How IntrusionOps Landed 3 Enterprise Deals With Petra
- 3 Enterprise Deals
- Landed with Petra
- 24 Attacks Stopped
- Using Petra
- 3 mins, 41 secs
- MTTR with Petra
“We love Petra. We can essentially fire and forget — leave Conditional Access in place but rely on Petra to catch true positives and waste zero time with false positives. Petra literally solves the problem.”
IntrusionOps is an MSSP based in the Northeast, providing Managed Detection and Response (MDR), Digital Forensics and Incident Response (DFIR), Red Team, and general security services to companies of all sizes.
The Challenge
IntrusionOps was seeing BECs more and more often, and needed a way to stop them quickly.
“We've seen account compromises go through the roof in the last few years,” says Jeremy. “It used to be that ransomware occupied our time, but these days, we see BECs outnumber them almost 10 to 1.” The team had been using P2 Risky Sign-in Alerts, but relying on those signals created a new problem: noise.
As an example, in one client with ~2,000 end-users over a 6-month period, IntrusionOps saw 264 high-risk events, 1,234 medium-risk events, and 10,866 low-risk events. “It was a mountain of noise. At best, people enable a Conditional Access Policy to block high-risk logins, but in practice it usually becomes a full-time job — just chasing down all the P2 stuff.”
Deal #1
Petra-Enabled Deal #1: 2,000-user Enterprise
The perfect enterprise opportunity fell into their laps — a franchise model with locations all around the country, where employees travel frequently and restrictive location-based conditional access just doesn't work. IntrusionOps included Petra as part of an ‘MDR lite’ offering. The enterprise already had an advanced stack (email security, SIEM, EDR) and thought they were covered, but knew they had a gap on account compromise.
In the first month, Petra caught so many attacks that we were able to have several follow-on conversations with the C-suite. Those caught attacks led to approval for a proper identity security program.
Since onboarding ~6 months ago, IntrusionOps has used Petra to stop 18 account compromises in that enterprise, with 0 false alarms and an MTTR of 3.8 mins.
Deal #2
Petra-Enabled Deal #2: Public Healthcare Company
A public company in the healthcare sector came inbound looking for M365 detection — specifically a tool that could stop account compromises missed by other ITDRs and process activity from SharePoint and Exchange. To win the client, IntrusionOps did an “Autopsy”: a retrospective analysis supported by Petra, going back 6 months to see exactly how long the attacker was in the account, which emails and files they accessed, and anything they left behind.
The client was absolutely blown away. It was the wedge — it helped showcase how important M365 protection is, and how we could pair that with best-in-class services to harden their environment.
Deal #3
Petra-Enabled Deal #3: Another Public Healthcare Company
After several BECs, this enterprise had switched to a large MDR provider, but encountered compromises they felt were improperly handled — including one caught 25 mins late. For SEC obligations, they needed a clear step-by-step reconstruction of the BEC incident. So IntrusionOps did an Autopsy and pulled out the forensics.
The Autopsy revealed the compromise had actually been caught 21 days late, when they thought it had just been 25 mins. When I showed them the results, let's just say they were visibly shocked.
“I think I've said it before but I stand by this. Petra is one of the only solutions I've ever seen that reduces work and improves accuracy.”
IntrusionOps prides themselves on finding and implementing the right stack for each client. Visit intrusionops.com or email hi@intrusionops.com.
More Stories
See what's in your last six months of logs.
Run six months of M365 logs through Petra and get insurance-grade forensics within 48 hours. Five minutes to set up with no sales call.

