Packetlabs Ltd.

Introduce your business and what you do there.

I’m the senior director of technology for a third-party benefits administrator that provides health and dental insurance.

What challenge were you trying to address with Packetlabs Ltd.?

Over the last few years, we’ve modernized a lot of our IT infrastructure, so we brought on Packetlabs Ltd. to assess where we stood in terms of security. Packetlabs Ltd. identified holes in our IT infrastructure and deficiencies in our security posture.

What was the scope of their involvement?

At the beginning of the project, we gave them a list of things we want them to look at. For example, we asked them to review how outside parties can affect our web properties. We also asked them to dive into our custom applications because we developed them ourselves and needed to make sure they were secure.

After giving Packetlabs Ltd. credentials, they logged into our applications. Then they got back to us with some initial findings that outlined high-level issues they thought we should as soon as possible. Then they finalized a report and presented their findings to our management team.

What is the team composition?

We worked with 4–5 people, including a project manager and testers. 

How did you come to work with Packetlabs Ltd.?

We reviewed a few security providers, but the quality of Packetlabs Ltd.’s proposal stood out for us. Their staff clearly had a high level of expertise.

How much have you invested with them?

We spent $50,000 CAD (approximately $40,000 USD). 

What is the status of this engagement?

We started working with them in September and they wrapped up in November 2020.

What evidence can you share that demonstrates the impact of the engagement? 

They identified deficiencies that we already knew about, but they also found problems we were unaware of and that was very helpful. We were then able to remediate all of the issues they identified, which made our board and CEO very happy.

Due to the nature of our business, security is our top priority. We absolutely cannot have an individual’s private information hacked, and Packetlabs Ltd. made sure that will not happen.  

How did Packetlabs Ltd. perform from a project management standpoint?

Most of our communication was over email and through occasional phone calls. Our project was very open-ended so we didn’t have any deadlines. We were constantly in contact with them — they kept us updated as we went through our list.

Depending on what they were working on, we had to set up environments for them because we couldn’t pause our business processes. Sometimes they came across different things that required them to dig deeper into the problem, and that obviously would take longer.

What did you find most impressive about them?

They were professional and clearly understood security. When we had to remediate things and our developers had questions, they were able to provide a lot of detail and context to the issues that they flagged.

Are there any areas they could improve?

I was completely satisfied with their work. I have no complaints.

Do you have any advice for potential customers?

Obviously, security is really important for any business. So you should take the project seriously and regularly test your security posture.

Introduce your business and what you do there.

I’m the director of project management and compliance at Exchange Solutions. My responsibilities include ensuring that the company maintains its high compliance standards. Exchange Solutions is a cloud-based marketing technology company that delivers personalized loyalty solutions to retailers enabling them to build deeper and more profitable engagement with their consumers. With more than 20 years of experience in the industry, Exchange Solutions transforms loyalty programs and promotions from being costly applications to productive and profitable capabilities for clients across various verticals in the US and Canada. Current clients include Harry Rosen, Esso™ and Mobil™, Sobeys Inc., Rexall Pharmacy Group, Lowe’s, and Today’s Shopping Choice

What challenge were you trying to address with Packetlabs Ltd.?

My position requires me to manage the relationships with 3rd party vendors in the implementation and maintenance of the compliance policies and procedures at the company. Packetlabs is our vendor of choice to perform our penetration tests.

What was the scope of their involvement?

Packetlabs runs penetration tests on the APIs and supporting networks we provide to our clients. Their team runs validation tests on the security of those platforms, to ensure the robustness of the security of those platforms.

Each year, we create a schedule with Packetlabs and review all of the APIs that our company plans to be tested. We have a kick-off meeting for each project during which we address requirements, timelines, and resources. In the end, Packetlabs provides us with a report on our results.  We remediate the findings and then they retested to ensure any findings have been resolved.

What is the team composition?

Our main partners on the projects that we collaborate on with Packetlabs are Richard (Managing Partner), Michael (Project Manager), and Denis (Manager, Security Consulting) or other engineers who run the penetration tests.

How did you come to work with Packetlabs Ltd.?

For all our vendors, we run an assessment to ensure they pass our validation. Packetlabs passed our vendor assessment validation and had the qualifications to support our penetration tests. What made Packletlabs stand out to us was that their operation was smaller, local, and customer-focused.

What is the status of this engagement?

