Fluid Attacks

BACKGROUND

Introduce your business and what you do there.

I’m the CEO of Libera Supply Chain Finance. We assist companies with cash flow management by providing a technological platform that’s connected with their ERPs and the banking cores of different financial institutions.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We needed cybersecurity services.

SOLUTION

What was the scope of their involvement?

Fluid Attacks provides cybersecurity services. They use a platform to manage all of their findings. They give us evidence and provide advice on new findings.

What is the team composition?

There are at least three people. The key account manager takes care of our company, but we usually have to share information with some other guys on their team.

How did you come to work with Fluid Attacks?

We knew one of their owners before, but we also got several recommendations about their company.

How much have you invested with them?

My company has spent $8,000.

What is the status of this engagement?

We started working together in February 2019, and the work is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Fluid Attacks’ work is fabulous. They’ve covered a lot of vulnerabilities in our platform.

How did Fluid Attacks perform from a project management standpoint?

They’re very agile. Any time I send an email or try to get in contact with them, they get back to me with the right information very quickly. Their service is really good.

What did you find most impressive about them?

They try to understand their client’s business in order to improve their value proposition.

Are there any areas they could improve?

No, I’m very happy with their service.

BACKGROUND

Introduce your business and what you do there.

I’m the chief information security officer (CISO) at a regional airline operating in Latin America and internationally.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

With Fluid, we have executed ethical hacking and security evaluation exercises on our apps for static and dynamic code.

SOLUTION

What was the scope of their involvement?

I’m not sure of the exact technologies they use, as they have their own tools.

What is the team composition?

The team is made up of around five people.

How did you come to work with Fluid Attacks? 

They were recommended to us by other organizations that had worked with them before.

How much have you invested in them?

Around $220,000 USD.

What is the status of this engagement?

We started working with them in May 2018 and will continue working with them until December 2019.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They’ve given us the tools to find resources to take care of certain cybersecurity issues in our company.

How did Fluid Attack perform from a project management standpoint?

They’ve met all deadlines, and we gave them very precise delivery dates. The reports they delivered were also very good—helpful and of great quality.

What did you find most impressive about them?

The accompaniment they have provided is outstanding. They’ve even joined us in meetings with senior management. That has been an important value-add.

Are there any areas they could improve?

I couldn't say anything. We’ve had a great experience with them.

BACKGROUND

Introduce your business and what you do there.

I’m the operations and infrastructure manager at a global HR firm.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We hired Fluid Attacks for security testing.

SOLUTION

What was the scope of their involvement?

Fluid Attacks performed security testing on one of our apps. They did manual analysis using their own tools and methodology.

What is the team composition?

We worked with a project manager and a security analyst.

How did you come to work with Fluid Attacks?

Another company referred them.

What is the status of this engagement?

The project was from May–June 2019.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We not only achieved our goal for the security test but exceeded it. Fluid Attacks provided clear reports and excellent solutions and recommendations. In general, the quality of their work was great.

How did Fluid Attacks perform from a project management standpoint?

Fluid Attacks communicated seamlessly. They always updated us on their progress and provided feedback.

What did you find most impressive about them?

My company was very satisfied with their high-quality services. Their team’s strong technical skills and knowledge were reassuring to us.  

Are there any areas they could improve?

There are always things to improve, but their service was just great.

BACKGROUND

Introduce your business and what you do there. 

I’m a cybersecurity manager at a bank.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We hired Fluid Attacks for security analysis services.

SOLUTION

What was the scope of their involvement?

Fluid Attacks did code analysis of our partner company’s online services web app. They checked the app for development and code flaws. The team used different analysis and detection tools.

What is the team composition?

We didn’t have a specific number of developers assigned to the project. Their team didn’t work on our premises.

How did you come to work with Fluid Attacks?

We were looking to perform a deeper analysis to find real improvement proposals and not just false positives.

What is the status of this engagement?

We worked on a yearly contract, which recently ended. We are looking forward to renewing our contract with them.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We were very happy with their services, which were exactly what we expected. Their deep analysis services uncovered areas for improvement. 

How did Fluid Attacks perform from a project management standpoint?

My team was pretty satisfied with their project management; their services were very good.

What did you find most impressive about them?

Their agility was impressive. My team tends to linger on projects, but Fluid Attacks was always agile and pushing us forward.

Are there any areas they could improve?

I think everything was great.

BACKGROUND

Introduce your business and what you do there.

I’m the CTO at Payvalida, an e-payments company. We provide payment system services to companies in Latin America; 70% of our operations are in Colombia, but we also operate in Peru, Ecuador, and Costa Rica.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We manage credit card information, so security services are vital to our business.

