Susan Bradley

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for Askwoody.com, is a moderator on the PatchManagement.org listserve, and writes a column of Windows security tips for CSOonline.com. In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at https://www.askwoody.com/tag/patch-lady-posts/ and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

The Latest from Susan

Feature

4 top vulnerabilities ransomware attackers exploited in 2020

As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.

How-To

How to optimize Windows event logging to better investigate attacks

The default event logging in Windows 10 won't give you enough information to properly conduct intrusion forensics. These settings and tools will help you collect the needed log data.

How-To

How to secure vulnerable printers on a Windows network

Attackers look for unsecured printers as a point of access. Find them before they do. Here's how.

How-To

How to do remote deployments of Windows systems securely

Windows 10 provides a few options including Autopilot and AppLocker to securely and remotely deploy Windows devices and harden them against attack.

Feature

4 best practices for managing and tracking SSL and TLS certificates

Do you know what SSL protocols you expose to your users? Are your settings optimized for security? Have you properly deprecated older TLS certs? Here's what you need to know.

Feature

8 steps to protecting login credentials

Follow this advice to help users and network admins to better protect login credentials to corporate systems.

Feature

Latest Microsoft Windows security update options explained

New features might require you to change current update policies, especially if you're supporting more remote workers.

How-To

Optimizing VPNs for security: 5 key tasks

As the need to support remote workers becomes long-term, it's wise to check your VPN configuration to minimize vulnerabilities.

How-To

Protect your Windows network from excessive administrator rights

Every developer or user on your network with administrative privileges adds risk of account compromise. Review privileges and take these steps to better manage Windows network access rights.

How-To

How to protect Windows networks from ransomware attacks

Even large companies like Honda can fall victim to a targeted ransomware attack. Take these steps to harden your Windows network against them.

Feature

5 tips to protect legacy applications on Windows networks

You're probably running legacy applications somewhere, and attackers see them as vulnerable targets. This advice will harden legacy apps against threats.

How-To

How to optimize Windows Firewall security

If you're ignoring or have disabled Windows Firewall, you might be missing out on some good, basic protections that are easy to set up and maintain.

Feature

The most important Windows 10 security event log IDs to monitor

Regular reviewing of these Windows event logs alone or in combination might be your best chance to identify malicious activity early.

Feature

Microsoft 365 Apps update changes: What security admins need to know

Microsoft has renamed its Office 365 update channels and added options. You might have to make changes in your configuration and deployment tools.

Feature

Skipped patch from 2012 makes old Microsoft Office systems a favored target

Some organizations have still not implemented an Office patch from 2012. Attackers know this and are exploiting the vulnerability.

How-To

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft's Sysmon and Azure Sentinel are easy and inexpensive ways to log events on your network. Here's how to get started with them.

How-To

How to protect Office 365 from coronavirus-themed threats

Microsoft's new Office 365 security defaults and OAuth 2.0 support will help meet new US government recommendations to thwart COVID-related attacks, Make sure they are properly implemented.

Feature

9 tips to detect and prevent web shell attacks on Windows networks

Attackers often use web shells to mimic legitimate files and compromise web servers. These best practices will lower your risk.

How-To

4 tips for protecting users from COVID-19-targeted attacks

Remote users in particular are vulnerable to coronavirus-themed phishing attempts, malicious domains, and repurposed malware. Protect them with these basic steps.

How-To

How to minimize the risks of split tunnel VPNs

Split tunnel virtual private networks have some advantages for supporting remote workers connecting to a Windows network, but they come with risks. Here's how to best protect your network.

Popular Resources

Video/Webcast
Sponsored

Strategies to Unleash the Power of Your Data
eBook
Sponsored

5 Must-Haves to Look For in a Best-in-Class IoT Security Solution
eBook
Sponsored

API Strategy Guide for Strengthening Your Security with Mimecast
White Paper

Cloud Different?: The Promise of the Multi-Cloud Era
White Paper

Definitive Guide to Google Chrome for the Apple Enterprise Fleet?

See All