.avif)
How IntrusionOps Landed 3 Enterprise Deals With Petra
About IntrusionOps
IntrustionOps is an MSSP based in the Northeast. IntrustionOps prides themselves on finding and implementing the right stack for each client — focusing on exactly what a business needs to grow and innovate.
IntrusionOps provides Managed Detection and Response (MDR), Digital Forensics and Incident Response (DFIR), Red Team, and general security services to companies of all sizes.
Petra is MSP-only. To get best-in-class cyber services (including Petra) from a world-class MSP with excellent support, visit https://intrusionops.com/ or email hi@intrusionops.com.
Pre-Petra
Jeremy and his team at IntrusionOps are masters in the Microsoft ecosystem, and they’re no strangers to account compromises.
“We’ve seen account compromises go through the roof in the last few years. It used to be that ransomware occupied our time, but these days, we see BECs outnumber them almost 10 to 1.”
“Especially with MFA bypass and Token Theft, we’ll regularly see larger companies come to us with many account compromises per month.”
Jeremy and his team had been using P2 Risky Sign-in Alerts to solve the problem. Jeremy talks about how those helped with the problem, but relying just on those signals created a new problem: noise.
“Anyone that has a decent sized environment and uses P2 Risky Sign-ins is simply inundated. very high false positive rate. It’s a time sink and doesn’t leave you with much confidence.”
As an example, in one client with ~2,000 end-users, over a 6-month period, IntrusionOps saw 264 high risk events, 1,234 medium risk events, and 10,866 low risk events.
“It was a mountain of noise for us. At best, people enable a Conditional Access Policy to block high risk logins or users, but in practice, it usually becomes a full time job for someone at an MSSP––just chasing down all the P2 stuff.”
Even with those hours poured into setting up the right Conditional Access Policy, modifying it when folks are traveling, and still dealing with a deluge of alerts, Jeremy ultimately found that relying just on P2 Risky Sign-ins wasn’t working, there were still account compromises that weren’t contained quickly enough.
“Even with all that, we found out the hard way with P2 Risky Sign-Ins that sifting through the real signal often took several hours until the compromise was remediated.“, Jeremy says.
“Needless to say we were on the hunt for something to supplement that”.
Petra-Enabled Deal #1: 2,000-user Enterprise
“We take a lot of pride in [the services and expertise] we provide at IntrusionOps”, says Jeremy. “Our clients know that we’re going to give them exactly what they need, with minimal work on their part, and that it’s going to help them get where they want to go.”
“We focus a lot on helping companies with the right MDR, but also with DFIR and Red Teaming that uncovers which threats really matter.”
“I’ll be honest, when we first encountered Petra, we knew right away that it could potentially be a huge help to our clients, but we’d already sold the outcome of MDR using Microsoft’s stack, so we knew it’d be a financial lift and wanted to test it out first.”
“And then the perfect enterprise opportunity fell into our laps––well, maybe not exactly that unique, I mean all kinds of enterprises these days get pummeled by account compromises––but it was really the ideal serious test enterprise [for Petra]“.
“This client was especially hard to manage because they’re a franchise model – they have locations all around the country, their employees travel very frequently, so restrictive location-based conditional access just doesn’t work. It was too disruptive to the whole organization”.
IntrusionOps included Petra as part of an ‘MDR lite’ offering (EDR + Petra, managed by IntrusionOps) because it was the core of what that 2,000-person enterprise needed, and it would help IntrusionOps get their foot in the door to help that enterprise in other ways.
The enterprise client already had an advanced security stack (email security, SIEM, EDR) and thought they were basically covered, but knew they had a gap on account compromise––they just didn’t know how wide that gap was.
“In the first month, Petra caught so many attacks that we were able to have several follow-on conversations with people in the C-suite. Those caught attacks led to us getting approval for a proper identity security program, which included other services that really leveraged our expertise in hardening.”
Since onboarding ~6 months ago, IntrustionOps has leveraged Petra to stop 18 account compromises in that enterprise, with 0 false alarms and an MTTR of 3.8 mins.