Packetlabs has been a partner with Exchange Solutions since 2018. We continue to work with this vendor to support our compliance activities.

What evidence can you share that demonstrates the impact of the engagement? 

As they’re a boutique provider, we’re not lost in the crowd. It’s more of a partnership. They’re able to cater to our needs and timelines. If we have any high-priority issues, their team is able to accommodate us. Their team personalizes the experience for us.

In the past, we have had other 3rd party vendors perform penetration tests on our APIs which did not result in the same level of results that we received from Packetlabs’ findings. Their level of testing is quite in-depth.

How did Packetlabs Ltd. perform from a project management standpoint?

We start each project with a call during which we set up a communication structure for the rest of the project. After kicking off the project, we typically communicate via email. If there’s an issue, they’ll contact us immediately. They accommodate our requirements for the running of the projects. For example, their team accommodates to our reporting structure. Or if we have a big deployment, they’ll do their testing around our schedule.

What did you find most impressive about them?

I’m most impressed by their flexibility. We work with a lot of different vendors — big and small. My number one requirement for any vendor is to be a partner, so I’m looking for exceptional customer service. We appreciate their focus on customers, and that’s why I keep going back to them.

Are there any areas they could improve?

No, at the beginning they had to learn how we do business. Their team made every effort to overcome those hurdles to adapt to our way of doing things.

Do you have any advice for potential customers?

Understand what you need because they can accommodate it.

Introduce your business and what you do there.

I’m the manager of managed services at our company. I’m responsible for all third-party connections to our services and connections with our banking partners.

What challenge were you trying to address with Packetlabs Ltd.?

We engaged Packetlabs to conduct quarterly internal and external scans as well as external penetration tests.

What was the scope of their involvement?

Packetlabs’ work is largely confidential. Essentially, Packetlabs uses security scanning tools to look for any vulnerabilities in our network.

What is the team composition?

I’ve worked with Richard (Managing Partner) and Ian (Tech Lead). My team has worked with 1–2 others too.

How did you come to work with Packetlabs Ltd.?

Another security partner recommended Packetlabs to us for these services.

What is the status of this engagement?

We’ve used their services every year for at least five years. We plan to use them in the future too.

What evidence can you share that demonstrates the impact of the engagement? 

Packetlabs has provided us with reports every quarter. Those reports were used in subsequent audits, which were successful.

How did Packetlabs Ltd. perform from a project management standpoint?

They have been great with communication and meeting deadlines.

What did you find most impressive about them?

Packetlabs is knowledgeable. They know how to correctly apply security standards to our environment. Their team’s great at what they do.

Are there any areas they could improve?

If I found opportunities for improvement, I would talk with Packetlabs about them.

Do you have any advice for potential customers?

Review the reports that Packetlabs creates for you. Be upfront about your environment with them.

Introduce your business and what you do there.

I’m the VP of engineering and the founder of Fluency. It’s an enterprise advertising platform for large digital agencies.

What challenge were you trying to address with Packetlabs Ltd.?

We hired them to review and recommend any hardening for possible penetration points for our web app and the tech stack that supports it.

What was the scope of their involvement?

Packetlabs Ltd. did a series of interviews with us to determine how things are set up, where the different technology pieces play into what they're going to do, and where they are. The team also met with a few members of the staff to get a good technology scope and understand the existing security policy. 

After that, they started the testing process, went through various different sets of proprietary tests that they’d built out, and then came back with recommendations. They sent those recommendations over in the form of finalized documents that gave us the details we needed to patch any holes. 

What is the team composition?

We worked with their CEO, a project manager, and other teammates who were in charge of executing the tests.

How did you come to work with Packetlabs Ltd.?

Our tech stack is on AWS, so I was looking for a company that would be able to execute tests there. I had looked at some of the companies that AWS had recommended, including a couple of really large penetration test firms. We're also a small company, so we were cognizant of cost.

Packetlabs Ltd. was really prompt to respond to my requests and was really clear with the charges upfront so we could understand what the impact to our bottom line was going to be. They also demonstrated that they would be able to do a test that would work for us, instead of just doing a generic test.

How much have you invested with them?

We spent $25,000 CAD (approximately $19,500 USD).

What is the status of this engagement?

We worked with them from July–September 2020. We will probably work with them again in the future for other testing projects.

What evidence can you share that demonstrates the impact of the engagement? 

