How Solvere One Closed the BEC Gap that Email Security and MDR Leave Open

The Challenge

Solvere One found itself playing defense against BECs slipping past even the best email security tools. 

Reagan Roney, CEO of Solvere One, had seen enough compromises in recent months to know that email security only protects a client so much. With M365 identity attacks becoming more effective in recent years, Reagan frames it as a “when, not if." 

But it’s what happens once an attacker gains access to an account that worries Reagan the most. The attacker inherits that person's relationships and credibility. Every contact who receives an email from that account has no reason to be suspicious, and no tool in the stack to protect them. 

"One of my biggest concerns with email has not necessarily been all the things that our gateways are already stopping. What has freaked me out and kept me up at night is that if someone has a compromised account — a known user that I have a relationship with — their account gets compromised, and that person sends me an email with a compromised account. There's nothing my email gateway is going to do to stop it."

Reagan describes it as having the front door covered, the windows covered, and no answer for the guy coming through the basement. He had invested in training, email security, and awareness programs, but nothing closed the gap.

Petra On Top of MDR & Email Security 

Petra surfaced hidden compromises immediately, proving its value in the stack on top of email security and MDR tools.

Solvere One deployed Petra quickly across their clients. Shortly thereafter, Petra surfaced 8 uncaught compromises across six of Solvere One's clients. In one case, the attacker had been lurking in a user's inbox for over three months and had accessed nearly 600 emails. In two other cases, the attackers still had access to the users’ credentials.

Within 24 hours of deployment at one client, Petra caught an active compromise of a C-suite executive, which made for a very easy sell for Reagan’s team.

"Thank goodness we put this on. We put it on 24 hours ago, or else I would not have seen this. They were able to go to the CEO and say, look at what this tool did. They all were just so excited about, okay, we got to pay. Tell Reagan to do whatever we got to do." - Reagan Roney, CEO, Solvere One

In another live compromise, Petra detected and remediated the attack two hours before Sophos MDR sent its alert about the same event. For Reagan, the story to his client was easy: everyone needs Petra, even if they already have MDR and email security.

"Petra caught it. We quickly reset the accounts and reached out to the user, and everything was fine and dandy. We found the email they had clicked on. Then all of a sudden, Sophos MDR sent an email saying, hey, there could have been a potential compromise. I was like, dude, we already stopped it." - Reagan Roney, CEO, Solvere One

An Easy Rollout

Getting clients on Petra was an easy sell for Solvere One thanks to Petra’s clear forensic summaries.

Part of what made Solvere One’s rollout of Petra so frictionless across their client base is what they can now put in front of a client: Petra’s automated reporting shows the exact email, the sender, the subject line, and the URL the user clicked. The Solvere One team can give clients a complete picture of the attack delivered within seconds of containment.

Before Petra, investigating a compromise meant hours of manual forensic work, and even then Reagan could rarely tell a client with certainty what had happened. 

"Before, I could never commit to them saying this is it. But with Petra, I can actually say: this is the link, this was the subject. Boom, boom, boom. And they just go — holy cow, please send over the proposal, please send over the proposal." - Reagan Roney, CEO, Solvere One

Reagan is also very upfront with his clients about the mounting and imminent BEC security risk, and the tooling gap that exists without Petra. 

"Anybody who delays this is foolish. It's seriously like saying, hey, I know this guy's gonna break in my house because he's going to, but you know what, I'm gonna let him. He could rob me blind, but I don't have time to lock the basement." — Reagan Roney, CEO, Solvere One.

Petra As The New Standard

Now, Solvere One bundles Petra into every new contract as a non-optional line item.

"Going forward, in all of our new contracts, it's just gonna be a part of our user price. It's not even gonna be optional. They're just gonna have to have this." - Reagan Roney, CEO, Solvere One

–

About Solvere One

Solvere One is a top-tier MSP in the DC Metro area, with a deep focus on compliance and security services for government, defense, and the businesses that support them. To get best-in-class M365 identity protection through a world-class MSP, visit https://www.solvereone.com/.