What evidence can you share that demonstrates the impact of the engagement?
We’ve definitely had a positive collaboration with them. The idea was to get good material and establish a workflow that we could use to create brand awareness for our company—reports, white labels, investigations, and so on. They’re currently doing investigations, much more than working on data leaks. We identify interesting trends in the cybersecurity on the market, they have a one-week initial investigation, and, if they feel there’s something interesting there, we identify how much time it requires, and spend that time. In the end, we receive investigation reports.
For example, we’ve done an interesting investigation on Amazon Elasticsearch, and discovered that the platform itself has a vulnerability; we showed that at least 30% of the databases being stored on the platform were infected by malware.
In the last year and a half, we’ve been able to build our company’s profile as a security firm. We initially had just a brand name for our products, but nobody knew who the developer of these tools was. We were able to build our brand name as a security company by utilizing this strategy.
How did UnderDefense perform from a project management standpoint?
We’re completely satisfied with this aspect; they’re responsive. I worked directly with their CEO, which allowed me to solve issues fast, but I know that our two teams have built a scrum process involving daily Skype standups. They’re in contact all the time, so we have no issues with communication. They're responsive and motivated, and their expertise was exactly what we needed.
What did you find most impressive about them?
What I liked most is their startup approach. They’re responsive, fast, and motivated. They want to develop their skills and help their customers, because they don't have hundreds yet. They can focus on each one, help them, and try to understand them properly. I hope they keep this approach for as long as possible. There will be a day when they’ll go from being a startup to a more mature company with a lot of processes and people.
Are there any areas they could improve?
Each new client of theirs will have unique requirements, like the ones we had for our security center. They have to grow their ability to deliver exactly what is needed, so they have to try different things, train their team, and be ready for any kind of challenge or request.
When we start a project, the team has to understand the scope of work, and this process will become faster after they’ve gained more experience.