The Recording
The Panelists
- Kevin Feasel
- Mala Mahadevan
- Mike Chrestensen
Notes: Questions and Topics
Targeting LAPSUS$
Our first topic of the night was a review of Microsoft’s write-up of the LAPSUS$ group, including how the group infiltrates organizations, what they tend to do, and how they operate. It’s a really interesting dive with some solid recommendations on how to prevent attacks like this in the future.
Replication: Push or Pull?
A while back, Mark Gordon reached out and asked about replication models, specifically whether push or pull should be the default at organizations. My quick thoughts are as follows:
Push is a good default because it lets you centralize jobs and processes (though if you have a really large number of jobs, you might need a separate job server to manage all of it). This setup works best when machines are on the same domain and the same people own and operate all of the servers.
When those conditions don’t hold, pull may be a better option. For example, if the machines are on different domains and there is no trust relationship between the domains, you can give the subscribers a SQL authenticated account and let them retrieve data. This also works well when you don’t want the publisher to have access to remote subscriber networks and when the people operating subscribers are different than the publisher server operators.