Cyber Security Services

OnDefend helps prevent corporate cyber attacks before they happen by strengthening our client’s IT security posture through cyber security testing and remediation management solutions. 

We provide our security services directly to companies across the United States and around the globe. Our client’s sizes range from fortune 500 to mid-sized regional corporations. 

All OnDefend security services and products seamlessly integrate into our clients existing environment and organization helping them increase their security testing bandwidth as well as their remediation management capabilities.

Additionally, we can deliver our services through strategic partnerships with other service providers to help them round off, supplement or scale their current offerings to meet increasing market demand.

 
$5,000+
 
$150 - $199 / hr
 
10 - 49
 Founded
2015
Show all +
Jacksonville, FL
headquarters
  • OnDefend
    4063 Salisbury Road, Suite 107
    Jacksonville, FL 32216
    United States

Reviews

Sort by

Network Penetration Test for Title Insurance Company

"OnDefend broke things down in a very detailed way. It took all of the guesswork out of applying fixes."

Quality: 
4.5
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
Confidential
 
Nov. 2016 - Jan. 2017
Project summary: 

OnDefend conducted external and internal tests to ensure the cybersecurity of the company. All systems were targeted in order to identify any existing vulnerabilities.

The Reviewer
 
10,001+ Employees
 
Florida
Chief Information Security Officer, Title Insurance Company
 
Verified
The Review
Feedback summary: 

OnDefend found a number of vulnerabilities and provided easy-to-understand reports for taking action. They also helped determine which ones needed to be targeted more urgently. Their work exceeded expectations and they were responsive and flexible to scope changes without charging extra.

BACKGROUND

Introduce your business and what you do there.

I’m the information security officer for a Fortune 500 company that handles title and escrow work. Our business is involved in the majority of transactions for real estate throughout the United States.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with OnDefend?

We conduct annualized, ethical penetration testing and I rotate companies every couple of years. The challenge to OnDefend was to identify any vulnerabilities or gaps in both our external facing perimeter as well as on our on-premise or internal network that could be exploited and leveraged by threat actors.

SOLUTION

What was the scope of their involvement?

We met and walked through the scope of the engagement to determine the size and complexity of the work. It consisted of 2 different exercises—an external and an internal assessment—which we set goals (trophies) for. Externally, the company was looking for them to potentially compromise some of the key systems and then do the same thing on the internal side.

We identified a few targets for them to go after for each portion of the engagement. They approached the task as what we call a black box, meaning that they had no prior working information of my network, which would be the same for a threat actor. Then, they executed their testing engagement based on that criteria.

Externally, the testing was remote. They used a combination of both commercial off-the-shelf tools as well as manual and proprietary techniques and tool systems. For the internal engagement, they provided a sensor appliance that we plugged into our network and did about 30 minutes of configuration to make sure that it communicated properly back to their probes on the internet. From there, all of the work was remote.

The test is done at least once a year. They can also do targeted application assessment reviews, which is what we are planning to do next with them.

What is the team dynamic?

I mostly interacted with one of their managing partners as well as their technical support director. All of the technicians were top rated and had extensive backgrounds in this type of work.

How did you come to work with OnDefend?

They’re in the same town where we’re headquartered, so I found them by word of mouth. We met at a trade show and they provided some sample reports for me to review prior to the engagement. I’ve done this for over 15 years, so a lot of it really comes down to the delivered report and how easy it is to translate technical jargon into actionable events that we can manage and remediate against. 

What is the status of this engagement?

We started working together in November 2016 until January 2017.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

I really liked the quality of the deliverables and we were able to quantify the number of vulnerabilities we had based upon the PTES standard. Using industry standard ratings, we were able to determine which ones were critical and which ones were high, medium, or low.

They also provided the technical implementation difficulty factor, determining which vulnerabilities were difficult to exploit but easy to fix or which ones were easy to exploit and difficult to fix. It helped the team quantify the focus of which vulnerabilities or exploits we wanted to target because of the criticality that they rated. They also determined how much time and effort it that would take in terms of manpower and budget. When they found vulnerabilities, it was my responsibility to correct them.

How did OnDefend perform from a project management standpoint?

Their performance was outstanding and exceeded my expectations. They were very responsive through email and phone calls. I would usually have a response within the same business day. They also had a website that I was able to log into and see the results as well as the details of the vulnerabilities in an easy to consume dashboard application.

What did you find most impressive about them?

They were really flexible in terms of scope, target, and output. I changed the scope on them a couple of times, wanting to focus on other IP address ranges or assets. They said it wasn’t a problem and it didn’t increase the cost; we just readjusted the work effort.

For the final deliverable report, they sent me graphs to review. They were very responsive and receptive to feedback and made the adjustments in the final report based on that.

Are there any areas they could improve?

