DFIR, account takeover response, Microsoft 365 investigations, tenant cleanup, and security readiness — with a clean handoff into managed SOC monitoring when ongoing protection is needed.
Trusted by Connecticut Law Firms,
CPA Practices, & Insurance Agencies.
Black Tower Cyber focuses on incident response, cloud forensics, Microsoft 365 investigations, tenant hardening, and readiness projects. Ongoing monitoring is available as a SOC-as-a-Service handoff instead of forcing every client into a full MSSP model.
For active incidents, suspicious activity, malware alerts, cloud compromise, and situations where you need answers fast.
Focused response for compromised Microsoft 365 accounts, suspicious mailbox activity, fraudulent invoices, and wire fraud attempts.
A structured review of the Microsoft 365 tenant before monitoring, cleanup, insurance renewal, or post-incident hardening.
We clean up risky Microsoft 365 settings before they become incidents or before the client moves into SOC monitoring.
Preparedness projects for businesses that need incident plans, evidence folders, tabletop exercises, and insurance control validation.
After an incident, assessment, or cleanup, clients can move into managed monitoring instead of staying exposed.
Black Tower Cyber handles the incident, investigation, assessment, and cleanup. If the client needs ongoing protection, we transition them into SOC-as-a-Service monitoring powered by Huntress, with serious incidents escalating back to Black Tower Cyber.
IR, DFIR, ATO, BEC, cloud review.
Clean the tenant and reduce attack paths.
SOCaaS handoff for ongoing coverage.
We do not replace your IT provider. We focus on security incidents, identity risk, Microsoft 365 hardening, and the escalation path your business needs when something goes wrong.
Contact UsInvestigate the incident, identity activity, mailbox changes, cloud logs, and attacker path.
Contain the threat, revoke sessions, remove malicious rules, clean apps, and harden access.
Document what happened, what was affected, and what needs to change next.
When monitoring is needed, transition the client into SOCaaS through Huntress MDR, ITDR, SIEM, and SAT.
Black Tower Cyber is built for companies that need answers during a security event, not another vague technology bundle. The focus is incident response, account takeover investigation, Microsoft 365 forensics, tenant cleanup, and practical security readiness.
Instead of presenting as a full MSP or broad MSSP, BTC operates as the investigation and hardening side of the business. When a client needs ongoing monitoring after an assessment or incident, the handoff is made into a SOCaaS model powered by Huntress.
This keeps the service realistic, professional, and aligned with what clients actually need: find out what happened, contain the issue, clean up the environment, document the outcome, and monitor what matters going forward.
The best fit is a 10 to 50 employee organization that relies on Microsoft 365, handles sensitive data, and needs incident response or security readiness without hiring a full-time security department.
Privileged email, wire instructions, client files, and high-impact business email compromise risk.
Tax records, payroll access, sensitive PII, and seasonal spikes in phishing and credential theft.
Closing documents, escrow communication, and wire fraud scenarios where one inbox can change everything.
Consultants, insurance agencies, finance teams, and SMBs that need practical cyber response.
Black Tower Cyber handles the high-skill work: investigations, tenant assessments, hardening, reports, and readiness. If the client needs ongoing monitoring, they are moved into a managed security monitoring model with direct escalation back to BTC when something serious happens.
Assessment or incident response creates the trust. Tenant cleanup reduces risk. SOCaaS keeps watching after the project. BTC stays positioned as the expert response team, not a generic MSP.
ATO, BEC, phishing, M365 audit review, or a security readiness assessment.
Revoke sessions, enforce MFA, clean inbox rules, remove risky apps, improve Conditional Access, and document changes.
Deliver a written summary, timeline, findings, risk explanation, and practical remediation roadmap.
Ongoing Huntress MDR, ITDR, SIEM, SAT, reporting, and alert escalation through SOCaaS when the client needs recurring protection.
The focus is not generic IT support. BTC is designed for high-impact security events involving identity, email, Microsoft 365, cloud evidence, and business risk.
A user reports odd emails and a vendor asks about changed payment instructions. BTC reviews sign-ins, sessions, inbox rules, forwarding, OAuth apps, message trace, and impact.
A company wants monitoring, but the tenant has weak MFA, risky app consent, stale admins, forwarding exposure, and no clear response process. BTC assesses and cleans first.
A business needs to prove MFA, EDR, backups, awareness training, and response procedures. BTC validates controls and builds the evidence folder.
BTC engagements are structured so the client knows what is being reviewed, what will be delivered, and what the next recommended step is.
Identify the incident, tenant, business risk, affected users, reporting needs, and urgency.
Preserve logs, export evidence, review identity activity, and capture relevant configuration data.
Remove attacker access, revoke tokens, reset credentials, clean malicious rules, and reduce immediate exposure.
Deliver findings, timeline, remediation plan, and a SOCaaS or hardening recommendation if ongoing risk remains.
Use BTC for active incident response, M365 account compromise, tenant assessments, hardening projects, insurance readiness, or a SOCaaS monitoring handoff.
Active Incident
Account takeover, BEC, phishing, malware, or suspicious access.
Planned Project
Assessment, cleanup, hardening, tabletop, or insurance readiness.
Tell us what happened or what you want reviewed.