Announcement

Collapse
No announcement yet.

Everything you've done here is wrong

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Everything you've done here is wrong

    This involves yet another of those ahem consulting firms. They have a history of doing absolutely nothing themselves. Whenever they need anything done, even just a new policy for their WAF, they won't do it themselves and whine and complain until someone gets on a remote session to do it for them.

    Surprisingly in this case, they apparently at least tried, this time. They just didn't try very hard, and did it all wrong. Unfortunately there's also an element of Cursing out Coworkers here, too.

    They opened a case to complain about an attack getting past the WAF. Not my case and not even assigned to someone in my team (and in fact I'm in escalations now, so I don't work on normal cases anymore, just the ones my guys can't figure out) but WAF is kind of my thing so I ran the sample they provided just for shiggles. Sure enough, no alerts from my various lab boxes. I'm not sure why we didn't have anything pre-made to handle it (we have multiple methods of delivering updates and additions to "factory present" policies) but the attack is fairly obvious with little variation and should be easy to create policy for, so it shouldn't be a big deal.

    Naturally, this is a bridge too far for the professional ticket-openers. I had a look at the email thread and there's no mention of them actually creating any policy (even though they had, albeit wrongly), just whining that the WAF didn't catch it.

    And this is where the Coworker Cursing comes in: as far as I can tell no one even tried until ~10 hours after the case was opened. Worse yet, the engineer didn't catch the customer's glaring mistakes in creating the policy but instead escalated it. I'm not sure entirely what was going on, but people really screwed up on our end. And apparently a policy had been created, I found a screenshot of it in the escalation. Another escalation engineer had taken ownership, but not yet replied. If I had noticed before he went off shift, I probably would've told him about it.

    Now that I write this out, I realize there's a lot more suck on our side than theirs. Yes, the customer is incompetent, they have a history of being incompetent and whiny, and they did everything wrong (despite having been shown multiple times what to do). And true, they didn't even mention having tried anything, but they also weren't getting anything useful back from us for a long time.

    I ended up taking ownership on the escalation, and sending emails both to the customer and the support guy to explain what was wrong and how to fix it, as well as links to documentation (because if there's anything I've learned, these guys love documentation. Now if only they'd read it ).

    I intend to make an example of this case for my support team, to make sure they don't make the same mistakes. Showed it to a couple of them already and they picked up on it easily. Guess my influence is having an effect. Hopefully seeing my corrections will also help the other team that missed things in the first place.
    Supporting the idiots charged with protecting your personal information.
Working...
X