Just a couple of quick questions first for the team, 2nd for members.
Like many others in the world with ON PREM exchange servers, it has been a busy few days both patching and checking servers after MS announced there was a major issue that needed action quickly, fielding calls from concerned clients after media started publishing headline stories and so forth.
Q. IF we had SOCaaP setup and running on an unpatched or out of date 2016 Exchange server, what would have been the outcome for this particular incident?
Would it have blocked the actions that others have seen on the servers like apsx scripts dropped and run, files zipped, AD perhaps compromised?
Would the team have seen it in “real time” as probed or compromised and would we have been notified or an alert sent?
Very interested in how the SOCaaP system has performed over the last few weeks or so.
Also looking for feedback from members who have been dealing with perhaps Exchange servers that did get hit, or those who are aware of others that required investigation etc.
What notifications did you have in place, if any, and did anyone have AEP or SOCaaP in place.
Perhaps these are very open-ended questions, and members may only want to answer brief forum responses in general terms but via private message in detail if they want.
I’m getting the same type of queries from clients along the lines of "how well are we protected, and what can we do better or differently going forward?
We are in AU.