Packetlabs Ltd. executed the project well, and we got what we wanted. We wanted to see a report with the penetration test results and what we needed to fix based on their recommendations. We also had a goal of having a summary report that we could send if somebody did request security audits from us.

How did Packetlabs Ltd. perform from a project management standpoint?

They were fantastic. When they were going to test, they gave us a heads up, and they were able to get us on their schedule quickly. They were very transparent with pricing. Packetlabs Ltd. was a small company, which was great because they understood how to cater to our needs. The team was very flexible.

What did you find most impressive about them?

They conducted themselves very well and laid everything out transparently right from the beginning. From a technology perspective, they had some proprietary techniques that I hadn’t seen before, which helped.

Are there any areas they could improve?

No, not that I can think of. 

Do you have any advice for potential customers?

The more information you can give them upfront for the test, the more you'll get back from them in the report so that you can achieve your goals of having better security. Spend the time upfront to make sure that you give them a good technology landscape.

Introduce your business and what you do there.

I’m a project manager at The Early Childhood Educators of British Columbia. We’re a professional network of early childhood educators.

What challenge were you trying to address with Packetlabs Ltd.?

We hired Packetlabs to perform penetration tests on our custom web app. We wanted a third-party agency to check the system's security as it had the potential of identifying personal information. We wanted to make sure the system was solid.

What was the scope of their involvement?

Packetlabs tested all parts of our system to assess whether or not hackers would be able to break-in. They also tested the platform to see if people would be able to accidentally access personal information. They created a report that listed all of the issues. Their team prioritized the risks as well as included descriptions and screenshots.

They met with us two times to review the report. Their team made sure that we understood its contents and gave us a chance to ask any clarifying questions. 

What is the team composition?

We worked with a project manager who was our main point of communication. When they presented the report, they brought in one other person to explain the technical details.

How did you come to work with Packetlabs Ltd.?

We asked our IT company to find a reputable company for us. They found Packetlabs.

What is the status of this engagement?

We contacted them in September 2019 but their start was delayed on our end. The contract was open until their team could do the tests. It took them about two weeks to perform the tests, which are now complete.

What evidence can you share that demonstrates the impact of the engagement? 

The report had a significant amount of detailed information. The level of detail was great for someone who would fix any potential issues. 

At the same time, they broke down the report for folks who aren’t developers. Their team helped us to fully understand the business risk of any issue that may be found. They helped us to understand and quantify any risks in real life.

They answered all of our questions during the presentations. When there were pieces that were more difficult for us to understand, they found different ways to explain it. They understood that the information was complicated and didn’t make us feel like we didn’t have the capacity to understand.

How did Packetlabs Ltd. perform from a project management standpoint?

Their team was flexible with our timeline and clear about the tests' schedules. At our request, they shifted the timeline multiple times but never made us feel like we were causing them any problems.

Their team gave us a timeline upfront and stuck to it. They updated us throughout the project. Their team let us know when they would be trying to hack into the system and when the tests ended. They communicated clearly, so we didn’t raise any accidental red flags.

What did you find most impressive about them?

We found their communication style to be their most impressive quality. They broke down complicated information for us to understand.

Are there any areas they could improve?

No, we were happy with them.

Do you have any advice for potential customers?

There isn’t any advice that needs to be given. Packetlabs led us through a process that they understood better than we did.

Introduce your business and what you do there.

I’m the senior director for a trucking services company.

What challenge were you trying to address with Packetlabs Ltd.?

We needed some security assessment and analysis done.

What was the scope of their involvement?

Packetlabs Ltd. used Microsoft software to do internal assessment and external penetration testing. They reported any issues and recommended solutions.

What is the team composition?

We worked with 2–3 teammates. 

How did you come to work with Packetlabs Ltd.?

We had worked with them in the past and had been satisfied with their work.

How much have you invested with them?

We spent roughly  $150,000 CAD (approximately $109,000 USD) for one of the most recent projects.

What is the status of this engagement?

We worked on this project from March–May 2020. We’ve been working with them annually since 2016.

What evidence can you share that demonstrates the impact of the engagement? 

Packetlabs Ltd.’s performance was excellent. They were very fast in delivering reports and recommendations. They did well in identifying issues that needed to be addressed.

How did Packetlabs Ltd. perform from a project management standpoint?

They usually finished ahead of schedule. We communicated via email and phone.

What did you find most impressive about them?

