Pratum Blog

Pratum will expand IGI’s portfolio with the addition of Pratum’s Security Operations Center (SOC), Managed Extended Detection & Response (XDR) Service and additional cybersecurity services.

Iowa-based information security company Pratum, Inc. (Pratum) has announced plans to be purchased by Infinite Group, Inc., IGI, (OTCQB:IMCI), a cybersecurity company based in Pittsford, NY. This acquisition is anticipated to bring both top-line revenue and profitability to IGI as it executes on its acquisition rollup strategy.

Pratum is an information security services firm founded in 2008 that helps guide organizations to the right balance of information security, IT risk management, and compliance. With approximately $4.3 million in annual sales, Pratum provides cybersecurity consulting services, security assessments, and SOC/XDR services, which is a strategic fit for IGI.

The acquisition of Pratum expands IGI’s company portfolio and increases its nationwide customer base. It is anticipated that the transaction, which is subject to customary closing conditions, will close in the first half of 2022.

“We are thrilled to enter into this agreement with Pratum and add their unique services, talent, and established brand name in cybersecurity to IGI,” said Andrew Hoyen, President and COO of IGI. “We are focused on the continued success of Pratum, along with our other divisions and subsidiaries, leveraging synergies across the corporation to drive revenue and profitability growth. Pratum adds more breadth of services and complements the overall offerings IGI brings to the market.”

IGI provides organizations with cutting-edge cybersecurity software, such as Nodeware®, and leading security services such as CISO TaaS™, PenLogic™ Penetration Testing, and will be adding Pratum’s SOC/XDR and consulting solutions.

Pratum will keep its name and continue to operate from its headquarters in Ankeny. Current Pratum Chief Administrative Officer Jordan Engbers will serve as President of Pratum, with Steve Healey remaining in his role as Chief Technology Officer and Megan Soat remaining in her role as Director of Security Services.

Pratum will operate as a wholly owned subsidiary under the IGI umbrella, joining IGI’s services division; IGI Cybersecurity; and the IGI CyberLabs subsidiary to enable IGI to provide a wide array of products and services to the cybersecurity market.

Pratum serves an expansive client portfolio that includes clients nationwide and overseas, ranging from small businesses to multinational corporations across industries. Pratum has offices and employees across the United States.

“Pratum becoming part of IGI not only helps the company accelerate its goals, but also enables Pratum to grow and broaden its customer and partner bases,” said David Nelson, Founder of Pratum. “Our clients will be able to manage their cybersecurity strategy with Pratum, as an IGI company, and have access to some of the best software and services available in today’s market.”

For more information or for investment inquiries, visit

About IGI

Headquartered in Pittsford, NY, with a remote workforce spanning the United States, IGI delivers people- and technology-driven cybersecurity for personalized, resilient cyber defense focused on individualized business strategy, enterprise-wide expertise, and unshakeable partnership. We are The Cybersecurity People™. IGI is also the OEM through its subsidiary, IGI CyberLabs, of the Nodeware® vulnerability management solution, an award-winning SaaS platform that continuously scans networks to identify critical vulnerabilities. Learn more at

Media Contact
Megan Brandow, Director of Marketing
This email address is being protected from spambots. You need JavaScript enabled to view it.
(585) 727-0983

About Pratum

Headquartered in Ankeny, IA, with a nationwide presence, Pratum is an information security services firm that helps clients solve challenges based on risk, not fear. We guide organizations to the right balance of information security, IT risk management, and compliance. Our consultants deliver on the following three promises to help clients meet their business objectives: 1) We'll be objectively honest. 2) We’ll bring you industry-leading insights. 3) We’ll focus on relationships. Learn more at

Media Contact
Trevor Meers, Director of Partnerships and Content
This email address is being protected from spambots. You need JavaScript enabled to view it.
(515) 339-1774

