Unwanted Access - Initial Feedback
M
Matthew Buehlmann
Hi All,
I was exploring the new Unwanted Access page Huntress just announced and am really excited about this new functionality. I wanted to quickly share some feedback in this area, specifically the Rules we can create.
1) Deny-By-Default, Allow By Exception
- Rather than having to go through each country outside the US and mark them as "Unexpected" I would prefer to have an option to Deny all countries not marked as "Expected". Essentially a Whitelisting approach instead of a Blacklisting approach.
- I think this approach would fit nicely in the VPN blocks as well
2) Unexpected Access - Out of State (U.S.)
- I realize this could create a lot of noise, but certain instances I would actually be interested in getting more granular than country-based US "expected" access.
M
Mark Meredith
Definitely agree with option 1 - Deny by Default.
Option 2 would be harder to implement and as Matthew stated, potentially noisy, but for some users this would be handy.
J
John Dubinsky
Great comments Matthew Brennan.
At the very least I would like to see a better way to manage the list. For example, a process to select all countries or VPNs vs having to implement one by one or country by country.
I understand this is a 1.0 product recently released. I am excited to see what improvements they can bring in the near future.
D
Damien Mallon
Agree with all these points. This is generating quite a lot of Noise for us the MSP and we would like our customers to be able to configure this at the Organisation level. We have had many requests for this.
J
Joel DeTeves
Agree on all these points
R
Ron Diel
I think if Huntress treats this feature as it does with the rest of the platform, it will be deny-by-default. I am fully onboard with that. Depending on how it's implemented, I'm not sure how I would deal with the noise created by the Out of State feature.
M
Matthew Buehlmann
Ron Diel - My hope would be that out of state would function more on explicit deny (contrary to the approach I outlined above). The majority of times we would not want this noise, but I can think of instances where it would be warranted (e.g., recovering from widespread account compromise).