They are aggressive about their timelines and are committed to staying within them. They’re friendly — more like a partner than a vendor.

Are there any areas they could improve?

No, not at this point in time.

Do you have any advice for potential customers?

They are good partners to work with.

Please describe your company and your position there.

I am the IT Manager at a Building Materials Manufacturer with a head office in the GTA, Ontario, Canada. We currently have 8 sites located in Ontario, Quebec and the US.

For what projects/services did your company hire Packetlabs Ltd.?

We had targeted 2019 as a year to increase the strength of our network security. We have a small internal team and needed the expertise of a third party to test our networks and recommend hardening solutions. We have had external Pen tests in the past but realized there was also a need for an internal review. We engaged Packetlabs for these tests.

What were your goals for this project?

Highlight areas where security improvements needed to made and provide us with easy to understand and executable recommendations.

How did you select this vendor?

We interviewed three different vendors for this project, Packetlabs was a referral. They came in with one of the best prices combined with the most comprehensive solution. They impressed us with their passion for cyber security and the breadth of their knowledge.

Describe the project in detail.

Once we selected Packetlabs we had further meetings to detail the SOW. We are a fan of local vendors as we appreciate the opportunity to meet in person. Packetlabs brought their team onsite to nail down the final details of the project, this combined with a couple of fact finding phone calls and emails allowed us to start the project very quickly after the SOW was signed.

They dropped off a device to us for the internal scan. Their project lead always took great care to let us know what phase they were in testing-wise and warned us when the tests were going to happen. They kept us updated as they went along and took the time to call out significant issues prior to the preparation and release of the full report to us.

What was the team composition?

We had one of the managing partners engaging with us throughout the initial meets and the development of the SOW. We also had their project lead tester with us from beginning to end of the process.

Can you share any outcomes from the project that demonstrate progress or success?

The project deliverable was a document detailing the results of the pentest and areas for improvement. We received a document that exceeded our expectations.

The pentest result was a very detailed, comprehensive document containing very clear and actionable recommendations for our team. The organization of the document made it easy for our team (who are not cyber security professionals) to work through the document, which had a priority-based layout, and tackle each recommendation according to the urgency of the fix.

How effective was the workflow between your team and theirs?

The workflow was excellent due to the constant communication of Packetlabs throughout the project.

What did you find most impressive about this company?

The commitment to their craft and advanced cyber security knowledge of all Packetlab team members we encountered inspired a great amount of confidence in their process. This was backed up by the results we received.

Are there any areas for improvement?

I don't believe that the project could have had a better result than what Packetlabs achieved for us.

Introduce your business and what you do there.

I’m the director of IT at Viscor. We manufacture lighting fixtures for buildings, businesses, gyms, pools, hospitals — you name it. Basically, we do a turnkey solution by bringing metal in and sending products out with lighting and different designs.

What challenge were you trying to address with Packetlabs Ltd.?

A couple of years ago, we had a situation where we noticed our network was getting hacked. It was fixed, but since then, I knew I needed an expert team to continuously validate if our network is fortified and hack-proof. Essentially, I needed someone to evaluate our system and tell me if our firewall wasn’t correctly prepped, an application wasn’t up to par, or a network contained a hole.

What was the scope of their involvement?

PacketLabs provides cybersecurity services for us. After investigating our firewall, network, and operating system, they identify areas that can be improved. Then, they provide solutions on how to solve those security concerns. They run diagnostics on a whole slew of issues.

Their team conducts follow-up calls to make sure we’re resolving things correctly. Then they rescan our networks to double-check and ensure our work is correct.

What is the team composition?

There are about 5–6 people we mainly communicate with. I know there’s more, but I’m not sure of the composition. I have weekly contact with our project manager.

How did you come to work with Packetlabs Ltd.?

It was through word-of-mouth. We’ve had colleagues from different organizations mention that PacketLabs is top-notch. We sent out an RFP to multiple vendors and narrowed it down to four. PacketLabs came up with the best solution in terms of pricing and expertise, so we chose them.

How much have you invested with them?

We’ve invested between $50,000–$60,000.

What is the status of this engagement?

Our ongoing partnership began in September 2019. They periodically come in and conduct quick scans to ensure there are no issues or situations that might compromise our network.

What evidence can you share that demonstrates the impact of the engagement?

Right away, I noticed there wasn’t just one sole person who had cybersecurity expertise. Every single one of them, even the project manager, has expertise in cybersecurity. That’s one caveat that tells me their knowledge base is exceptional when it comes to cybersecurity.