“No question about it, Petra was the wedge that helped us showcase our excellent cyber services and convince [that enterprise] that they needed a proper security package. Plenty of MDR services rhyme, they’re basically the same, but Petra helped us do something totally different.”
Petra-Enabled Deal #2: Public Healthcare Company
It wasn’t long before Jeremy and his team found another enterprise opportunity that they could win with great ITDR from Petra, this time a public company in the healthcare sector.
This client came inbound to Jeremy and his team looking for M365 detection; specifically a tool that could stop account compromises that had been missed by other ITDRs and process activity from SharePoint and Exchange.
To win the client, J2 did an “Autopsy” — a retrospective analysis supported by Petra where he could go back 6 months and see exactly how (1) how long the attacker was in the account, (2) exactly which emails/files the attacker accessed, and (3) anything the attacker modified/left behind.
Given that the client operates in a regulated industry, it was especially helpful to see (and to show how that damage could be prevented in the future).
“The client was absolutely blown away. Again, it was the wedge––it helped showcase not only how important M365 protection is, but how we could pair that protection with best-in-class services from IntrusionOps to properly harden their environment and proactively stop these attacks in the future.”
Petra-Enabled Deal #3: Another Public Healthcare Company
Then, just a couple of months later, Jeremy and his team found another large opportunity that they could land using Petra.
The opportunity in this case came inbound to Jeremy and his team at IntrusionOps. They had experienced several Business Email Compromise incidents (BECs) in the past year, and wanted service that could stop those attacks in their tracks.
After those BECs, the enterprise client had switched to using a large MDR provider, but encountered a handful of compromises that they felt were improperly handled, including one that was caught 25 mins late.
And, the client noted that for SEC obligations, they needed a clear step-by-step reconstruction of the BEC incident. Their current MDR said they could provide it, but failed to show one when pressed.
“So, we did an Autopsy, we pulled out the forensics”, says Jeremy.
“When I showed them the results… let’s just say they were visibly shocked [laughs]“.
The Autopsy revealed that actually, the account compromise had been caught 21 days late, and the attacker had accessed a large number of attachments and emails, some with sensitive data.
“21 days late, when they thought it had just been 25 mins. Obviously that’ll pretty quickly help us replace or add onto their previous MDR.”
“It really showcased, as usual, how we at IntrusionOps could come in and immediately provide value for their team.”
“We know our services at IntrustonOps are the best, that we’re going to help a client fix really big gaps in their stack and get the security outcome they’re looking for. Petra helped us do that and immediately show the client why we ought to be their trusted partner––for MDR, for DFIR, for other services, for everything.”
When asked to sum up his experience partnering with Petra, Jeremy says:
“I think I’ve said it before but I stand by this. Petra is one of the only solutions I’ve ever seen that reduces work and improves accuracy.”
—
IntrustionOps is an MSSP based in the Northeast. IntrustionOps prides themselves on finding and implementing the right stack for each client, focusing on exactly what a business needs to grow and innovate.
IntrusionOps provides Managed Detection and Response (MDR), Digital Forensics and Incident Response (DFIR), Red Team, and general security services to companies of all sizes.
Petra is MSP-only. To get best-in-class cyber services (including Petra) from a world-class MSSP with excellent support, visit https://intrusionops.com/ or email hi@intrusionops.com.
The secret weapon of high-growth MSPs
“I have to tell you! You have an amazing product––better than any other ITDR products out in the market.”
"My customers are really impressed at the speed and the visibility of the incident, and the reports are crystal clear. Thank you Petra!"
“Petra's advanced machine learning has helped us stop multiple attacks with no false positives. We believe this will make a substantial reduction in the workload of our SOC team and reduce noise and alert fatigue.”
“We've really enjoyed working with Petra, it's helped us open doors with larger enterprises and showcase how our team can deliver value beyond what their current providers offer.”
“Petra detected and quarantined within 2 minutes. What else can I say? Petra made us look like heroes. Thanks for building an amazing product.”
