How Impact Business Technology Uses Petra Scan to Win New Clients

The Stack

Impact BT wanted a focused ITDR with stable detection rules they could rely on across a private equity book.

Impact BT had used Microsoft Defender for Cloud Apps for years. It handled the basics, but was prone to arbitrary, automated rule changes that were hard to keep up with. As Impact BT's PE and financial book grew, the team wanted a dedicated ITDR solution with a strong stable detection model that didn’t require upkeep.

"What I like about Petra is you do one thing, and you do it extraordinarily well." -Neil Holme, Founder & CEO of Impact Business Technology

High-Speed Advanced Detection

When attackers targeted the chairman and the CEO of one PE client within a week, Petra stopped both in minutes.

Shortly after Impact BT deployed Petra, attackers ran a coordinated campaign against one of Impact BT's private equity clients. The chairman and the CEO of the firm were each phished nine days apart. Both attacks used residential proxies to make the logins look local, paired with device code phishing.

Petra contained the first attack in 3 minutes and the second in 5 minutes. Across the two incidents, attackers accessed 0 emails and 0 documents.

"We get an alert from Petra but the initial remediation is already done. We look at the incident report and can confidently tell the client there is nothing to worry about, we don’t need to sound any alarms. While an account did get breached, we blocked them before any damage was done, before any data was exposed. That’s the story we tell our customers and it’s a beautiful thing."

Petra Scan: a Growth Driver

Petra Scan turned a prospect’s active breach into Impact BT's newest client, and a referral path into the broader insurance market.

Neil, CEO of Impact BT, was renegotiating their own cyber insurance coverage with a Texas brokerage. Days later, that brokerage was itself hit by a 17-day phishing compromise. The attackers used compromised broker accounts to send fraudulent renewal emails and attempted a wire-fraud redirect. The compromised mailbox held personal information about clients across dozens of states, which triggered breach-notification obligations in each one, as well as a full carrier-mandated incident response. Their total remediation cost was roughly $150,000.

Neil pitched the brokerage on switching to Impact BT using Petra.

"I onboarded them last week. I got global admin rights while I was on the plane down to Texas, on the plane's Wi-Fi. I onboarded Petra. By the time I landed, I had a full Scan."

He showed the broker the Petra Scan report, walked through the 17 days of attacker access and the wire-redirect attempt, then laid Petra's response time alongside it.

"And they say, 'all right, how quickly would you lock them out?' And I said, 'how's 26 minutes?' And in fact, it was actually one second. And they say: 'you're hired.'"

Petra had also found four inbox rules left over from the attacker's access. The broker's cyber insurance carrier had already engaged a forensics team a few weeks prior, but Petra found the rules first.

Wins like this are opening referral paths for Impact BT into the broader insurance market.

"[Petra] enables us to show that these attacks don't need to happen. Our new client has already referred me to another client, a much bigger insurance broker in Texas. I've got a call with him next week."

Petra Scan: New Client Hygiene

Impact BT now uses Petra Scan to ensure every new client starts with a clean bill of health.

When Impact BT won a new client away from another MSP, they deployed Petra as part of onboarding, and found an attacker who had been in the account for 9 months. 

The attacker had compromised a global admin account and used that access to create an entirely new domain and new user accounts inside the tenant, infrastructure used to launch attacks on others. 

"You come in, you find everything I need to know, and then we get to clean up. It's beautiful." — Neil Holme, Founder and CEO, Impact Business Technology

Neil now ensures that Petra Scan is deployed either when prospecting a new client to help close a deal, or during onboarding to ensure they aren’t inheriting liability of failures of a client's previous MSP.

–

Impact Business Technology is a managed IT and cybersecurity services firm based in Sandy Hook, Connecticut, supporting private equity firms, hedge funds, and portfolio companies. To get best-in-class M365 identity protection through a world-class MSP serving the financial sector, visit https://impactbt.com.