UnderDefense

Please describe your company and your position there.

We are a cybersecurity consulting and services company. CTO.

For what projects/services did your company hire UnderDefense?

As a part of the service portfolio expansion we were looking to implement SOC/MDR offering and relied on the expertise of UnderDefense to identify scope, milestones, and plan to execute the project.

What were your goals for this project?

The project goals were to develop a cyber monitoring service that could be consumed internally and by our clients.

How did you select UnderDefense?

UnderDefense is a mature organization with proved record and team that has demonstrated required expertise for this project.

Describe the project in detail.

The project entailed selection of the technology and validation of use cases. The service was intended to consume various sources of data, and creation of correlation rules and alerts which would produce reduced noise level data.

What was the team composition?

The internal team was limited. UnderDefense brought 3 resources - 1 project manager and 2 additional engineers.

Can you share any outcomes from the project that demonstrate progress or success?

The final result of the project was deployment of cloud solution that had necessary compute and license capacity to accommodate the requirements and growth.

How effective was the workflow between your team and theirs?

Both teams has accepted simplified approach - the collaboration meetings were set when necessary, Project manager has kept everyone accountable and honest on the progress and milestones.

We had direct access to the engineering team and if necessary were able to make adjustments within the same day.

What did you find most impressive about this company?

UnderDefense leadership really understands the industry landscape and customer needs. The engineering resources assigned to the project had impressive skills and experience in the field.

Are there any areas for improvement?

We are all happy with the project delivery.

Introduce your business and what you do there.

I’m the VP of engineering at EduNav, a company that offers products for higher education.

What challenge were you trying to address with UnderDefense?

We needed help with compliance audits and penetration tests of our infrastructure.

What was the scope of their involvement?

They helped us create all the required processes, procedures, and policies to be SOC2 compliant. They helped us identify and deploy internal toolkits to support compliance as well.

What is the team composition?

We worked with three people.

How did you come to work with UnderDefense?

They were referred to us.

How much have you invested with them?

We spent $15,000–$16,000.

What is the status of this engagement?

We started working together in January 2020 and the work is ongoing.

What evidence can you share that demonstrates the impact of the engagement?

They conducted the work very quickly. It took probably one week to set up all the penetration tests and receive the reports. That also included the second run of the identified issues. The team was very professional. We had no questions on the reports and findings they provided to us. Everything is spot on and we’re very satisfied with the results. On the self-compliance cooperation, I rate them 4 out of 5. They were quick and responsive and helped a lot with the policies and procedures.

How did UnderDefense perform from a project management standpoint?

Communication is great. They’re always on time in all the meetings. They were organized perfectly. We had weekly meetings with the teams involved on both sides. Everything was managed by their side. We were tracking spreadsheets to see the progress. We met the original deadline that we set.

What did you find most impressive about them?

They really tried to help as much as possible and took the time to understand all the details. They had very friendly communication.

Are there any areas they could improve?

They could improve their English and quality of the documents they created.

Do you have any advice for potential customers?

Don’t think twice, especially with the penetration testing. You can trust their services and they’re affordable and quick.

Please describe your company and your position there.

We're a SaaS platform with both web & mobile experiences. I was managing all communication between our engineers, leadership and UnderDefense team.

For what projects/services did your company hire UnderDefense?

We were looking for a 3rd party penetration testing to be repeated annually and/or after major releases.

What were your goals for this project?

The main goal was using the final report and attestation letter in security reviews of big enterprise clients.

How did you select this vendor?

I was googling local cybersecurity companies in Ukraine and found out about clutch.co platform. I and our tech lead had discovery calls with the two top companies from our shortlist. We liked UnderDefense for their openness, the clarity they provided in options that we had and the steps we needed to take. And I also want to highlight the quick responsiveness of our BD manager Lily, that was a huge +

Describe the project in detail.

UnderDefense did pentest of our website platform and mobile application. I can't share more.

What was the team composition?

2 engineers that were performing the pentest and remediation testing itself and Business Development Manager

Can you share any outcomes from the project that demonstrate progress or success?

Sorry, I can't share the details.

How effective was the workflow between your team and theirs?

We usually connected over the phone with our BD manager, she usually responded very quickly to any questions we had. We organized all communication with engineers through Slack. Overall, we are pleased with how things were set up.

What did you find most impressive about this company?

We are really grateful for their quick responsiveness and sensitivity to customer needs.

Are there any areas for improvement?

We are satisfied with the result.

Please describe your company and your position there.

I am a Roman Stefanyshyn information security officer in OKKO Group. Our company has one of the biggest shares at the national market of Oil&Gas branded filling complexes. Our specialty is the retail of automotive fuels, products and restaurants as complimentary products to make the experience of our customers amazing.

For what projects/services did your company hire UnderDefense?

We hired UnderDefense to check our Mobile iOS and Android Applications for vulnerabilities and weak spots. The revealed flaws were used to formulate recommendations and build the strategy of strengthening our security posture

What were your goals for this project?

