MegaplanIT

Introduce your business and what you do there.

I’m the IT director for a fire protection, engineering, and consulting services firm.

What challenge were you trying to address with MegaplanIT?

We hired MegaplanIT to help us with a ransomware attack that decimated our network.

What was the scope of their involvement?

MeganplanIT got our business into two antivirus programs. Currently, they’re providing us their services as a security consultant.

Right now, we’re moving to a different antivirus program that MegaplanIT found because they think it’s better for us. They’ve been helping us do the migration and set up the policies on the new antivirus. That way, we just have to uninstall and reinstall.

What is the team composition?

I’ve worked with two people, but my main point of contact is Jeff (Principal Security Engineer).

How did you come to work with MegaplanIT?

While I was working on rebuilding our network as much as I could, someone else from our team found MegaplanIT. They were a recommendation from a friend. At that point, our network was dead in the water, so we thought that if they were recommended, we would give them a try.

How much have you invested with them?

Our monthly spend is around $7,000, so we’ve spent around $180,000 in total.

What is the status of this engagement?

We started working together in March 2019, and the partnership is ongoing.

What evidence can you share that demonstrates the impact of the engagement?

MegaplanIT was able to stop the spread of this ransomware. Once they got a key, we were able to rebuild our network. The process took three days.

MegaplanIT informs us about any suspicious activity. For instance, this morning, I came in and got an alert about a low-level alarm. Someone was trying to log in to our board director’s account 100 times per minute from seven different countries.

Another time, we had a person who clicked on spyware. We were notified about it right away, and we sent an email to the security operations center (SOC). Within five minutes, they had already scanned the computer. As they didn’t see anything, they told us that there was no remediation needed.

How did MegaplanIT perform from a project management standpoint?

MegaplanIT has been great. All their work has been remote — they’ve offered to come on-site, but we don’t need that.

When the ransomware attacked, they remotely got us the software and helped us rebuild our network. We were working 24 hours a day for almost a week, and people were able to respond at any given time.

MegaplanIT gives me alerts and metrics about any security situation. Every time that we have an issue or someone within our environment does something that they shouldn’t, we send them an email, and we have a response within 5–10 minutes once they’ve already reviewed all the logs.

What did you find most impressive about them?

Megaplan IT’s staff has a lot of people cross-trained and with specialties. However, Jeff seems to be well-versed in almost everything. Every time I have a question about anything, their team knows the answer, which is very nice.

Are there any areas they could improve?

There’s nothing that MegaplanIT could improve. I’m pretty happy with them.

Any advice for potential customers?

It’s all about having open lines of communication.

Introduce your business and what you do there.

I’m the IT/networking director of Revelex Corp. We are a SaaS company that specializes in the travel industry.

What challenge were you trying to address with MegaplanIT?

MegaplanIT is helping us complete and meet our Payment Card Industry (PCI) compliance requirements.

What was the scope of their involvement?

MegaplanIT does yearly on-site audits, where they take care of auditing the systems, security, and processes that are required for PCI compliance. This annual audit is required for the type of work that we provide since we are considered a level-one service provider for PCI compliance.

Since there's sensitive data being transferred, transmitted, and stored, they come in and audit to make sure that our systems are secure and that we follow the best security practices. They also ensure that we adhere to PCI requirements, as far as all of the due diligence that we need to do in order to maintain and keep our system secure at all times.

They’ve done penetration testing that's needed for verifying the strength and capabilities of our software. They do anonymous external and internal penetration tests where they try to get as far as they can to see what is or isn’t exposed.

What is the team composition?

We work with about three people: the auditor that we deal with on a weekly basis, and a couple of supplementary people that talk to us about certain things that need more in-depth knowledge from both their side and ours Those people ensure that they’re documenting everything correctly, rather than just taking our explanation word-for-word. Also, if they don’t understand something that we do, they bring in additional resources who can understand and therefore translate that function. This ensures we’re documenting everything properly and doing what we say we’re doing.

The supplementary people submit documentation to their QA department. Then, they kick things off with the cardholder brands, like Visa and MasterCard, that we don’t deal with directly.

How did you come to work with MegaplanIT?

We were in the middle of changing auditors at that time. While doing some searches and reading reviews, MegaplanIT’s name came up a few times, and we decided to give them a try. After talking to them and looking at their credentials, they seemed like a good fit for us. The pricing and their credentials were two of the major reasons we chose them. 

How much have you invested with them?

We invest $25,000 per year.

What is the status of this engagement?

We started working together in January 2015, and we recently renewed our contract with them in 2020.

What evidence can you share that demonstrates the impact of the engagement?

They always make recommendations; there's been a couple of times when they suggest that we modify our systems because of the changing environments regarding credit card security. We have taken some of their suggestions to improve and offer more secure options to our customers.

One of the changes that they suggested has made some of our mundane logging correlation much easier for us. That has helped us with looking at one server versus going to multiple sources and then trying to correlate everything together.

How did MegaplanIT perform from a project management standpoint?

They are definitely above par. They have a nice flow for getting work done; after we do our kickoff call, there is some documentation that they want upfront. Then, we do weekly calls, during which we go over certain things and then preface the work that we are going to do over the next week. Everything moves along really smoothly. Finally,  we cover all of the ‘domains’ within the service that they're doing with us for the audit.

What did you find most impressive about them?

The fact that they're thorough and knowledgeable sets them apart.

Are there any areas they could improve?

I don't think I have an answer for that because I haven't had any issues. We've had nothing but a good relationship with them.

Any advice for potential customers?

Always be forward with your expectations, and they will be candid right back. We were honest about our expectations, and they were forward with us regarding what they could and couldn’t do.