What evidence can you share that demonstrates the impact of the engagement?
I really liked the quality of the deliverables and we were able to quantify the number of vulnerabilities we had based upon the PTES standard. Using industry standard ratings, we were able to determine which ones were critical and which ones were high, medium, or low.
They also provided the technical implementation difficulty factor, determining which vulnerabilities were difficult to exploit but easy to fix or which ones were easy to exploit and difficult to fix. It helped the team quantify the focus of which vulnerabilities or exploits we wanted to target because of the criticality that they rated. They also determined how much time and effort it that would take in terms of manpower and budget. When they found vulnerabilities, it was my responsibility to correct them.
How did OnDefend perform from a project management standpoint?
Their performance was outstanding and exceeded my expectations. They were very responsive through email and phone calls. I would usually have a response within the same business day. They also had a website that I was able to log into and see the results as well as the details of the vulnerabilities in an easy to consume dashboard application.
What did you find most impressive about them?
They were really flexible in terms of scope, target, and output. I changed the scope on them a couple of times, wanting to focus on other IP address ranges or assets. They said it wasn’t a problem and it didn’t increase the cost; we just readjusted the work effort.
For the final deliverable report, they sent me graphs to review. They were very responsive and receptive to feedback and made the adjustments in the final report based on that.
Are there any areas they could improve?
No. They were very pleasurable to work with. They adjusted their output to make it digestible for both my executive management team and my technical support team. The challenge I had in the past with other companies was that their deliverables were so technical that my team wouldn’t address things immediately and would forget what the issue was.
OnDefend broke difficult concepts into easy to digest terms but in a very detailed way. It took all of the guesswork out of applying fixes, what you need to do to remediate it, and why it needs to be addressed. It’s positive feedback all the way around for OnDefend.