Customer Story: Vangard IT

The Challenge

After frustrating experiences with Barracuda’s SOC team and lack of timely alerting, Vangard IT needed a solution that could help them deliver reliable, high-quality security for their customers.

The Solution

Vangard IT chose to move their customers over to Blumira’s easy-to-use SIEM + XDR platform after they were alerted to a M365 email compromise that Barracuda failed to alert them to. 

“Blumira’s amazing, based on our history with you. We rolled out Blumira with a new customer and it was seamless. We saw 100 times more than we did with Barracuda over five years – I never saw the insights that I saw in a single month with Blumira.”

Vangard IT

At Vangard IT, they pride themselves on being a different kind of IT company. They believe that the key to delivering exceptional IT services is to focus on their clients' needs, build strong relationships with them, and provide a personalized approach to every project they undertake. 

The Challenge: Lack of Alerting on Threat Activity 

Cameron Rainey, CEO of Vangard IT had partnered with Barracuda to protect and monitor their environment, setting up a new sensor on-site to collect logs. The MSP also had Blumira in place for detection and response.

About a month after they set up their Barracuda sensor, Blumira alerted them by email to a threat actor that compromised a Microsoft 365 account, accessed a user’s inbox and started sending out malicious links to internal employees. 

Rainey was co-managing the environment with a German company. In their attempts to remediate, they first needed to access the logs. Once they saw the user was logged in from Dallas, Texas, they backed up the inbox from their email backup system. Then they logged into their Barracuda dashboard to find they had no logs at all. After reaching out to support, they were told that they would get an alert after 21 days of log degradation – too late to help with the email incident. 

According to Rainey, Barracuda’s deployment process comes with an onboarding team to help them get sensors set up in their environment. 

“Barracuda offers a white-glove treatment, that is not at all that. It turns out the sensor was not working, logs were not flowing, and the sensor that had been put in place had died,” Rainey said. “We were not alerted to the email incident as they had no way of knowing it had happened.”

The Solution: Blumira’s Contextual Real-Time Alerts Speed Up Time to Security vs. Barracuda 

Rainey got an email from Blumira’s sensor alerting them to logging issues. While most companies will go with one solution, they found a good balance with both solutions working alongside each other. 

“Blumira’s amazing, based on our history with you. We rolled out Blumira with a new customer and it was seamless. We saw 100 times more than we did with Barracuda over five years – I never saw the insights that I saw in a single month with Blumira. A lot of that has to do with the agent-based visibility; Barracuda is sensor-based only.”

Vangard IT had a customer running Blumira’s Free SIEM and a paid version of Barracuda’s solution, and received an email from Blumira to alert them to a finding within their environment. 

“Blumira’s email says a user at this company created an inbox rule; it looks malicious and you should do something. Barracuda hadn’t said a word to me,” Rainey said. “I called the user who was not in Amsterdam, and locked down her user account to keep the threat actor out, who was getting ready to spam the organization.”

After an hour, Rainey received a call from Barracuda.

“I said, ‘you’re an hour late – it’s already taken care of.’ I looked at the logs, saw the threat actor was from Amsterdam, got them out. I pulled up the ticket from Blumira that showed the person that created the rule is on an Exchange server. There was zero information from Barracuda,” Rainey said.

Rainey was told by Barracuda to contact their SOC team about why they didn’t receive an alert about a user logging in from a different country, and spent an hour on phone tag getting transferred from team to team until he was told by the Blue team that he would have to send a ticket email to their SOC team in order to escalate the issue. After exchanging a number of emails with the SOC to get to an understanding of why the impossible login alert did not trigger, he was ultimately left unsatisfied with the level of service provided by Barracuda. 

“We want to pull all of our customers out from Barracuda. When customers think of cybersecurity, they think of Vangard IT – if it fails, it’s on us, and we look bad, not the vendor. That’s when we started looking for an alternative that would support our mission to provide a higher level of service to our customers,” Rainey said.

Blumira’s detection rules also uncover possible insecure activity for Vangard IT’s customers, giving them an opportunity to educate customers on best security practices for using password managers.

“We get alerts from Blumira that show our customers’ are using plaintext documents to house passwords. There’s no way we would have known that unless we remoted in, Rainey said. “Our customer asked, how do we fix this? We tell them, get a password manager. They ask if we can sell that to them, get them pricing, and they can roll it out. We just got more recurring revenue through a Blumira alert.”