Background
MicroBilt Corporation is credit data and risk management solutions firm focused on the needs of small and medium-sized businesses. They provide real-time support for credit decisions, along with a wide range of related services that help businesses protect themselves against fraud and other business risks. While MicroBilt operates alongside industry giants like Equifax and Experian – and faces many of the same security risks and regulatory requirements – they’re a lean and highly specialized team of about 200 people.
Key Security Concerns
Since credit bureaus must collect and store large amounts of personal information to support their services, they’re an extremely attractive target for threat actors. In fact, malware and breaches of private and government agencies it is a real concern, the volume of reported incidents has been growing steadily in the last several years.
For MicroBilt, these high stakes require a careful balancing act. Their business depends on making sensitive data accessible to authorized parties without adding unnecessary friction to business transactions. But they also need to have sophisticated security measures in place to spot attempts to breach their infrastructure or exploit one of their downstream customers to exfiltrate sensitive consumer data.
MicroBilt also faces a gauntlet of industry regulations, including the Fair Credit Reporting Act (FCRA), Payment Card Industry Data Security Standard (PCI DSS), and regional requirements like the New York State Department of Financial Services Cybersecurity Standards.
The Journey to MDR
MicroBilt’s journey to MDR evolved from a decade-long partnership with CyberMaxx, with an initial focus on consultative services like PCI audits and infrastructure projects like firewall upgrades.
As the company’s security demands grew, MicroBilt’s senior vice president of operations and CISO, Paul Page, faced a critical decision: staff up or engage a managed services partner. “Finding security people in this market is not the easiest thing to do, and the costs are substantial,” Page said. “And then there is the ramp-up time to understand our business and environment.” He ultimately concluded that partnering with an MDR provider would deliver better security outcomes with a lower cost structure.
While Page considered two other MDR providers, expanding his relationship with CyberMaxx quickly emerged as the clear path forward. “With any of these services, it comes down to the caliber and skill of your people and the processes you’ve implemented,” Page said. “That’s a big differentiation for CyberMaxx compared to some of the larger companies.”
A Highly-Collaborative Security Operations Model
CyberMaxx’s well-defined onboarding processes, along with their detailed understanding MicroBilt’s environment, enabled a rapid ramp-up of MDR capabilities in less than two months. And the relationship between CyberMaxx and MicroBilt’s in-house infrastructure and security teams extends well beyond basic alerting. CyberMaxx manages MicroBilt’s firewalls, web application and API protection (WAAP) platform, and other key security policy control points, and the companies have procedures in place that empower CyberMaxx to intervene with policy changes in response to detected threats. Automated responses are also selectively used, including integration with MicroBilt’s EDR platform to quarantine vulnerable or infected endpoints.
MicroBilt continues to use CyberMaxx’s offensive security capabilities as well, including ongoing threat hunting and penetration tests. According to Page, this makes for a more effective and trustworthy MDR approach.
Now, their offensive team is essentially working against their defensive team without any advance warning.” This drives continuous improvement of the MDR function and avoids the complacency that many MDR providers develop over time.