So, @tinker expressed dismay at something that I see a -lot- of: small business IT people choosing to log directly into their domain controller to do administrative things, including managing their SIEM - which is sometimes hosted as a VM running on a machine where the DC is the bare metal OS.
The reasons for this are a little bit complex in how they interlock, but here's how it boils down:
@munin @tinker Any thoughts to getting small business insurance, banks, etc., to take role in this? Those are forces which can role unanticipated costs into anticipated (and visible) costs, and press for best practices.
Great war story and methds. Plays into a lot of what I'm thinking about #GreshamsLaw, #UnanticipatedConsequences, #HygieneFactors, and #DelayedInformation realisation.
The tools that insurance and banks generally bring to bear on this are compliance audits - which drive SIEM sales, sure, but don't really help the underlying issues here.
The ultimate problem here is that the prime mover in the market - Microsoft - is very difficult for people to set up without specific training and experience; it is expensive to get that training and experience...
@tinker @dredmorbius ... and it's expensive and confusing to remain compliant with their licensing regime.
So long as this continues to be the case, all the compliance audits in the world will do little to nothing to improve the situation.
Munin, Keeper of Lore
Doc Edward Morbius ❌