

Susan Bradley
Contributing Writer
Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.


Microsoft changes default settings to improve network security
Here's what IT and security admins for Microsoft networks need to know about recent changes to Office and Windows.

What's new in Microsoft's Sentinel cloud SIEM
Microsoft is previewing new Sentinel features that will make it easier for security admins to manage and analyze event logs.

3 authentication-level protections for remote users and devices
Egress filtering, conditional access rules, and free tools from governments can help identify suspicious activity and protect credentials.

Managing security in hybrid Windows 11 and Windows 10 environments
The transition to Windows 11 from Windows 10 gives organizations the opportunity to review and optimize security tools, settings and policies.

How to defend Windows networks against destructive cyberattacks
Defending against attacks intended to destroy systems rather than steal or extort requires a different approach, as Russia's cyberattacks against Ukraine demonstrate.

Microsoft's Pluton security processor tackles hardware, firmware vulnerabilities
Pluton-equipped Windows 11 computers are now available, but the decision to purchase them depends on your threat model.

A 2022 checklist for protecting Microsoft 365 users and data
You have native options to better secure Microsoft 365. Use them effectively and you might save time and money spent on other solutions.

Active Directory security updates: What you need to know
These Active Directory updates address critical privilege bypass and elevation vulnerabilities. Implement them now if you can.

Lessons learned from 2021 network security events
Rather than predict what 2022 will bring, let's manage the future by implementing the lessons learned from this year's biggest security threats.

Log4j mitigation advice for Microsoft security and IT admins
The Log4j vulnerability affects many applications running on Microsoft networks. Use this advice to determine whether your network has been exploited and to mitigate the issue.

Your Microsoft network is only as secure as your oldest server
It's time to inventory your network to identify systems to replace or migrate away from.

Microsoft announces new security, privacy features at Ignite
Microsoft has consolidated some security tools under the Defender brand and added security and privacy features and products. Here's a look at what's new.

How to prevent sideloading attacks in Windows and Office 365
A few settings in Windows or Office 365 can help stop users from installing malicious apps on their devices.

Why small businesses should consider Microsoft Defender for Business
Defender for Business brings EDR and threat monitoring features found in more expensive Windows licenses to smaller organizations.

How to spot and block cryptominers on your network
Cryptominer malware is stealthy and drags down network and device performance. Some simple tasks and basic tools can minimize its impact.

How to configure Microsoft Defender for cloud-based attacks
Malware delivered through cloud services such as OneDrive or SharePoint will try to disable and evade Defender. These simple settings will help prevent that.

5 steps to security incident response planning
Most firms will experience a breach or vulnerability that exposes sensitive data. Minimizing impact on business and reputation depends on having a strong response plan before an incident happens.

New Windows browser security options and guidance: What you need to know
Microsoft has added new Edge update options and enhanced browser security modes, including a beta Super Duper Secure Mode.

Time to check software and security settings for Windows network vulnerabilities
October is Cybersecurity Awareness Month, and that's a good excuse to review what's running on your network to identify security risks.