Frustrated with AI-based solutions causing issues, Catsys turned to Blackpoint MDR, finding it more intelligent and hands-on than other security offerings. Alex Gardner, Catsys president and IT director, describes the complexity of environments in the medical and dental industries he serves, with legacy devices, IoT, and proprietary devices managed by outside parties. Gardner describes the various attacks the Blackpoint SOC has blocked in these environments, providing exceptional value for Catsys, who now requires all new clients to have Blackpoint as part of their security stack.
My name’s Alex Gardner. I’m the IT director and one of the owners of Catsys.
What led you to Blackpoint?
We were actually at a conference, and we were speaking to Datto about looking for a SOC, looking for a monitoring company. We didn’t even know exactly what we were looking for.
We had looked at other products that were based on AI, and had a response time of possibly four hours, and would do all this auto isolation. And we were seeing problems where the AI would see some of our third-party software as an attacker when doing updates. The AI would isolate a server and then bring the client down. So we were looking for something to be a little more intelligent, a little more hands-on, a little more human.
Datto brought us to Blackpoint’s booth, and we started discussions. We did a test within our own network for about six months, and it was phenomenal. We did some testing, and we threw some fake viruses in there to kind of trick things up. Blackpoint caught it immediately.
They actually stopped a cyber attack on our main support email, which was already blocking things outside of North America. But an AWS server had gotten hacked in Toronto, so the attack was coming from a Canadian IP, and it was attacking our support account, which is linked to all of our ticketing systems and everything. And Blackpoint caught it within a few minutes and locked it down and notified us.
So with that, we started deploying Blackpoint through our clients. They have stopped approximately six cyber attacks on different levels in the last eight months.
In our industry—we do a lot of dental and medical—there’s a lot of IoT, there are devices that we don’t manage or have access to, there are devices that have been there for eight years that have never had a firmware update, running Linux in the background. People bring in devices that are mixed in with—although now we’re starting to separate them—mixed with security camera systems that are not in any way maintained or updated.
So Blackpoint has stopped a lot of attacks that have come through these devices. For example, we had a compromised camera that no one knew even existed, that was part of a phone system. We had an intrusion through a firewall that was not managed by us but by a telecom company, and Blackpoint caught them, as they had gotten into the server. Blackpoint isolated immediately, then did a threat hunt and help us track down where the attack came from, so we could contact that company to close that vulnerability on the firewall.
And there’s a few other examples like that, where Blackpoint has woken us up at two o’clock in the morning.
After we deployed Blackpoint, we did a huge deployment of almost seven hundred endpoints in a period of a couple weeks. We found malware bombs that were just waiting, that had built profiles in the back end, that were doing calls to Russian servers, running scripts that antiviruses don’t pick up, that our systems didn’t pick up.
So we prevented a bunch of other attacks there that may not have gone somewhere, but they could have. So it’s been an unbelievable value to our cybersecurity stack. Actually going forward, any new client coming in with CatSys is required to have that as part of the stack, or we don’t take them as a client.