Summary

3rd Element Consulting specializes in high-risk clients such as law offices and law enforcement agencies. Dawn Sizer, CEO, says Blackpoint has consistently shown value in swiftly detecting and decisively defending her clients from attack. Not only does Blackpoint protect her clients, she also values the support 3rd Element has received during these events and the personal touch in helping remediate. 3rd Element regularly evaluates partners and consistently finds Blackpoint coming out on top.

Transcript

I’m Dawn Sizer from 3rd Element Consulting and I’m the CEO here.

Why is MDR important?

MDR is important for a number of different reasons, but the biggest one is there’s no way to know what is going on inside of any client without having somebody watching. So MDR is important for that reason alone. And when you do have an issue—and you do have an issue every now and then—somebody does pick up that phone, contact you, stops the issue from happening, and then you can remediate appropriately.

What drew you to Blackpoint?

We ended up becoming a Blackpoint client in a number of ways, as with most things that you put into your stack. But at the time it was one of the only MDRs out there that was affordable, but also that was geared specifically towards MSPs.

There were a lot of other players out there in the world, but they weren’t channel-focused and they weren’t really focused on the MSP market. They were focused on enterprise, they were focused on larger clients, and we just didn’t qualify for that kind of thing. So we had met Jon, spoken with him and realized that he does business a lot of the same ways that we do, and our companies jive very well. And we added them into the stack, and it’s been kind of a match made in heaven ever since.

How do you provide Blackpoint to clients?

So we provide MDR to our clients, and when I say we provide it to our clients, we provide it to all of our clients. There is no option to opt out. If the client thinks they don’t need a watcher watching what they’re doing, that’s not a best practice. And we don’t take on people that don’t use best practices in their organizations.

How do you measure Blackpoint’s efficacy?

We measure efficacy in a number of ways. One is do we have an issue? How often do we have issues? What does that look like? There’s any number of ways, and you could throw KPIs at it all day long. But the reality of the situation is, is we’re looking at it from the standpoint of when we have an issue, how long does it take Blackpoint to pick up the phone and call us? How long was the dwell time of that particular incident and how fast can we remediate it?

And we found out that it’s been somewhere in that five to 20-minute timeframe that we’re getting that first phone call, and the remediation is usually fairly quick, just from the standpoint of when you catch something fast enough, it’s a lot easier to remediate and a lot faster to remediate.

We have been a client of Blackpoint for a long time. Do we evaluate? Absolutely, we evaluate every six months. Is anybody else standing up and doing the exact same things that Blackpoint is? No.

Has Blackpoint stopped attacks for your clients?

We all know how effective MFA can be in keeping attackers out. But there is a way to bypass MFA, and we’ve had that happen. We don’t know if it was a targeted attack or not, but we had it happen. Blackpoint called us up, said, “Hey, we’ve had this situation, we see this, we’ve locked the account down.”

We were able to contact the client. The specific user was a law office in this case, and they do a lot of injury law. And this is one of the larger cases that they were working on at the time. So we weren’t sure if it was targeted or not. So it was able to find that.

One of the other things that it was able to find, and this is one of those things where this is where the standout product is, we had a law enforcement agency, and Blackpoint called us up, said “We’re seeing lateral movement out of China on these servers.”

And we’re like, “That doesn’t seem normal.” And they’re like, “Well, the user was able to log in. They had the right things. It looks like they’re doing some updates.”

So we called the client and said, “Hey, here’s the situation that’s going on.” Obviously, we had already locked down the servers, sandboxed them, did what we needed to do.

And as it turned out, what Blackpoint found was, yes, this was a legitimate company doing a legitimate thing, but that company was not supposed to have an office in Beijing. And they did. And they certainly were not supposed to be doing updates and things that they should have been doing for a law enforcement agency, out of Beijing.

So that’s not something that the average company would have found. And I think that’s that’s a really big one. Obviously, that created some other issues on that software company’s side. But it was it was a really good, interesting experience, I think, for all of us to see.

And then the other one is, just a simple, hey, you guys found a firewall issue that we had. The firewall was configured correctly but somebody had managed to try to attack it, an actual attack was going on. Again, we that phone call, “This is what’s going on.” So we were able to prevent that as well. And that was actually another law enforcement agency. So you saved us a couple of times.

I would say the one thing that we get from Blackpoint that I don’t think that you would necessarily get anywhere else is that, one, you have the accountability, right? You guys are accountable for what you’re doing.

But also that personal touch. When you do have an issue, the last thing I want to feel like is that I’m doing this on my own, and I don’t feel that way with Blackpoint. I have somebody on the phone with me. We’re walking through the process, we’re talking it through. And you really do feel like you have a partner that’s helping you through a process that’s a little scary.

What do you look for in a partner?

So when we’re looking for a partner, we vet them in any number of ways. But one of the biggest things that we look for is a real partnership. It’s not just a transactional type of relationship. We’re looking for that, Hey, we need something. Can you provide that? They need something, Can you provide that?

So it really is a two-way street for us. It’s a true partnership. And we have found that, that that’s the way that Blackpoint works.

Date Published
Dec 27, 2023

By
Blackpoint Cyber

Want something new to listen to?

Check out Blackpoint's podcasts where you can hear expert insights and candid discussions about cybersecurity, incident response, entrepreneurship, and elite performance.

Subscribe & Tune In!