Success stories

Scaling at Speed: How Brainlabs Stays Ahead of a Rapidly Changing Attack Surface

Author

In just a few years, Brainlabs’ rapid growth through multiple acquisitions has expanded their attack surface at speed - bringing new assets, inherited environments, and unknowns into the fold. We spoke with Pawel Sieradzki, Global IT Director at Brainlabs, about how Intruder helps his team stay in control as the business continues to scale.

Meet Brainlabs: The Most Scientific Media Agency Powered by AI

Brainlabs is an integrated media agency powered by their proprietary AI platform, Cortex. They leverage real-time data to deliver results for clients around the world. With 11 offices across five continents, Brainlabs has grown from a single employee in 2012 to more than 1,000 team members worldwide, becoming one of the fastest-growing independent media agencies. Today, they partner with advertisers spending between $10M and $250M, and brands including Cloudflare, Walmart, Adidas, and Estée Lauder.

Key Stats

  • Industry: Advertising services
  • Company size: 1,000+ employees‍
  • IT and security team size: 15 engineers
  • Cloud platforms: 8 accounts across AWS, Azure, Google Cloud
  • Compliance frameworks: ISO 27001, ISO 27701, GDPR
  • Intruder plan: Enterprise‍ 

Rapid Growth = A Sprawling Attack Surface

“Our biggest challenge is our constantly changing attack surface - from organic growth, acquisitions, forgotten assets, and shadow IT.”

Brainlabs adopted Intruder more than three years ago to address the gaps left by annual pentests, which created long remediation backlogs and didn't align with their ISO 27001 goals. What stood out to Pawel was Intruder's "continuous approach and clear, prioritized results".

The move to continuous security proved crucial. The company has since completed 10 acquisitions, each introducing:

  • Known and unknown cloud accounts across different providers
  • Shadow IT created outside formal security processes
  • Infrastructure with varying levels of security maturity

On top of that, Brainlabs is a cloud-only organization. Combined with their rapid growth, new services are regularly spun up - increasing the risk of unknown or overlooked assets appearing in their environment.

From Reactive to Proactive Attack Surface Management

Brainlabs’ use of Intruder matured quickly. What began with scanning a handful of static targets evolved seamlessly into full attack surface management.

With Intruder’s automated asset discovery, the team uncovered two cloud accounts that were otherwise unknown. And with direct integrations into their AWS, Azure, and Google Cloud accounts, Intruder detects new assets the moment they’re deployed - ensuring anything spun up is automatically added to the platform for scanning.

Intruder detecting unknown cloud accounts

Intruder solves the exact challenges that come with Brainlabs’ fast-moving environment. For Pawel, that means:

  • Unknown assets are surfaced before they become a risk
  • Each acquisition’s attack surface can be discovered and assessed
  • Brainlabs' attack surface is continuously monitored as the business evolves
  • New assets are automatically scanned as soon as they’re deployed
“Having full visibility into what’s out there and what’s externally exposed has massively increased our confidence.”

Staying Ahead of New Vulnerabilities Without Getting Buried by Noise

Monitoring the attack surface is only half the battle. Pawel told us that one of the biggest challenges is keeping up with the new vulnerabilities that appear daily and knowing which ones affect Brainlabs. cvemon, Intruder's free vuln intelligence platform, has become part of his daily routine:

“cvemon is actually part of my morning checks. It’s one of the ways I stay up to date on what's going on in the ever-changing world of cyber security.”

Pawel says cvemon has saved him an “unquantifiable” amount of time compared to checking multiple sources himself, by giving him a clear view of each day’s trending CVEs in one place.

cvemon's dashboard

But the best part is that Intruder takes action automatically: Emerging Threat Scans check Brainlabs’ systems when new critical vulnerabilities are released, so the team doesn’t need to trigger scans manually.

“Emerging Threat Scans are a game changer. They allow us to stay on top of everything much easier, without hours spent checking sources or reconfiguring platforms.”

Both cvemon and Emerging Threat Scans give Brainlabs the confidence to tell customers exactly where they stand, often within hours. It means they can pre-empt questions like “Are you affected by X?” with definitive answers like “No” or “This was remediated within 24 hours”.

No Cloud Stress with Automated Daily CSPM Checks

“We were concerned about cloud breaches caused by misconfigurations. Intruder helps close that gap for us.”

Cloud misconfigurations are naturally a major concern for Pawel in a fast-changing, cloud-only environment. Intruder’s CSPM gives Brainlabs automated daily checks across all their cloud accounts, flagging issues that could expose sensitive data or weaken their security posture. These include common but high-impact misconfigurations such as:

  • Publicly accessible storage buckets
  • Overly permissive IAM roles and service accounts
  • Exposed databases or management interfaces
  • Misconfigured firewall/security group rules
  • Assets missing encryption, MFA, or logging controls

These daily cloud security scans give Brainlabs assurance that everything remains securely configured - something Pawel described as being "critical to managing cloud risk at the pace [their] business grows".

Turning Visibility into Action: Clear Priorities and Seamless Workflows

Intruder categorizes issues by severity and exploit likelihood, making it easy to prioritize real risk and focus attention where it matters most. Pawel told us this has made a noticeable difference for his team:

“What I like about the dashboard is how clearly it categorizes every issue. We can instantly see what’s critical, which helps our team prioritize and focus on what’s really important right now.”

This clarity has directly contributed to Brainlabs’ improved cyber hygiene score, with clearer prioritization supporting faster remediation.

Intruder also fits naturally into the workflows Pawel’s team relies on. Slack alerts mean that important information lands with the right people instantly. And the Jira integration means issues flow straight to engineering with the context they need to carry out fixes.

Built for Scale, Ready for What’s Next

With full visibility of their attack surface, continuous cloud security, clear prioritization, and seamless workflows, Brainlabs has the confidence to stay secure at scale. Looking ahead, Pawel is excited about Intruder’s ability to innovate quickly, keeping Brainlabs prepared for whatever security challenges come next.

“The most exciting part of working with Intruder is knowing the platform will keep evolving with us. Their innovation and pace of development mean we’re always equipped for what comes next.”

Grow fast, stay secure. Book some time to see Intruder in action.

Other success stories

Scaling at Speed: How Brainlabs Stays Ahead of a Rapidly Changing Attack Surface

With new acquisitions constantly reshaping their attack surface, Brainlabs relies on Intruder to find unknowns and stay secure as they scale.

How Yembo Turned Security from Roadblock to Growth Driver

With Intruder, Yembo won enterprise trust and closed deals faster - delivering enterprise-grade security with a startup-sized team.

Securing More With Less: How River Island Scaled Security Without Increasing Headcount

How a 3-person security team secures one of the UK’s biggest fashion retailers by gaining visibility and cutting friction with Intruder.

Sign up for your free 14-day trial

Try for free