed servers or a user-specified location within their organization’s network. If not properly configured, these storage locations can become vulnerable to unauthorized access, data breaches, or compliance violations. Furthermore, storing such a comprehensive data history may create a lucrative target for cyber criminals and increase the organization’s exposure to insider threats, especially if access controls and encryption are not adequately implemented. 

As a security-minded individual, the so-called "good" points of Microsoft's Recall feature seem to be outweighed by significant concerns. Two key issues that come to mind are limited storage and access to the captured data. Regarding storage, the feature's continuous screen captures every 3 to 5 seconds can quickly consume hard drive space. When the drive inevitably fills up, will it retain the data, overwrite the oldest entries, or force the transfer of new data to the cloud? 

The second concern is access to the captured data. While encryption is a crucial safeguard, my concern lies in who has access to the stored data. Regardless of retention duration, I wouldn’t want a snapshot of my banking information stored in a way that could be stolen. This adds yet another item to our checklist for protecting ourselves, introducing another layer of potential vulnerabilities. 

My recommendation is to disable the Recall feature entirely. However, users should be aware that Microsoft may automatically re-enable it during the next network update or the next time the operating system connects to Microsoft's servers. Continuous vigilance is essential to protect your data and privacy. 

When going to a local burger joint many of us think about how good that burger and fries are going to be. Having one without the other for some is like having a peanut butter sandwich without the jelly. And sometimes you may find that hot fries with garlic and rosemary herbs added takes it to another level. It’s just almost like adding Sophos MDR to Microsoft’s Defender.

Sophos MDR Complete is underpinned by Sophos XDR, has industry leading warranty, as well as incident response with no limitations and no caps. It's a winner.

However, there are many businesses that have existing 3rd party endpoint technologies and in particular leverage Microsoft technologies, with security bundled in as in E3 or E5 licenses. They don't want to change their endpoint solution, and equally may not have enough in-house expertise to effectively use Microsoft’s multi-product technology stack to detect, investigate, and respond to hundreds of security alerts every day.

This is where Sophos MDR for Microsoft Defender comes in. It consumes all the alerts of the Microsoft Defender estate; not just the endpoint, but also Defender for Cloud, Defender for Identity and several other telemetry areas. All of this is ingested into Sophos’s 24/7 Sophos MDR service, giving your business increased protection and value with existing Microsoft technologies.​

Sophos MDR for Microsoft Defender provides the most robust threat detection, hunting, and response capabilities available for Microsoft environments. 

For more information and to schedule a meeting with an expert click here. https://lnkd.in/eKWkHh6K

https://lnkd.in/ebb4zXM2

A week or so ago, I wrote about discovering that files were being removed from my computer after enabling Data Loss Prevention (DLP). The files in question included a medical document, a military document, a banking statement, and a brochure I had downloaded about firewalls. Naturally, this raised concerns about data security and prompted me to investigate what was happening.

During my troubleshooting, I discovered that the application attempting to export my files was none other than Microsoft Edge. Now, before you jump to conclusions, I’m not saying Microsoft is stealing data; it’s widely known that malicious actors often hijack legitimate applications for their purposes. Since Edge isn’t my primary browser, I’d left it largely unconfigured—something that could have contributed to the issue. For the record, I don’t have any add-ons installed on Edge, but I’ve since made some tweaks to make it marginally more secure. However, I’m fully aware that these adjustments won’t entirely stop the files from being exported.

A few days ago, I ran additional tests to see which files were being flagged by DLP rules. Interestingly, my capability statement was flagged, but a personal file that should have matched one of the rules wasn’t. Upon further investigation, I discovered a critical limitation: files smaller than 8KB don’t meet the size requirement for detection and are therefore allowed to be sent. (Pro Tip: Always verify the size thresholds in your DLP settings—it could be a weak link in your security chain.)

Concerned about the potential for sensitive files like my medical records to be shared with unauthorized parties, I returned to the DLP portal to create a more comprehensive rule. I tested the classic wildcard argument *.??? for each file type, hoping to lock things down further. My testing revealed something unsettling: file transfer attempts were triggered when I started closing applications in preparation for shutting down my computer.

To dig deeper, I used Wireshark to monitor network traffic and traced the IP addresses involved in the file transfers. To my surprise, the IPs were associated with Microsoft services. One file was sent to an Azure IP, and another was sent to an IP linked to Teams. Why these files were routed to Azure and Teams is still a mystery I’m working to unravel.

So, what can you do to protect yourself? First and foremost, enable or install DLP on your system. Many antivirus solutions include it as an added feature, especially in business or professional versions. If you’re part of an organization, your IT team should be able to configure it for you. If you don’t have an IT team or need reliable antivirus software, reach out to me at PacketEx. Let’s get you secured before a data breach becomes your reality.

Whether it’s a diner, fast-food restaurant, or fine dining establishment, items like plates, forks, spoons, glasses, salt and pepper shakers, and even napkin holders often go missing. By the time anyone notices, it’s too late—the culprits are long gone. To combat this, some restaurants switch to disposable items like paper plates, plastic utensils, salt and pepper packets, and paper cups. Others take extreme measures, such as drilling screws through plates to anchor them to tables or chaining utensils to prevent theft. If someone manages to steal a plate secured by a screw, they’ve earned it!

For an IT professional, this scenario mirrors data loss protection (DLP) on steroids. While screwing a hard drive into a desk might technically secure your data, it also renders it inaccessible without special equipment. And as for physically chaining files. Let’s not even go there. Fortunately, DLP acts as the digital chain for your data, giving you visibility into what’s leaving your network and how. Is an employee innocently sharing data with a client? Could a disgruntled worker be forwarding company information to their personal email? Or worse, is a program harvesting and transmitting data through a trusted application like Edge? With DLP, you can monitor, control, and protect your data from wandering off your network—no screws or chains required.

https://lnkd.in/ebb4zXM2

For the past couple of weeks, I’ve been investigating what triggers browsers to export files from my computer and which files are being targeted. The files range from simple text documents with no apparent value to PHA and PII data. I haven’t found any consistent pattern in the files being selected for export. Here’s what I’ve observed so far:

1. When closing files, folders, or applications, I received notifications that a file was attempting to be exported. If I blocked the attempt, the application would try again at least 2 to 3 more times, either within a few seconds or a few minutes.

2. I found repetition with the files being exported. The same set of files were selected for export 2 to 3 times. Regardless if the attempts were successful or failures a few days later another set of files were selected for export. This leads me to believe that the file type or content doesn’t matter—any file that can be copied and exported seems to be fair game. The system will try to export the numerous times making sure that it receives the latest version.

3. While downloading files from different websites, I received pop-ups asking me to allow or block the transfer of the file. Both files were publicly available documents. I denied the transfer, suspecting a DLP issue, but after repeated tests, I found the files in my download folder. However, when I tried to open the files in Edge, I received an error message stating they were corrupt. Oddly enough, the same files opened without any issues in Adobe Reader. The one thing to note is the program does not try to export every file I downloaded.

To address these concerns, I’ve tightened restrictions within my DLP settings, limiting the export of files by extensions, names, and other identifiers. Additionally, I’ve created an expression to match Social Security Numbers, which has proven effective in my initial testing. There’s still more to fine-tune, but my ultimate goal is to minimize or entirely eliminate unauthorized file exports.

If your antivirus solution doesn’t offer this type of protection, contact me. Sophos’ Intercept X Advanced includes this feature along with several others that could be highly beneficial to you.

To try it out for free to go Sophos website https://lnkd.in/eYF333Q8