Steve Hicks, the Security Practice Manager for Endsight, an MSP based in California, covers how the significant shift in threats, lead to their search for a robust security partner. Despite evaluating several vendors, none met their requirements until they discovered Blackpoint. Blackpoint stood out for its proactive approach to monitoring and responding to cloud threats, especially compromised email accounts. Hicks recalls first approaching Blackpoint during a critical incident at a conference in 2022, where their swift response and effective proof of concept impressed him. Over time, Blackpoint’s competence, agility, and exceptional support solidified their partnership, making them an indispensable asset in safeguarding both Endsight’s and their clients’ infrastructures.
Endsight was Won Over by Blackpoint’s Action-focused Approach to Cloud Security
Summary
Transcript
My name is Steve Hicks. I am the Security Practice Manager for Endsight. We’re in MSP out of California. My job is both keeping our clients safe and keeping us safe. So probably not in that order, probably more us safe than clients, but it is my job to watch everybody and recommend new products and strategies for going forward.
What challenges led you to seek a partner like Blackpoint?
In 2023, we noticed a really significant shift in attacks from the endpoint to the cloud, right. So we saw far more business e-mail compromise, far more account compromise in the Azure cloud and the Google cloud then we were seeing ransomware on the desktop. We feel like ransomware and data exfiltration from an endpoint standpoint was fairly well taken care of, but we were getting multiple calls a week for breached accounts in the Microsoft and Google clouds.
Did you try other vendors before choosing Blackpoint?
We did. We looked at probably seven or eight others, so a couple of vendors wouldn’t respond in the cloud. They had really great response at the endpoint and they did a very good job at keeping computers and servers safe, but absolutely nothing in the cloud. We had one vendor that was in the cloud, but they were watching something we didn’t care about. They weren’t watching compromised e-mail accounts. They’re watching workloads, which is not useful to us. One vendor would view the cloud and integrate with it, but wouldn’t take any action, they would just send us alerts.
What we needed for our security staffing and our client size was someone that could alert, always be watching and actually take an action proactively rather than my team having to be constantly on alert 24/7 paying attention to it. Blackpoint was the only one that met all those and company’s got a good reputation. They’re all around the internet. If people know who they are, it was a pretty safe bet. And of course I’ve seen them ride a boom, see Blackpoint Right of Boom many times.
How did your relationship with Blackpoint begin?
So the first time I approached Blackpoint was a Right of Boom 2022. The very first. And the reason I approached them is we had a client that had an active incident while I was actually at the conference, which we thought was interesting. Got a hold of the Blackpoint team and they decided they were going to do a free proof of concept for us inside this client. And within about 3 hours we had had an account created, been trained on the portal, and had all the agents deployed to this client. It was fairly impressive. We were more concerned with anything that the attackers had persistence in the network or were still on because our client was emailed a copy of their own customer database, which is a concern.
So I was talking to the Blackpoint team. I said can you help us? They said we’re not going to give you SOC access, but we’ll give you software access and we’ll evaluate it. It was wonderful. We did find something. They did help get us out and it really convinced me of their agility, speed and efficacy, which was nice.
That was two years ago and it took me 18 months to become a client. There were some other issues that I needed to be solved, which they have now solved, Blackpoint has now solved and yeah, it was pretty good.
What sets Blackpoint apart?
The Blackpoint SOC is extremely competent, which really matters to me a lot. They have missed almost nothing, in fact nothing that I know of. The only thing that I would consider to be a problem is false positives, which is acceptable and normal in this industry. The Blackpoint SOC has locked out several 365 accounts we didn’t know we’re using VPNs. They have stopped several attacks on endpoints in our infrastructure, ours and our client’s infrastructure. They have stopped several unauthorized applications in Microsoft 365. When I call them, I get someone who can communicate well. I get great support from both the support team and the SOC team, and when the SOC team calls me, they give me relevant information that helps me actively respond to whatever they haven’t already proactively responded to.