SOLUTION

What was the scope of their involvement?

Fluid Attacks provides ongoing ethical hacking services. Every time we make changes to our software, Fluid Attacks ensures that our code and processes correspond to certain security measures and norms. They deploy their own tools and change them according to the project. 

Fluid Attacks has contributed to making our coding more agile. They have also helped us to adopt more standard strategies and processes.

What is the team composition?

I believe three security analysts are working on the project, but the team fluctuates. They’re about to add new analysts to the project.  

How did you come to work with Fluid Attacks?

I’ve been aware of Fluid Attacks since they became a company, and I’ve always liked their methodology and evolution. When my company needed security services, I thought of Fluid Attacks because they are so well-versed in this area.

How much have you invested in them?

My company spends about 8 million Colombian Peso each month (approximately $2,500 USD).

What is the status of this engagement?

We started working with them in September 2018, and our collaboration is continuous.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They’ve helped us identify security issues that we hadn’t considered before. By making our coding more agile, Fluid Attacks has allowed us to detect vulnerabilities earlier and be clearer on the risks we’re taking, all of which helps us to make more informed decisions.

How did Fluid Attacks perform from a project management standpoint?

We haven’t experienced any inconveniences thus far concerning project management. We keep in touch using their vulnerability identification platform. Since Fluid Attacks provides an ongoing service, we don’t have many set deadlines.

What did you find most impressive about them?

They are a very dedicated team. Fluid Attacks is skilled at finding vulnerabilities. They’ve proposed many crucial ideas that guide how we made decisions regarding security.

Are there any areas they could improve?

It is impossible to be perfect at what they do, but they do it very well and are always improving.
 

BACKGROUND

Introduce your business and what you do there.

I’m the development lead at Enterdev, a technology company that develops corporate solutions for process automation. One of our solutions is Agility, a robotic process-automation solution. We have a presence in Mexico, Panama, Salvador, Guatemala, Peru, Colombia, Brazil, and Spain, with more than 22 robots operating in these countries.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

My company needed security vulnerability testing services.

SOLUTION

What was the scope of their involvement?

Fluid Attacks does ethical hacking of our Agility platform. They monitor vulnerabilities within the platform and check coding good practices. The team uses precise reporting tools.

What is the team composition?

We interact with around three individuals, but I know they have a bigger team involved in the project.

How did you come to work with Fluid Attacks?

One of our clients recommended Fluid Attacks. We had actually heard of them before that, as they are well-known in the Medellin market.

How much have you invested in them?

At the moment, we pay a monthly fee of around 3 million Colombian Peso (approximately $940 USD).

What is the status of this engagement?

We started working with them in November 2018, and our engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Fluid Attacks provides detailed vulnerability reports and technical support, so that we have a full overview of their work.

How did Fluid Attacks perform from a project management standpoint?

Project management is great. Communications are prompt, and Fluid Attacks is always available and open to solving any issues.

What did you find most impressive about them?

Their customer support and professionalism are remarkable. They made it very clear to us as the client what services we were investing in and the importance of those services.

Are there any areas they could improve?

We haven’t had any inconveniences so far.

BACKGROUND

Introduce your business and what you do there.

We are a financial entity with a presence in Salvador, Honduras, and Guatemala. I’m in charge of information security, and I’ve worked for the company for eighteen years.

OPPORTUNITY / CHALLENGE

What challenges were you trying to address with Fluid Attacks?

We hired Fluid Attacks to find cybersecurity vulnerabilities using an approach similar to black-box security testing.

SOLUTION

What was the scope of their involvement?

Fluid Attacks used online search tools and tools of their own to test our online banking system for vulnerabilities.

What is the team composition?

We work with around three team members from Fluid Attacks.

How did you come to work with Fluid Attacks?

They contacted our organization directly, so I did some research on their local clients and working methodology. They had very good references, and we found them to be professional and have excellent norms and procedures. We asked them for a budget, and they came up with an interesting proposal. We decided to start working with them.

How much have you invested in them?

My company has spent $14,000.

What is the status of this engagement?

We started working with them in May 2019, and the work is ongoing. The project should conclude soon.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

We’ve had great results. Fluid Attacks presented important findings that we’d never identified in our own security system. Generally speaking, the project went well, and my company’s management is happy with the results.

How did Fluid Attacks perform from a project management standpoint?

Their communication is very efficient and fluid; we use email and WhatsApp. Fluid Attacks also utilizes a cloud tool to share their progress and allow us to follow up.

What did you find most impressive about them?

Their timing, follow-up, and availability set them apart. They are a very professional firm, and I hope to work with them again in the future.