Safe Harbor Statement

This release may contain forward-looking statements that are based upon current expectations or beliefs, as well as a number of assumptions about future events, including the acquisition of Pratum by IGI and the anticipated benefits of that transaction. Although we believe that the expectations reflected in the forward-looking statements and the assumptions upon which they are based are reasonable, we can give no assurance or guarantee that such expectations and assumptions will prove to have been correct. Forward-looking statements are generally identifiable by the use of words like "may," "will," "should," "could," "expect," "anticipate," "estimate," "believe," "intend," or "project" or the negative of these words or other variations on these words or comparable terminology. The reader is cautioned not to put undue reliance on these forward-looking statements, as these statements are subject to numerous factors and uncertainties, including but not limited to: the successful completion of the acquisition of Pratum by IGI, including integrating the two businesses following such acquisition, adverse economic conditions, competition, adverse federal, state and local government regulation, international governmental regulation, inadequate capital, inability to carry out research, development and commercialization plans, loss or retirement of key executives and other specific risks. To the extent that statements in this press release are not strictly historical, including statements as to revenue projections, business strategy, outlook, objectives, future milestones, plans, intentions, goals, future financial conditions, events conditioned on stockholder or other approval, or otherwise as to future events, such statements are forward-looking. The forward-looking statements contained in this release are subject to certain risks and uncertainties that could cause actual results to differ materially from the statements made. Readers are advised to review our filings with the Securities and Exchange Commission that can be accessed over the Internet at the SEC's website located at, as well as IMCI's website located at

Image of computer alerts over dark background

Here’s the hard truth about monitoring solutions: Most companies haven’t properly configured their SIEM/XDR system. Logging millions of events per day may seem productive. But what good does it do if an IT team is overwhelmed with alert fatigue and learns to ignore most of notifications they get?

“The basic rules in your SIEM may be functioning, but they often aren’t functioning well,” says Pratum Chief Technology Officer Steve Healey. Read on to learn how trained SOC analysts leverage SIEM/XDR tuning to turn out-of-the-box rules into meaningful tools for reducing noise and alert fatigue while stopping attacks before they gain a foothold.

The Problem with Out-of-the-Box SIEM Rules

All SIEM solutions come pre-loaded with a large number of rules. Alert fatigue happens because standard rules can’t possibly work equally well in every environment. “The idea behind those rules is solid, but they’re generic,” Steve says. “The execution will lead to an enormous number of false positives and alert fatigue. You’ll have to tune the rules with additional logic specific to your business to create exceptions without impeding the rule’s original intent.”

Beyond SIEM vendors, many other tech vendors regularly issue new detection rules to close gaps discovered in their own products. Many of those rules also generate a flood of false positives. Pratum’s SOC analysts (who have managed multi-tenant SIEM/XDR solutions for more than a decade) review each new rule’s goal and customize it for every customer’s environment. “We don’t just disable ineffective rules,” Steve says. “We take the core intent of the rule and build it out to get high-fidelity results.” With this kind of tuning, Pratum recently turned 266 million monthly security events in one client’s environment into just 41 alerts sent to the client’s IT team.

Reducing Alert Fatigue

The real art of creating SIEM/XDR rules lies in finding the sweet spot of writing rules sensitive enough to detect real threats but not so sensitive that they cause constant false positives. Nobody wants to get an alert every time someone logs in from a coffee shop using a different IP address. But if a legitimate user who normally uses an iPhone suddenly logs in through an Android device in a new geographic location, that’s worth an alert.

The solution is a team of SOC analysts trained to create models of normal activity. By identifying patterns of typical activity, analysts help the system recognize a scenario that checks all the boxes to be suspicious—but actually isn’t. “We can create threat models based on baseline behavior so we know what’s normal and only send an alert when the pattern changes,” Steve says. “Machine learning can figure that out over time.”

(This blog provides a summary of the logic used to eliminate false positives.)

The following real-world scenarios illustrate how SIEM tuning modified standard rules into more accurate reporting tools that stop the alert fatigue.

Use Case #1:

Fighting Business Email Compromise

Pratum recently revised one rule intended to deal with the growing threat of business email compromise (BEC) attacks. In these situations, hackers take over a legitimate user account. Then they often create email forwarding rules that let them intercept a user’s messages and conceal the fact that the account has been compromised. Many SIEM solutions now include a stock alert designed to watch for the creation of suspicious forwarding rules. But Pratum’s analysts recognized that the stock rule wasn’t catching the forwarding rule hackers are using most right now. So Pratum’s SOC team wrote a new rule, had the Pratum penetration testing team attempt an exploit to validate the rule, then rolled the rule out to Pratum’s entire client base. The new rule not only identifies the activity, but can also automatically orchestrate a response to contain the threat.

Use Case #2:

Eliminating False Positives

“The intent of most rules is terrific. A lot of rules would be amazing if they were accurate 100% of the time. But they aren’t,” Steve says. Pratum’s SOC team noticed that one stock rule started generating 50 tickets a day for every organization Pratum manages. Less than 5% of the alerts were legitimate threats because the rule kept triggering when normal software operations took place.

