A small oil and gas manufacturing company found value in Blumira’s Free SIEM edition that detected a malicious application attempting to steal data from their Microsoft 365 account, prompting them to respond swiftly to prevent any further damage.
Blumira’s Free SIEM Detects a Malicious Application
The IT systems administrator of a small oil & gas manufacturing company found Blumira when he came across a Tom Lawrence review video of Blumira’s platform, Blumira: The SIEM and XDR Security Tool for IT & MSP Teams. Tom Lawrence is a tech content creator that reviews and promotes new tools for IT and MSP communities.
“I keep up on new software and I happened to come across a Tom Lawrence video that said, here’s this new tool from Blumira; you can get a free edition,” their IT sysadmin said. “I was looking for a SIEM myself, but everything is very expensive and we’re on a budget. So I gave it a shot using a free account.”
Their IT sysadmin is the main technical resource for the company, along with another system administrator, working under one corporation with multiple companies underneath. They are working to update several outdated systems and currently use an RMM solution, NinjaOne, to manage their computers. The company did not have anything in place for SIEM or SOAR; their IT sysadmin’s entry-level certification for cybersecurity influenced his drive to get internal approval for investing in the solution.
“You can’t protect what you cannot see. NinjaOne doesn’t cover or integrate with everything else like a SIEM,” their IT sysadmin said.
He explored a few different SIEM options, including Wazuh, but found they involved a lot of coding and programming, and were not especially user-friendly. Ease of use, detections and playbooks are what drew him to try Blumira.
“We’ve been using Free until we have the budget. Setup and deployment is really easy; we’ve had no issues integrating with M365 because it’s pretty straightforward,” their IT sysadmin said. “One option I like is the additional reports you don’t get with M365.”
Shortly after integrating Blumira with their Microsoft 365, their IT sysadmin received a Blumira finding that alerted him to an application that had been installed and used for malicious purposes.
“Blumira proved its value when I received a P3 alert that a user provided consent for an application on their account. Blumira flagged it as suspicious, which led me to immediately investigate it and confirm that it was a malicious incident,” their IT sysadmin said.
Their IT sysadmin received the alert via email, but only had access on his phone as he was out on a personal day at the time of the alert. He was able to reach out to another tech to respond in less than an hour.
“The incident involved a legitimate application that was most likely trying to exfiltrate data from that M365 account,” their IT sysadmin said. “The application was removed, along with its permissions, and the user’s password was reset and 2FA was enforced. If it weren’t for Blumira’s notification, this incident would most likely never have been detected until it was way too late.”
This was a significant event that Blumira sent an alert for, as the company would not have known about it otherwise.
“On our current business license for Microsoft 365, they don’t offer conditional access or real reporting for Azure. So if we’re not going in and manually checking, we won’t know about anything like this, and Microsoft won’t give you any enhanced information about M365,” their IT sysadmin said. “We’re benefiting from Blumira alerting us to suspicious activity that isn’t even available with our Microsoft service right now.”
When it comes to value for the budget, or return on their investment, their IT sysadmin mentioned the included support as a major factor.
“I know you have a support team at Blumira; with Wazuh, we have to pay for it. I like that Blumira is a ready, out-of-the-box solution, with no additional implementation requirements. I don’t want to spend too much time on it and worry about all the technical details without support,” their IT sysadmin said. “Blumira is cheaper than all of the other solutions. With LogRhythm, we would pay double what we would pay for Blumira, and Splunk was way too expensive.”
