Notes from the IR front lines — if you have on-prem Exchange, assume compromise. Also start a plan to migrate to Microsoft 365… yesterday.

Apr 20, 2022 · 12:20 AM UTC

22
72
8
435
Replying to @hal_pomeranz
Not directly related to Exchange, but I have a colleague who swears up and down that his company (a small business) can better secure an on-prem CRM than a company like @HubSpot. It's terrifying how deluded these people are.
Replying to @hal_pomeranz
But that's just someone else's puter. 😂
Replying to @hal_pomeranz
It's been like a whole year of this...
Replying to @hal_pomeranz
I can't emphasize that! We used to have a hybrid architecture! and in one month I found 3 web shells!
Replying to @hal_pomeranz
Plus, no one ever got promoted for an Exchange Server upgrade. It is thankless, time consuming, and low value work.
1
4
Replying to @hal_pomeranz
Or - hear me out - move to something that isn't made by a company that cares more about forcing you to do whatever makes the most money for them, with the most lock-in. Giving all our data to wanna-be monopolies is neither good nor desirable.
8
Replying to @hal_pomeranz
Also from the IR front lines: if you have Microsoft 365, assume compromise. Having something on-prem is not a guarantee for compromise, and having something outsourced/cloud-hosted is not a guarantee for being secure.
6
Replying to @hal_pomeranz
How do we make sure that o365 isn't compromised since it's based on exchange. At least we have that chance on on-premise