No. They were very pleasurable to work with. They adjusted their output to make it digestible for both my executive management team and my technical support team. The challenge I had in the past with other companies was that their deliverables were so technical that my team wouldn’t address things immediately and would forget what the issue was.

OnDefend broke difficult concepts into easy to digest terms but in a very detailed way. It took all of the guesswork out of applying fixes, what you need to do to remediate it, and why it needs to be addressed. It’s positive feedback all the way around for OnDefend.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
    They adjusted to my schedule.
  • 5.0 Cost
    Value / within estimates
    They’re very affordable compared to other firms I’ve used in the past.
  • 4.5 Quality
    Service & deliverables
    It was very well executed documentation that was easy to understand at both a technical and an executive level.
  • 5.0 NPS
    Willing to refer
    I’ve recommended them before.

Network Testing & Segmentation for IT Services Company

“Their knowledge and skill level is where it needs to be for what they are doing.”

Quality: 
5.0
Schedule: 
5.0
Cost: 
5.0
Willing to refer: 
5.0
The Project
 
$10,000 to $49,999
 
Aug. - Aug. 2017
Project summary: 

OnDefend performed network and system penetration testing to ascertain the cybersecurity for an e-commerce company that works with online payments. Providing testing twice per year, the relationship continues.

The Reviewer
 
1-10 Employees
 
Gainesville, Florida
Brad House
CTO, Main Street Softworks
 
Verified
The Review
Feedback summary: 

OnDefend identified unknown security vulnerabilities and helped to protect against future compromise. Paired with excellent customer care and responsive communications, they impressed with their expertise and experience in the field.

BACKGROUND

Introduce your business and what you do there.

I am the CTO of Main Street Softworks. We provide a payment gateway as well as payment applications. Security is a big concern for us.

OPPORTUNITY / CHALLENGE

What challenge were you trying to address with OnDefend?

We wanted to ensure that our attack vectors were as minimal as possible in our software and services, eliminating the possibility of being compromised.

SOLUTION

What was the scope of their involvement?

The latest test they did for us was a network and system penetration test. They came on-site and worked with us to gain access to our restricted VLAN [Virtual LAN] in order to be able to pen test the actual servers and services running within those zones. They also made sure that those services couldn’t access other services in different zones and also made sure that they couldn’t do VLAN hopping and things like that. All the VLAN tests were done on-site because of our security policies. They also performed an external penetration test, testing what the rest of the world is able to see, to make sure that we didn’t realize something was exposed on the Internet. The tests took about 2 weeks total, and they were on-site doing the tests for half a day on 3 or 4 different days.

Essentially, the test starts out with a port scan to figure out what ports are open. From there, it is actively evaluating the services for any known security holes or misconfigurations such as default passwords that are still in use, security settings not being tightened such as the wrong ciphers for the SSL services, etc. If he finds an active issue, he tries to exploit it to see if maybe it was a false positive in one his tools. If he can exploit it, obviously it is a bad thing, but in our testing, he was not able to exploit any vulnerabilities.

What is the team dynamic?

We worked with Ben Finke [Co-Founder and Director of Information Security Operations and Management, OnDefend].

How did you come to work with OnDefend?

We are active in the local Linux groups, and Ben was recommended to us by one of the individuals in there.

How much have you invested in them?

We spent between $10,000–$50,000.

What is the status of this engagement?

We worked with them in August of this year, and it was a short engagement.

RESULTS & FEEDBACK

What evidence can you share that demonstrates the impact of the engagement?

In the software penetration testing, they found some low and medium security vulnerabilities we had to correct, which were things our own engineers hadn’t realized were there. Their knowledge and skill level is where it needs to be for what they are doing.

How did OnDefend perform from a project management standpoint?

They are very responsive and reply the same day. When they said they would be on-site, they were on-site. They provide testing twice yearly. One test is a full network penetration test, and the other test is simply a segmentation test. Most of our communication is direct with Ben Finke via email, and he provides us with a full written report.

What did you find most impressive about them?

Their knowledge and experience have been impressive. Ben is the main person we have been working with, and he is definitely a security expert.

Are there any areas they could improve?

The only recommendation going forward is to not change as they grow. I hope they stay as they are, in comparison to some of the other big security companies we deal with in terms of their responsiveness and customer care.

5.0
Overall Score
  • 5.0 Scheduling
    ON TIME / DEADLINES
    We were able to get Ben on-site when we needed him. He had to submit a report to our PCI auditors, and he was able to do that within their required timeframe.
  • 5.0 Cost
    Value / within estimates
    We have over 100 VMs and 20 VLANs, and the cost was highly competitive in the market.
  • 5.0 Quality
    Service & deliverables
    The report they provide at the end is extremely detailed and is something great to have on hand to be able to review and compare against future reports.
  • 5.0 NPS
    Willing to refer
    There is absolutely no reason not to use them.