Threat Actors’ Heads Are in the Clouds

Ever since the release of the industry’s first Managed Detection Response and Remediation (MDR+R) for the cloud, Blackpoint’s Cloud Response product, our Security Operations Center (SOC) has seen an ever-increasing rise in cloud cyberthreats targeting our partners. In 2023, Blackpoint experienced a 632% increase in Cloud Response saves. And it’s only risen since. Threat actors behind these incidents are masking their real IP addresses to avoid detection, manipulating cloud resources and vulnerabilities, exploiting compromised credentials, and more. This influx in cloud-based activity has led our SOC to be busier than ever, stopping cloud cyberattacks on our partners’ behalf around the clock.

When threat actors exploit VPNs or leaked credentials, it can be difficult to figure out initially if it is benign user activity or the first steps of a threat actor’s attack campaign. At this stage, threat actors often sneak past security solutions with limited visibility or incomplete follow through. This is where the presence of a 24/7 SOC with live security experts becomes mission critical. Where lax security protocol may open doors for threat actor activity, our expert team goes the extra mile to determine if the activity is benign or nefarious.

Because of the persistence and potentially adverse outcomes of these attack campaigns, our SOC is adjusting their workflow to account for, detain, and follow up on more. More cloud incidents, more potential threats, more coverage for threats your automated solutions may miss. With increased aggression, we will be assuming guilty until proven innocent. Our holistic view of partners’ networks, through Cloud Response, enables us to contain and detain more actions, even if they appear anomalous. That way, if it is in fact threat actors in the earliest stages of their attack campaigns, we can stop them immediately.

With increased detection and response comes alterations to our partner communications. Whether ultimately anomalous or nefarious, our partners will continue to hear from our SOC as rapidly as they’re used to. These communication changes will enable the SOC to maintain transparency with partners while doing what they do best—detecting and catching more—before threat actors see them coming and after our competitors have missed those initial clues.

Blackpoint’s 24/7/365 Security Operations Center detects and neutralizes threats at industry-leading speeds while minimizing the remediation efforts required from MSPs, granting hours and resources back to busy security teams. Blackpoint acts as an extension of security teams, alleviating threats so you don’t have to. With the industry’s fastest response and remediation times, Blackpoint Active- SOC™ uniquely monitors behavior to see attacks as they’re happening, in addition to threat hunting based on events that have already happened – and they take action to eliminate the threats on the spot. And, with same-day onboarding, seamless integration with third-party tools, and flexible billing options, Blackpoint empowers MSPs to build a comprehensive cybersecurity stack simply and rapidly.

See it in action today.

If you have any questions, please contact your partner account manager.