Becket & Lee Banks on ThreatHunter
Malvern
1984
Overview
Becket & Lee is a mid-sized law firm that specializes in bankruptcy servicing for various creditors, including banks, fintech groups, and auto lenders. The firm handles sensitive data from its clients and their customers and must comply with strict privacy regulations.
To manage defense and response 24×7, Becket & Lee partnered with eGroup Enabling Technologies, a leading provider of managed security services called ThreatHunter. This service leverages Microsoft products like the Defender Suite and Sentinel to deliver a comprehensive, proactive security service.
Becket & Lee’s Chief Information Security Officer, Daryl Breneman, recounted, “eGroup Enabling Technologies has really helped us move our security posture forward over the last several years that we’ve been partnering.” This story explains Becket & Lee’s needs, decisions, onboarding steps, and specific threats that have been hunted down.
Small Staff and Financial Data-Driven Modernization
CISO Breneman faced several challenges in securing the firm’s network and data. He had a small IT staff and lacked the resources to monitor and respond to security incidents 24/7. He also wanted to modernize the firm’s security environment and use a cloud-based endpoint detection and response (EDR) solution that could provide threat hunting capabilities and advanced security features.
“We were using a legacy on-prem anti-malware program and I really wanted to focus on modernizing that. I wanted to get to a point where we are using a modern EDR and have threat hunting capabilities and ASR [Attack Surface Reduction],” Daryl said.
Breneman also had the compliance requirements of his clients in mind, as they often audit the firm’s security practices with exact standards about data protection. He needed a security solution that could demonstrate the firm’s commitment and provide visibility and reporting on security incidents.
Microsoft Security Stack + eGroup Enabling Technologies Is A “No-Brainer”
“We already were E5 license owners. So, from a cost perspective, why add extra money into it? Why add extra complexity into our environment by bringing in something else that we have to integrate? Let's stay with the Microsoft suite. Let's stay with our partner. And it honestly became a no-brainer."
Becket & Lee evaluated other security products, such as CrowdStrike and Sophos, but chose Defender because it was comparable to the leading products in the market, and it was already included in the firm’s Microsoft 365 E5 licenses. Breneman also liked the integration and simplicity of using the Microsoft suite, and the support and guidance from the eGroup Enabling Technologies team.
Cyber Insurance Sparks a Shower of Activity
Becket & Lee decided to partner with eGroup Enabling Technologies, a trusted and long-time IT service provider of the firm. “They have helped us with our conditional access, MFA on mobile devices, and the shift to Intune for mobile devices,” explained Breneman. “They’ve run the gamut of Microsoft security pieces and they’ve been there all the way.”
One requirement drove a flurry of that activity: a cyber insurance questionnaire asking specifically about multifactor authentication for email. Up until that point, Becket & Lee had an exchange online server on premises. With the firm’s existing Mobile Device Management (MDM) platform and the lack of modern authentication, they could not comply. Within two months, our two companies worked together to implement hybrid exchange, Entra ID conditional access and multifactor authentication, and device enrollment with Microsoft Intune.
Managed Extended Detection and Response (MXDR) + Security Information and Event Management (SIEM) Solves Staffing and Skill Gap
There are many synergies within the Microsoft security stack, but for CISO Breneman, the native connection between the Defender XDR suite and Microsoft Sentinel was the most helpful.
Large customers can manage these services on their own, but SMBs often turn to partners. eGroup Enabling Technologies offered a managed security service that could address Daryl’s security challenges and provide peace of mind. ThreatHunter is powered by Microsoft’s Defender Suite and Sentinel (Security Information Event Management), and provides 24/7 security monitoring, alerting, and response by a team of security experts.
“I like the option that eGroup Enabling Technologies provided for me, as the MSSP (Managed Security Services Provider). I started thinking about it and I was like, you know what? We cannot do our own SOC (Security Operations Center) as a small team. It's really a challenge to try to have the expertise to do it and be awake 24/7. So that whole thing just all came together as far as using Defender and then tagging on the MSSP on top of it."
Onboarding Workshop Emphasized The Value
eGroup Enabling Technologies facilitated a workshop with Daryl and his team to demonstrate the features and benefits of the solution, and to onboard a handful of devices for testing.
“The workshop was great because during the workshop we were able to lay the groundwork of how everything was going to work with Defender, and we actually went step-by-step on how to onboard. We looked at different options, whether we were going to use GPO (Group Policy Objects) versus Intune. We onboarded a handful of machines. We got to start seeing how it works and get a feel for it before we signed up to say, ‘yep, we are going to go forward for good’,” Daryl said.
The workshop helped Becket & Lee with the onboarding and implementation of ThreatHunter, which involved setting up the Defender Suite and Sentinel in the firm’s environment and configuring security policies and rules.
ThreatHunter Prevents a “Save Your Bacon” Incident
“Who knows what would have happened before we were going down this MSSP path? Now we don't really have to worry about it, because once we got through our full onboarding, all the Windows firewall and Defender settings happen automatically. I don't have to worry about it.”
Since implementing ThreatHunter, Becket & Lee has seen significant improvements in its security posture and compliance. The firm has been able to detect and respond to security incidents faster and more effectively, with the help of eGroup Enabling Technologies. The firm has also been able to leverage Microsoft products to provide proactive and advanced security features, such as conditional access, MFA (multi-factor authentication), indicators of compromise, and risky sign-in alerts.
Daryl shared a specific incident where ThreatHunter saved the firm from a potential breach. A work-from-home device was misconfigured and did not have Windows Firewall turned on. The device was also plugged directly into the ISP modem, exposing it to the internet. eGroup Enabling Technologies alerted Daryl that the device was getting attacked and someone was attempting to RDP (Remote Desktop Protocols) to it. Daryl was able to identify and isolate the device quickly and prevent any compromise.
“That’s a true ‘save your bacon’ incident. In those early stages, I saw right away. Who knows what would have happened before we were going down this MSSP path?” Daryl wondered. “Now we don’t really have to worry about it, because once we got through our full onboarding, all the Windows firewall and Defender settings happen automatically. I don’t have to worry about it.”
Daryl also appreciated the value and expertise that eGroup Enabling Technologies brought to the partnership. He said that eGroup Enabling Technologies was constantly updating the indicators of compromise in the Sentinel environment and providing him with guidance and support on security issues. He also liked the communication and collaboration that eGroup Enabling Technologies provided, such as calling or messaging him to verify and investigate security alerts.
Conclusion
Protecting sensitive data for their clients is paramount for Becket & Lee. Partnering with eGroup Enabling Technologies has enhanced the firm’s security posture and protected its data from cyber threats. CISO Breneman subscribes to the Zero Trust approach and describes his “ask questions later” philosophy.
By leveraging the Microsoft Defender Suite and Sentinel, Becket has a comprehensive security solution, managed by its MXDR partner. The firm has seen significant improvements in its security posture and compliance and has been able to detect and respond to security incidents faster and more effectively, with the help of MXDR partner eGroup Enabling Technologies.
“It's just nice knowing you have that group of experts that are walking side by side with you, assisting you with tracking down those security events, and if we are breached or if we have some type of security incident, I know that I have full confidence we're going to contain it right away."
To learn more about how eGroup Enabling Technologies can help your organization, contact us via the form below. If you are interested in learning more about our ThreatHunter Security Services, you can view them here!
Contact Our Team of Experts Today!
Interested in how our team can provide you with the IT Services you need around the products and solutions you’ve acquired?
Contact our team to learn more.