From a security perspective, I’m much more comfortable now than I was before. I don’t have all the in-house tools or expertise to identify things that might go wrong. However, I can sleep peacefully at night knowing that PacketLabs handles all of that.

Prior to 2019, we had a different vendor handling our cybersecurity and it wasn’t even close to what PacketLabs has done. I’ve never encountered a company that actually does everything they need to do and more.

How did Packetlabs Ltd. perform from a project management standpoint?

We communicate through phone calls, texting, and email. There have also been a couple of times when they’ve spoken to us after-hours. Our project manager always asks if there’s anything else they can do or assist us with.

What did you find most impressive about them?

I’m always at ease when I’m talking to them. They make me feel comfortable. With them, there’s no such thing as a stupid question. PacketLabs identifies the answer to what you’re asking and explains it in layman’s terms.

When they report their diagnostics findings, they give me information based on my understanding and comprehension. Their team is very clear in and skilled at handling engagements with customers. They held our hands from the beginning to the end — not many vendors would do that.

Are there any areas they could improve?

No, I wouldn’t have them do anything differently.

Do you have any advice for potential customers?

I promise you’re getting your money’s worth. I think very highly of them.

Please describe your company and your position there.

We are an IoT company that focuses on translation-related software. I am the Support In-charge and handle technical support and project management at the company.

For what projects/services did your company hire Packetlabs Ltd.?

We hired Packetlabs to perform penetration testing and vulnerability assessment for our application.

How did you select this vendor and what were the deciding factors?

We searched online for penetration testing services and shortlisted 3. After talking to those that responded, Packetlabs was selected for their proficiency, approach, and previous proven projects.

Describe the project in detail and walk through the stages of the project.

Packetlabs tested our application (in sandbox environment) and our infrastructure. Testing used automated scanners as well as human effort to check for the usual Top10 OWASP as well as other potential vulnerabilities.

After testing, a report was issued detailing the flaws, how they were detected, and recommendations for fixing them. As part of the contract, Packetlabs will do a re-test at a time of our choosing after we had fixed the flaws.

How many resources from the vendor's team worked with you, and what were their positions?

8 testers

Can you share any outcomes from the project that demonstrate progress or success?

They identified flaws that are outside of our tests as well as allow for realistic external attacks.

How effective was the workflow between your team and theirs?

Their reports are detailed and well supported allowing for quick reproduction and remediation on our part.

What did you find most impressive or unique about this company?

We liked how Packetlabs took a very human approach to testing. While automatic scanners are part of their toolkit, they are actively considering our application and testing for real flaws and vulnerabilities.

Are there any areas for improvement or something they could have done differently?

Nothing in particular

Please describe your company and your position there.

We are a SaaS-based comprehensive, data-driven Sales Readiness platform. I am working as Information Security and Compliance Manager here.

For what projects/services did your company hire Packetlabs Ltd.?

We took the services of PacketLabs for its annual VAPT of the platform, application, and network.

How did you select this vendor and what were the deciding factors?

We followed our vendor evaluation process to shortlist PacketLabs as our vendor for VAPT. Key deciding factors were:

1. Clarity on methodology to perform VAPT
2. Willingness to understand the platform and business logic, and perform manual testing thus reducing the false positives.
3. Highly qualified workforce.

Describe the project in detail and walk through the stages of the project.

Our Problem statement: We were undergoing VAPT of our platform and application on an annual basis, however, most vendors performed tool and checklist-based testing which gave us mainly low impact gaps. Post-on-boarding PacketLabs first spent time understanding the platform and then performed the testing.

During the testing, the gaps were communicated to us when identified with detailed remediation steps thus giving us ample time to remediate. Before the release of final report we were able to remediate all the identified gaps.

How many resources from the vendor's team worked with you, and what were their positions?

Team of 3 testers

Can you share any outcomes from the project that demonstrate progress or success?

We received the final report with zero open gaps. Between the first cut of the gaps till the retesting we were able to close all the gaps with the support of PacketLabs.

How effective was the workflow between your team and theirs?

Very effective. We preferred a Slack channel for communication to avoid email chains and quick tagging and references

What did you find most impressive or unique about this company?

They were a very supportive team and I appreciated their transparency in communication.

Are there any areas for improvement or something they could have done differently?

None I could think of.