Are there any areas they could improve?

We have a working methodology that is very different from theirs, so we are in the process of finding one that adapts to both.

BACKGROUND

Introduce your business and what you do there.

I’m the director of business intelligence and corporate development at a regional bank.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

External sources indicated that our website and mobile app were vulnerable to attack. My company hired Fluid Attacks to resolve these vulnerabilities.

SOLUTION

What was the scope of their involvement?

Fluid Attacks created a report to show us the vulnerabilities on our website and mobile app. They’re using various software tools to do code reading and recognition.

What is the team composition?

We work with two team members from Fluid Attacks.

How did you come to work with Fluid Attacks?

We belong to an international corporation, and one of our partner firms had worked with Fluid Attacks. We evaluated three suppliers before choosing Fluid Attacks.

How much have you invested with them?

My company has spent $25,000.

What is the status of this engagement?

We began working with them in April 2019, and we’re continuing to work together.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They’ve discovered vulnerabilities that we didn’t know we had. Their recommendations have helped us improve our overall security at a foundational level.

How did Fluid Attacks perform from a project management standpoint?

Communication is fluid. We receive daily updates via WhatsApp, and we also communicate via calls.

What did you find most impressive about them?

Having worked with other vendors, I can confirm that Fluid Attacks is very professional. They provide a comprehensive range of services; they not only find vulnerabilities but also offer insights on our approach to security. Their manner of communicating and working is adaptable and smooth. They have great references.

Are there any areas they could improve?

I don’t have any complaints. If I had to identify something, they could improve their costs.

BACKGROUND

Introduce your business and what you do there.

I’m the director of corporate security at Banistmo, a bank and financial services company that is part of the Bancolombia Group. I’m in charge of physical security, monitoring, research, IT, and cybersecurity.  

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We hired Fluid Attacks to provide vulnerability testing.

SOLUTION

What was the scope of their involvement?
Fluid Attacks provides our ethical hacking tests, which upper management requires.

We are also working with Fluid Attacks on an important project that involves the development of several transformational tools. Fluid Attacks is testing all of the innovations for vulnerabilities so that we know these tools will be clean when we launch them.  

What is the team composition?

We have one primary point of contact that we meet with regularly. My team also meets with Fluid Attacks’s general manager once or twice a month.

How did you come to work with Fluid Attacks?

Fluid Attacks already worked with the Bancolombia Group, and the results that they'd achieved inspired us.

How much have you invested in them?

I’m not sure about the project, but yearly ethical hacking tests cost around $70,000–$90,000.

What is the status of this engagement?

We began working with Fluid Attacks in 2014, and the engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

Each year, we report the results of Fluid Attacks’s tests and use them to execute changes both internally and externally. Fluid Attacks go above and beyond to prevent vulnerabilities.

How did Fluid Attacks perform from a project management standpoint?

They maintain a close partnership.

What did you find most impressive about them?

I do not see them as a supplier, but as a strategic partner. We’ve continued to engage them because they not only provide services but work closely with us. They also stand out for their professionalism and technical abilities.

Are there any areas they could improve?

I’m not directly managing the project that they're currently working with us on, but I haven’t heard any complaints or negative comments. Everything is going well.

BACKGROUND

Introduce your business and what you do there.

I’m communications and security analyst at a tech solutions company.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with Fluid Attacks?

We’d developed mobile applications and we needed to double check security matters before the launch. 

SOLUTION

What was the scope of their involvement?

We had two apps that they worked on. First, they performed a code analysis, examining the static and dynamic codes of the apps. Then, they analyzed the Android application package.

What is the team composition?

I’m not sure how many developers were involved. We were in contact with a project manager.

How did you come to work with Fluid Attacks?

We were searching for companies that could provide us this service. Some were recommended to us, so we evaluated them according to different variables. Our purchase department chose Fluid Attacks after this analysis, as they were the best ranked.

How much have you invested in them?

We’ve spent about 4 million Colombian pesos (approximately $1,300 USD) per month per app, or around 10 million Colombian pesos (approximately $3,200 USD) per month in total.

What is the status of this engagement?

We started working with them in February 2018 and the engagement is ongoing.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

They deliver very effective and professional work, while they are always available and ready to work on anything we need. They’re a very good company to work with.

How did Fluid Attacks perform from a project management standpoint?

They use a project management platform through which we can see the work and any follow up that’s required. We use a measure called Delta, which tracks the amount of code that has been checked.

What did you find most impressive about them?

They have great professionals working with them, and particularly excel at project management and customer service.

Are there any areas they could improve?

We don’t have anything negative to say about them so far.