Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

4 Windows 10 settings to prevent credential theft

4 Windows 10 settings to prevent credential theft

Review these Windows settings to make sure you're not making it easy for attackers to steal login credentials.

How attackers exploit Windows Active Directory and Group Policy

How attackers exploit Windows Active Directory and Group Policy

Attackers have learned to use Active Directory and Group Policy to find weaknesses in Windows networks and identify targets. Here's what you can do to prevent that.

How to use Windows Defender Attack Surface Reduction rules

How to use Windows Defender Attack Surface Reduction rules

With Microsoft's Attack Surface Reduction, you can set rules to block risky actions for each workstation on your network.

7 dumb ways to be a ransomware victim, and how to avoid them

7 dumb ways to be a ransomware victim, and how to avoid them

Don't make it easy for ransomware attackers. Review your Windows network for these weaknesses now. You might be surprised by what you find.

How to take better control of applications running on your network

How to take better control of applications running on your network

Unneeded or forgotten software on your Windows network could be a gateway for attackers into your system. Follow this advice to identify and restrict problem programs.

How network segmentation mitigates unauthorized access risk

How network segmentation mitigates unauthorized access risk

Two recent Microsoft vulnerabilities underscore the importance of segmenting your Windows network.

Best new Windows 10 security features: Biometric authentication, Edge browser
Updated

Best new Windows 10 security features: Biometric authentication, Edge browser

Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 20H2 feature release.

Windows 10 security: Are you on the right version?

Windows 10 security: Are you on the right version?

If you're running an older version of Windows 10, It's time to review security enhancements that later versions offer to see if you need to update.

The 4 pillars of Windows network security

The 4 pillars of Windows network security

Microsoft's CISO breaks down which four key areas to focus on to secure Windows networks: passwordless identity management, patch management, device control and benchmarks.

Azure Security Benchmark v2: What you need to know

Azure Security Benchmark v2: What you need to know

Here's what Microsoft's new security benchmarks include and how they can help you better understand your Azure security posture.

Preparing for Flash and Office 2010 end-of-life

Preparing for Flash and Office 2010 end-of-life

The imminent end of Microsoft's support for Adobe Flash is a good excuse to see what other end-of-life applications running on your Windows network could leave you vulnerable.

Tips to prep for digital forensics on Windows networks

Tips to prep for digital forensics on Windows networks

Know what data you need to collect and how you will collect it before a security incident occurs on your Windows network.

Microsoft's Zerologon vulnerability fix: What admins need to know

Microsoft's Zerologon vulnerability fix: What admins need to know

Microsoft patched its Netlogon Remote Protocol to prevent Zerologon exploits, but a second update is coming in February. Here's what you need to do now to prepare.

New Microsoft 365 defaults, Application Guard beta add email protections

New Microsoft 365 defaults, Application Guard beta add email protections

Microsoft has made it harder for attackers to redirect email responses or leverage malicious attachments. Here's how to review the impact these new features will have on your business.

4 top vulnerabilities ransomware attackers exploited in 2020

4 top vulnerabilities ransomware attackers exploited in 2020

As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.

How to optimize Windows event logging to better investigate attacks

How to optimize Windows event logging to better investigate attacks

The default event logging in Windows 10 won't give you enough information to properly conduct intrusion forensics. These settings and tools will help you collect the needed log data.

How to secure vulnerable printers on a Windows network

How to secure vulnerable printers on a Windows network

Attackers look for unsecured printers as a point of access. Find them before they do. Here's how.

How to do remote deployments of Windows systems securely

How to do remote deployments of Windows systems securely

Windows 10 provides a few options including Autopilot and AppLocker to securely and remotely deploy Windows devices and harden them against attack.

4 best practices for managing and tracking SSL and TLS certificates

4 best practices for managing and tracking SSL and TLS certificates

Do you know what SSL protocols you expose to your users? Are your settings optimized for security? Have you properly deprecated older TLS certs? Here's what you need to know.

8 steps to protecting login credentials

8 steps to protecting login credentials

Follow this advice to help users and network admins to better protect login credentials to corporate systems.

Load More