The analysts disabled the rule to stop the flood of unactionable data, then rewrote it with complex logic that cut the false positives to almost zero. “Within 72 hours of enabling the new rule, it saved one of our customers from an intrusion that the stock rule missed,” Steve says.

Use Case #3:

Tailoring Rules for SMBs

SIEM developers rightfully talk a lot about their solutions’ machine learning capabilities. But the developers tend to focus their machine learning work on big customers, which means some of the tools don’t do much for small organizations generating a limited amount of monthly data. So Pratum’s analysts devote a lot of attention to modifying rule logic so that companies with, say, 30 employees benefit from the next-gen tools as much as companies with 1,000 employees.

For more information on how Pratum’s custom SIEM/XDR rules could make your organization more secure and efficient, contact us today.

Multiple padlocks overlaid on blue background

Ransomware is rapidly becoming everyone’s problem. If all the recent headlines have provided the wake-up call you need, we have the tips to help you prevent ransomware. Here's what you can begin doing today:

1. Patch Your Systems

A lot of IT leaders focus their battle against ransomware around stopping zero-day threats. But digest this fact: One recent analysis showed that almost two-thirds of system vulnerabilities involve bugs that were identified two years ago. That literally means that the majority of your vulnerabilities are already solved if you just make the effort to use available patches. Hackers love to grab low-hanging fruit. Don’t let them find it on your system. Get a vulnerability scan and then address the gaps.

2. Use Proper Port Settings

Leaving certain port settings open unnecessarily gives hackers an easy gate into your system. CIS Controls 9 and 12 offer information on some common settings to check.

3. Actively Monitor Your Systems

If a ransomware actor does get a toehold in your system, spotting it immediately lets you shut down the breach before things get out of hand. IBM reports that it takes 280 days to identify the average breach. You can do a lot better. The latest defense is a Managed Extended Detection and Response solution that constantly monitors activity, uses artificial intelligence to recognize multiple different acts as a brewing attack and actively steps in to shut down suspicious activity.

4. Segment your systems

By effectively isolating/air-gapping various parts of your system, you limit how far ransomware hackers can get if they penetrate one part of the network.

5. Limit Each User’s Access

Similar to the previous point, implementing a policy of least-privileged access and Identity and Access Management means you keep hackers from getting into your entire system if they compromise one user’s credentials.

6. Have a Robust Backup Strategy

Even if ransomware locks up your data, an effective backup of your data lets you quickly restore operations. Test the backup often to ensure it’s doing its job.

7. Plan Ahead

A detailed incident response plan helps everyone know what to do to limit the damage when you get a notice that you've been hit by ransomware. Breach costs are 38% lower for companies that have an IR plan in place before the breach.

8. Train Your Team—And Keep Training Them

Ransomware frequently gets onto a system when a user clicks a bogus e-mail link or falls for social engineering via text messages. Engaging every member of your team in cybersecurity of how it keeps the business running—will provide one of the best defenses. Provide regular training on the latest tricks in phishing and other social engineering tactics.

9. Get an outside opinion

An IT risk assessment, vulnerability scan and penetration testing all provide essential checks on your current cybersecurity posture and point to critical remediations you need to make.

Along with making your system more secure, these steps will almost certainly help you get a lower cyber insurance premium at a time when rates are rapidly increasing.

The Government's Response to Ransomware

The U.S. government is also stepping up its response. President Biden issued an executive order in May aimed at, among other actions, strengthening software security in federal agencies and creating a federal board to investigate major breaches. The administration says it intends to shift the focus from incident response to incident prevention.

Dozens of states are working on new regulations to step up cybersecurity across several industries. 

America continues to pressure Russia about its hacker-friendly climate since major attacks such as the JBS breach, the Colonial Pipeline attack and multiple others were almost immediately attributed to criminal organizations in Russia. But if you’re pinning your organization’s safety on the hope that Russia will crack down on hackers, you may also have a tendency to think vampires make excellent stewards of blood banks.

The fact is that the government can’t keep up. Hacking operations are well-run businesses employing some of the world’s best coders. They shift tactics constantly and engage in flexes like quoting your own cybersecurity policy back to you if you claim that you can’t afford the ransom they demand.

Contact Pratum to find out how we can help get your ready to stop ransomware attacks before they strike.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.