Defeating Ransomware: Lessons from the Frontlines with Logically’s Roger Newton

Defeating Ransomware: Lessons from the Frontlines with Logically’s Roger Newton

At Seceon’s 2024 Innovation and Certification Days, one of the standout sessions was a conversation between Tom Ertel, our SVP of Technical Sales at Seceon, Roger Newton Jr., the brain behind the SOC at Logically. Roger shared some real-world insights into how Logically, one of Seceon’s largest partners, battles ransomware and other cyber threats using Seceon’s aiXDR platform.

Roger’s stories weren’t just theory—they were straight from the battlefield of cybersecurity. If you’re in charge of keeping your organization safe from attacks, buckle up. These are the kinds of war stories you can’t afford to miss.

Want to hear the full discussion? Check out the video here:

The Constant Battle: SSLVPN and Office 365 Attacks

Roger didn’t sugarcoat it: attackers love SSLVPNs and Office 365. They’re prime targets for brute-force attacks and credential stuffing. One of the biggest takeaways from his talk was how Logically is constantly fighting off attempts to break into these systems.

Roger described how cybercriminals often use stolen credentials from massive data dumps—like the infamous RockYou password list leak—to get a foothold in these environments. What makes this even more dangerous is that sometimes there are no login failures at all, so on the surface, everything looks fine.

That’s where Seceon’s platform steps in. According to Roger, “We’ve seen logins where there’s no failure, but Seceon immediately alerts us to an inbound threat.” This early detection is what allows Logically to stop these attacks before they become full-blown breaches.

Seeing What Others Miss: The Edge Vendor Firewall Incident

One of Roger’s most eye-opening stories involved an edge firewall vendor. Logically was monitoring traffic through Seceon’s platform when something suspicious popped up. After digging deeper and running packet captures, the team realized the vendor had a CVE (Common Vulnerabilities and Exposures) they weren’t even aware of.

Thanks to Seceon’s real-time monitoring, Logically could see the threat before anyone else. Roger explained, “We contacted the vendor, presented them with the data, and they released a CVE. We were seeing things before they even knew about it.” That’s the kind of proactive security that can save companies from massive data breaches and costly downtime.

Managing the Chaos: Taming 400+ Alerts Per Day

When your SOC is managing security for over 600 customers, as Logically does, you’re going to deal with an overwhelming number of alerts. In Roger’s case, that’s more than 400 per day. Without an AI-powered platform like Seceon’s aiXDR, that flood of information could drown even the most seasoned SOC team.

But Seceon’s platform is built to help teams focus on the threats that matter most. “We average roughly one alert per customer per day,” Roger said. That means instead of being buried under a mountain of false positives, Logically can zero in on the real threats. And when it comes to cybersecurity, being able to prioritize means everything.

The Early Warning System for Ransomware

Ransomware is the stuff of nightmares for IT leaders, and Logically has dealt with its fair share of attempted attacks. Roger made it clear that the real trick to stopping ransomware is catching it in the early stages—before encryption begins. That’s where Seceon’s aiXDR shines.

One of the key indicators of a potential ransomware attack is data exfiltration. “We start to see that exfiltration and the AI saying, ‘Hey, this device has never connected to this IP,’” Roger shared. That’s the signal for Logically to jump into action and shut the attack down before it can spread.

It’s not just about stopping the initial intrusion, though. Roger talked about how critical it is to monitor for lateral movement—when attackers move from one part of the network to another. Seceon’s platform detects these early signs of compromise and alerts Logically’s team so they can isolate the threat.

Reporting: The Unsung Hero of Cybersecurity

While stopping attacks is critical, Roger emphasized the importance of reporting in building trust with clients. After all, your customers need to know what’s happening in their environments—and they need proof that you’re protecting them.

Roger recalled an incident where a client was facing a denial-of-service attack. The customer’s ISP claimed it wasn’t a DoS attack, but Logically used Seceon’s reporting features to show the inbound data that was causing the disruption. That transparency was crucial in getting the client the help they needed.

Seceon’s customizable reports are another game-changer. Whether it’s a SOC report or a detailed security posture review, Roger’s team can generate exactly what their clients need. “If a customer wants to know about every failed SSLVPN login, we can build a custom report for that,” Roger said. That kind of flexibility makes all the difference in keeping customers informed and satisfied.

A Partnership That’s Built to Last

One of the most powerful themes throughout Roger’s talk was the strength of Logically’s partnership with Seceon. Roger has worked with plenty of other SIEM solutions over the years, but none have matched Seceon’s level of responsiveness.

“I can send a request, and two weeks later, I have a hotfix in my hands,” Roger said. That’s the kind of speed and support that keeps Logically coming back. It’s not just about buying a product—it’s about building a relationship where both parties are constantly improving together.

Conclusion: What You Can Learn from Roger’s Experience

Roger’s stories from the frontlines of cybersecurity offer a clear blueprint for how MSPs and MSSPs can use Seceon’s aiXDR platform to defend against today’s biggest threats. From catching SSLVPN and Office 365 attacks early to stopping ransomware before it takes hold, Seceon provides the tools you need to stay ahead of the game.

Here’s what you can do to apply Roger’s lessons in your own organization:

  • Invest in proactive monitoring: Detect threats before they escalate by using platforms like Seceon’s aiXDR that go beyond traditional alerting to provide real-time visibility.
  • Leverage AI to reduce alert fatigue: Don’t let your SOC drown in false positives. Use AI to filter out noise and focus on high-priority threats.
  • Customize your reports: Show your customers the value you bring by providing them with tailored reports that address their specific needs.
  • Partner with vendors who listen: Work with technology providers who are responsive to your needs and committed to improving based on your feedback.

In the ever-evolving battle against cybercrime, having the right tools and partnerships can make all the difference. As Roger’s experience with Seceon shows, staying ahead of ransomware and other threats is possible when you have a proactive, adaptable approach to cybersecurity.


Seceon’s aiXDR is helping MSPs and MSSPs like Logically fight back against ransomware, and it can help you, too. Ready to take your cybersecurity to the next level? Let’s talk! You can schedule a demo today here.

Leave a Reply

Your email address will not be published. Required fields are marked *