When the IT team at Cascade Environmental noticed that bad actors were automating their attempts to compromise identities and data, they proactively took action. They realized that while their environment may be secure at a point in time, morphing attack vectors could make them vulnerable at any time. Cascade’s growth made the challenge for its small IT staff even greater; the firm now provides environmental consulting and ecosystem restoration across 35 locations and 1,000 employees.
Who Is Cascade Environmental?
Not Enough Budget, People, & New Threats Everyday
Unlike many other companies of Cascade’s size, it didn’t take a specific crisis to initiate action. CIO John Michael Gross explained, “I think for us, while we had been good enough with security for a long time, the automation of the threat against us was expanding that gap.” He would spend a significant amount of time reviewing Azure Active Directory audit logs and other Office 365 data. Looking through verbose logs for potential compromises at first helped Cascade understand the risk, but they quickly realized it was not scalable nor an effective use of their precious time.
“The problem we're trying to solve is pretty typical of the mid-market world we live in,” explained Gross. “Not enough budget, not enough people, and a new threat vector coming in with the automation of hacking tools, and frankly, just not enough bandwidth to chase things down. The totality of all that for us was that we needed to find ways to automate what we were doing in order to solve the problem, not continue to chase after logs ourselves.”
Cascade Began Seeking Solutions
“We certainly looked at a lot of off the shelf products to solve the problem,” said Gross. “My concern was that building that tapestry of things wouldn't really help us be better at solving the problem. I think to truly solve a problem, you really have to understand the root cause and just simply adding more solutions didn't seem to do that for us. So we started to look inward at our own skills and then really look for partners that could help us with things. That's how we ended up talking to Enabling Technologies.”
Enabling Technologies’ is a national Gold Partner of Microsoft, whose mission is to enable secure productivity in the cloud. Enabling protects customers’ identities, devices, data, and apps with expertise spanning the Office 365 and Enterprise Mobility and Security suite (Intune, Azure AD, Azure Information Protection, etc,), the email security capabilities of Office 365 (Advanced Threat Protection, Office Message Encryption, etc.), and the Azure Security Center.
Enabling’s account team and subject matter experts worked with Cascade to uncover the true challenge. “In particular for us, the challenge was business email compromise, spoofing of accounts, general phishing and in particular, spearphishing.” While the firm had a security awareness program in place to communicate risk and appropriate behavior to users, “We looked at how those things were affecting our end users, and it didn't seem like any amount of training was going to solve that problem for us.”
“Enabling really came in and spent time trying to understand what we had done well already and where the gaps were. They then walked through the process of how their managed service solution, PhishHunter, was going to be able to solve the problem for us.”
Enabling recommended a layered security approach using a combination of Microsoft cloud services that together comprised Enabling’s PhishHunter service. PhishHunter detects accounts compromised due to phishing, automatically blocks the attacker from continuing, and forces a secure reset of the original victim’s password so they’re back working in a clean account.
Knowing that no security tool can be set and forgotten, Cascade saw value in a longer-term relationship with Enabling. “I didn't want to bring somebody in who would simply come in and put something in place and then go away. I wanted to understand how they would educate my team to be able to handle this stuff, long term.” Now, Enabling engages on a regular basis to ensure the latest configurations and protections are in place in the Cascade tenant to account for trending risks.
More Time for IT to Focus on Adding Value to Cascade
The results are cleaner inboxes, less risk of Business email Compromise and financial loss, and more time for IT to focus on adding value to Cascade’s business. “After implementing PhishHunter, I don't have to spend my weekends looking at logs, so that's been good for me personally, but for the company as a whole, really now we only see the aberrations. We've really eliminated a lot of the noise and we’re really focusing on those impossible travel situations and other things like that. It hasn't done completely eliminated phishing, but I'd say it's reduced the totality of threat about 90% for us, and that in combination with being able to focus on that 10% means that the time we're spending with that bandwidth we have tends to be very effective.”
Through his years of experience and his recent late nights tracking threats, Gross advised others to “Understand the things you know, but be honest about the things you don't know. Don't fall victim to trying to put together this tapestry of applications for every marketecture that is going to tell you what you want to hear.” Gartner Group shows five Microsoft security solutions in their Leaders’ Quadrants, more than any other vendor, demonstrating how a platform is becoming more powerful than products.
He summarized by adding, “I think you want to work with a partner that's going understand what your problems are and really help you drive to a total solution. For us from a security standpoint, I thought we were good enough last year. I think we're good enough this year. Yet there were a bunch of things I changed between last year and this year. I think there are a bunch of things we’re going to change soon. It’s a matter of recognizing that it's a never-ending problem and you need to keep evolving.”