WORK
How engagements unfold
The cases below are illustrative composites drawn from past work. Names and identifying details are changed. They show how ShieldWith AI approaches MDR, monitoring and response — not guaranteed outcomes for your environment.
MDR · BC LOGISTICS
When overnight alerts finally meant something
A regional logistics firm ran EDR and a cloud SIEM but had no overnight analyst. Alerts piled up until Monday; genuine credential abuse blended into the noise. ShieldWith AI onboarded their telemetry under a data-processing addendum, rebuilt correlation rules around shipping-portal logins and staffed 24/7 verification from our Vancouver SOC.
Within six weeks, false-positive volume dropped sharply after tuning. Two months in, an analyst flagged impossible-travel sign-ins tied to a compromised vendor account — verified before the attacker moved laterally. Containment guidance was issued within the hour; the client preserved logs for their insurer. The engagement continues on a monthly MDR retainer with quarterly executive summaries.
INCIDENT RESPONSE · SAAS
Containing a payroll redirect before payday
A Vancouver SaaS scale-up noticed a changed banking detail on a vendor invoice — almost subtle enough to pass. Their internal lead engaged our incident response retainer. We traced the change to a compromised mailbox rule forwarding finance threads to an external address.
Analysts guided mailbox isolation, rule removal and password resets across finance roles. AI-assisted log search accelerated timeline reconstruction; humans wrote the executive summary. No payroll went to the wrong account. A post-incident review updated detection for hidden inbox rules and added a targeted awareness module for finance staff. The client later expanded to full MDR coverage.
APPROACH
Four principles we bring to every file
Scope on paper first. No remote access, no log ingestion and no response actions without a signed agreement that names systems, contacts and authority levels.
Humans own escalation. AI ranks and clusters; analysts verify. Your team hears from us when a human has reviewed context — not when a threshold fired blindly.
Honest limits. We document what we cannot see — shadow IT, unmanaged personal devices, gaps in logging — rather than implying total visibility.
Feedback loops. Every false positive and every confirmed incident feeds detection tuning. The perimeter should get quieter and sharper over time, not noisier.
MONITORING · PROFESSIONAL SERVICES
Standing up overnight coverage for a ten-person IT team
A downtown Vancouver professional services firm had solid EDR on endpoints but no one watching logs after 18:00. Phishing attempts against partners often landed in evening inboxes. ShieldWith AI connected their identity and email telemetry, staffed verification through the night and established a morning handoff summary for their IT lead.
Within the first quarter, analysts verified three credential-stuffing attempts against partner portals — each contained before lateral movement. The client retained MDR services and added a cloud identity module when they migrated file shares to SharePoint. The engagement demonstrates how overnight eyes complement a capable internal team rather than replacing it.
See if our approach fits
Describe your stack and coverage gaps. We will respond with an honest assessment — including when MDR is not the right first step.
Talk to our SOC