SaaS-based MDR vendor Blackpoint Cyber has released a new cloud managed detection and response for single sign-on offering to further protect attack surfaces that no longer just sit at the endpoint.
The offering expands cloud security with identity response for Microsoft Azure Active Directory and amplifies the security of Microsoft environments in light of the surge in identity-based attacks where hackers exploit login credentials from compromised services or phishing campaigns.
“[In the fourth quarter] of last year, tech services moved a lot to the cloud,” Xavier Salinas, CTO at Ellicot City, Md.-based Blackpoint Cyber, told CRN. “That’s where everyone’s getting hammered. Email breaches happen. It’s where people are getting access to files, and all this stuff is not endpoint-based.”
Historically, he said, cybersecurity has been focused on the endpoint, “but it’s no longer like that.”
“It’s great to have one sign-on for everything,” Salinas said, “but it’s one sign-on for everything.”
Emails have huge attack surfaces, he said, and Blackpoint Cyber is catching about 100 attacks a week.
“Following that is what’s the next huge attack surface that’s hard to protect? Your single sign-on,” he said. And that’s what advanced threat groups have been using lately, according to Salinas.
“They use it to get into casinos, gaming companies … they’re phoning in to support pretending to be an employee and getting access to the single sign-on and then using that as a pivot point to get to the servers and the machines and everything.”
Identity response for Azure AD provides MSPs with further visibility into vulnerabilities, increased knowledge of potential data exposure and added context for audit procedures and damage assessments.
Michael Pfaff, director of operations at Richmond, Va.-based MSP NDSE, said Blackpoint Cyber excels at providing a critical cybersecurity offering.
“With ongoing updates like the cloud response for Google Workspace and the recent identity response for Azure, visibility into potential threats and overall protection has been amplified, providing our customers with added peace of mind,” he told CRN. “Blackpoint is undeniably a top-tier option for those dedicated to securing their infrastructure.”
Salinas said threat actors typically want to grab logs, “and I have trouble in figuring out what the algorithm is or what’s the magic sauce.”
“There’s so much ambiguity out there. When is it going to actually detect single sign-on suspicion or not? I don’t even think Microsoft knows what actually happens or what goes into that type of detection. You cannot rely strictly on the provider, they’re not security companies. They’re secure but they’re not that secure. The magic sauce just isn’t good enough,” he said.
“It would terrify me if someone got my single sign-on login, so it should terrify everybody else,” he added.