How M-Cubed Stopped 7 Attackers Missed By Huntress ITDR
- 7 live attackers
- Discovered using Petra, missed by Huntress ITDR
- Caught 2 wks late
- 6 Surfaced using Petra, caught late from Huntress ITDR
- 51 seconds
- New MTTR with Petra
“I think a lot of people are in the same position that we were — they just don't know what's really happening until all the forensic analysis is done. We'd thought attacks were being caught fast, but we had a rude awakening, and now we know what fast really looks like. Now we get to pass that huge speed increase along to our clients.”
David XiongCTO, M-Cubed TechnologiesM-Cubed prides itself on being the trusted IT partner for businesses from the Heartland all the way to California, proactively managing client infrastructure 24/7/365 so they can run as smoothly and efficiently as possible.
The Challenge
M-Cubed saw 80% of attacks hit M365, and wanted to make sure clients had the best coverage.
M-Cubed is no stranger to dealing with M365 attacks. “We were seeing our clients get, just, hammered by attacks,” says David, CTO at M-Cubed Technologies. “And 365 attacks have gone up like crazy. These days, I would say 20% of attacks are EDR, 80% are 365.”
Pre-Petra, M-Cubed's prior ITDR was Huntress ITDR, which they had deployed to all clients. “We're huge Huntress fanboys. Still are. But we love great tech. It's what we do. So when we got the demo at a conference in late 2025, I came back pretty ecstatic about it.”
The Solution
Deployed Petra to all clients, uncovered 19 compromises that prior ITDR caught late (or not at all).
“I think on the first night, we threw some clients on there. We chose the clients who typically always get hammered with alerts. Immediately that night, Brian shot me an email that said: ‘look at this report!’”
Petra found 7 currently lurking attackers across 7 different clients, all of which were being actively monitored by Huntress ITDR at the time. Using Petra, M-Cubed shut down all 7 attacks that evening. Then David spun up Petra Scan, a forensic investigation tool, to examine 19 compromises Huntress had been monitoring and pull out new forensic details.
Here's a sample of what Scan uncovered across 19 compromises:
- Huntress ITDR caught an attack 4 months and 4 days late. The attacker accessed 23,363 emails and sent 49 malicious invoices.
- Huntress ITDR caught an attack 1 month and 26 days late. The attacker accessed 1,082 emails and 3 documents and sent 798 malicious invoice requests.
- Huntress ITDR caught an attack 13 days and 23 hours late. The attacker accessed 2,324 emails.
- A live attacker, not caught by Huntress ITDR, active for 3 months and 1 day, accessed 10,713 emails and sent a malicious email.
- A live attacker, not caught by Huntress ITDR, active for 4 months and 10 days, accessed 1,178 emails.
By the numbers: the 12 cases Huntress ITDR had caught, Petra Scan discovered were caught on average 32.9 days late. The 7 cases Huntress ITDR missed, where the attacker was still active, had been lurking on average 92.6 days. Across all cases, attackers accessed an average of 3,104 emails due to late response, and 42.1% sent malicious emails from compromised accounts.
The Results
Now with Petra, 51-second response — and attacks caught that the previous ITDR missed.
Since switching, Petra has stopped 3 real-time attacks for M-Cubed (in addition to the 7 lurking attackers), an average of 51 seconds after logs are published by Microsoft. “It's just crazy fast, especially when you see what was happening before,” says David.
Surprises
What's been most surprising about Petra? The forensic depth.
“For me, it's just the fact that it finds all this stuff,” says Brian. “All this attacker activity from past compromises, just after turning it on. With Huntress it's like ‘hey, we saw something’. But where did it come from? Who clicked what? What did the attacker do? Petra shows all of that. The detail level has been really good — even on past attacks.”
The depth saves hours for high-compliance clients. “We have a large financial firm client, very stringent on compromises. They want to know what happened, who did it, what they clicked, what was accessed. Before, I had to go through Purview. This right here just saved me so many hours.”
24 hours, they caught attacks you missed for a month. They blew you out of the water. At the end of the day, our clients stick with us because they know we're on top of it.
M-Cubed believes most IT problems (including BECs) are avoidable, so why wait for failure? To get best-in-class cyber services from a world-class MSP, visit mcubedtechnologies.com.
More Stories
See what's in your last six months of logs.
Run six months of M365 logs through Petra and get insurance-grade forensics within 48 hours. Five minutes to set up with no sales call.

