🎉 Exciting news! Coalition has acquired Wirespeed to accelerate cybersecurity for all.

Read more
Cover for My MDR Doesn't... Know my VIP Users
Tim MalcomVetter avatar

Tim MalcomVetter

Co-Founder / CEO

This is part of a blog series tackling common problems in traditional MDR and outsourced/Managed SOC Service Providers (MSSPs).

My MDR Doesn’t… Know my VIP Users!

VIP Users are your key “very important people” in your organization. If you’re a commercial enterprise, it’s likely your C-Suite and VPs, but if you’re a non-profit or a unique organization, it could be a little more complicated to identify who these people are. One thing is for certain: these are the people who should not be interrupted and should receive white glove concierge treatment for any impact to their access and ability work.

Also, VIPs represent significant impact targets to your organization’s security. They have the ability to tell accounts payable to issue wire payments to vendors, which could go horribly wrong in BEC scenarios. They have access to the company’s intellectual property, contract terms, customer lists, and biggest challenges, which are valuable corporate espionage. Communications (e.g. email, Slack, Teams, etc.) from them to internal employees come with the authority to immediately execute, such as a request to make a stupid security misconfiguration. It’s very important to understand who these people are to properly protect them.

Yet, one of the most common complaints from customers to MSSPs is that the SOC doesn’t know who these important people are.

#How Wirespeed is Different

First, Wirespeed focuses on prioritizing integrations with your user directories, such as Microsoft Entra (Azure Active Directory) and Google Workspace. In this screenshot of an example tenant, there is both an integration to Google Workspace as well as Microsoft 365 (Entra), so multiple directories are present. Wirespeed can handle multiple types and instances simultaneously for a blended experience, perfect for M&A scenarios where the infrastructure is not yet integrated, or complex organizations, such as higher education, where it is common to have multiple departments each running their own directories.

Wirespeed Integrations We integrate with your Microsoft M365 and Google Workspace directories

Second, once the integration is in place, our built-in automation rules will locate users in the following three categories:

  1. Administrators (i.e. built-in roles with known administrative access
  2. VIPs
  3. Technical Users

Discovered VIP List We use our rules to automatically locate your VIPs & Technical Users

You can also manually identify specific users and mark them as VIPs or Technical Users, or add your own automation rules to identify them. Our QA team periodically reviews our matching rules to look for improvements, because we take the approach that you’re likely too busy to keep up. That’s ok with us!

Discovered VIP List Learning the people is super important to how Wirespeed works!

Third, our matching rules keep near real-time tabs on changes you make as your organization will be fluid over time. When new Admins, VIPs, or Technical Users are found, we alert you in the dashboard in the UI, as well as through health summary emails you can opt-in to receive daily or weekly:

Discovered VIP List We keep solid tabs on new VIPs we discover

Finally, we use this knowledge to drive response actions in your organization. Our recommended minimum settings for automated containment are to automatically contain identities by rotating credentials and killing active sessions, but not if the user is a VIP. In those cases, we escalate to you, so you can choose to communicate carefully or time the containment.

Discovered VIP List You're always in control of Containment with options to treat VIPs with special care

#Run us Head to Head

We’re ready to run head-to-head against your current MDR provider, because you deserve to have an MDR that learns your VIPs, treating them with due care you’re also expected to show them.

It takes just a couple minutes to start a FREE Trial, where we will sync your directories, ingest the previous 90 days of alerts and show you cases where we would have escalated about any concerns involving your VIPs (as well as other users). You can instantly compare us to how your current MDR provider did handle those same cases—if they even told you about those cases at all!

You’re welcome to integrate with Slack, Teams, or just email, and we’ll watch you for the next 14 days for FREE, reaching out to your users on your behalf. We’ll even help you with a rollout communication plan to inform your workforce that they may be asked about their activity to protect your organization. Quick, Easy, Painless … and Secure.

Wirespeed

Want to know more about Wirespeed? Follow us on LinkedIn / X or start a FREE TRIAL today.