Mobile penetration testing was the first step in our engagement. Also, we plan to check our Infrastructure and business Web Application for possible flaws. These precautionary measures were essential to eliminate risks of unauthorized access and receiving confidential and financial information by adversaries.

How did you select this vendor?

We heard good references about their work.

Describe the project in detail.

UnderDefense security experts followed OWASP Mobile Application Security Verification Standard. Their team closely cooperated with our internal development and security teams. We started with mapping all stages of our engagement divided into a few blocks.

Each day we received updates on detected vulnerabilities. During our weekly retrospectives, we worked on improving our workflow to get maximum results. Also, our project required onsite visits to check the special functionality of QR codes service for our clients.

Most of the work was done remotely and onsite visits were needed to deliver findings to our C-level team and repeatedly check a particular functionality in real-time. The last touchpoint of our involvement was the findings report delivery and working with our internal team by mentoring how to mitigate found gaps.

What was the team composition?

2 pentesters, 4 weeks

Can you share any outcomes from the project that demonstrate progress or success?

The critical marker of received results are the money. We were able to save almost ten thousand dollars. After penetration testing chances of stealing clients’ money from banking cards have sufficiently diminished.

How effective was the workflow between your team and theirs?

We had communication every day, weekly retrospectives, planning meetings and office visits. UnderDefense has not only found security gaps in our Mobile App, but also helped our internal team understand and close them.

What did you find most impressive about this company?

They went beyond the scope of a regular penetration test as additionally executed trainings on security topics covering SOC, SDLC, and Vulnerability management topics. Also, we received two types of reports: a report with findings and recommendations on how to solve found vulnerabilities and a C-level report with a summary of critical findings.

Are there any areas for improvement?

We plan a long-term cooperation.

Please describe your company and your position there.

I'm the Technical Director Security & Strategic Alliances at a software vendor headquartered in Frankfurt (Germany). Our company has about 400 employees and we serve corporate clients all over the world.

For what projects/services did your company hire UnderDefense?

Our customer (a healthcare provider) had the demand that malware finds be processed promptly by an external SOC team on the basis of our Automated Endpoint Security. An own SOC team could not be provided by the customer. The huge number of malware infections had to be handled in the large IT infrastructure.

What were your goals for this project?

The response times for malware infestation had to be increased. Potentially unwanted applications had to be evaluated and whitelisted or blocked.

How did you select this vendor?

We've looked at different vendors. Through a contact at the security fair RSA in San Francisco we got to know underdefense. Also with our cooperation partners underdefense is well-known. In the end, the company convinced us with its quality, flexibility and proximity.

Describe the project in detail.

First, the current infrastructure and situation were reviewed. Then the corresponding service levels were determined. After an introductory phase with highly qualified employees, the project was supported by additional employees. Regular reporting and coordination took place. When alerts arose, immediate consultation was held and measures initiated.

What was the team composition?

The customer was supported by our project managers, product managers, support staff and the support of malware analysts from underdefense.

Can you share any outcomes from the project that demonstrate progress or success?

The number of events could be processed very quickly. The security of the company was increased thanks to our solution and the technical support of underdefense. Customer satisfaction is guaranteed.

How effective was the workflow between your team and theirs?

Regular reporting and coordination took place. When alerts arose, immediate consultation was held and measures initiated.

What did you find most impressive about this company?

In the end, the company convinced us with its quality, flexibility and proximity.

Are there any areas for improvement?

We are very satisfied

Please describe your company and your position there.

I'm the VP of Engineering at Palo Alto Software, a 100-person software company with multiple SaaS products.

For what projects/services did your company hire UnderDefense?

As part of operating a business email service, we hired UnderDefense to test our application's security. It is important that our customer's data is secure and that our application protects them from malicious behavior. We have some internal security knowledge but knew that we needed an expert team to do a comprehensive evaluation of our software.

What were your goals for this project?

Our primary goal was to establish that our application met baseline security requirements, and to have a clear remediation plan for cases where it didn't.

How did you select this vendor?

UnderDefense discovered a vulnerability in our application and made a responsible disclosure to us. We were already in the market to hire a penetration testing firm, and our positive interaction with UnderDefense along with their competitive pricing helped us to select them.

Describe the project in detail.

The project entailed external perimeter penetration testing and "grey box" web application penetration testing. We had several conference calls to establish the scope of work and outline our internal assets, followed by a three-week evaluation. The result of the project was a detailed report with a general grade of our security status and a list of discovered security vulnerabilities with detailed reproduction steps.

What was the team composition?

UnderDefense provided two security consultants along with project management. I was the only person involved on my side of the project.

Can you share any outcomes from the project that demonstrate progress or success?

We are very pleased with the results of the evaluation. UnderDefense completed a thorough investigation and presented a polished report that was informative and easy to read.

How effective was the workflow between your team and theirs?

Despite being in very different time zones, communication was fairly straight-forward. We mostly communicated via conference call and a shared Slack channel. I was a little nervous about potential language barrier issues, but that was not a problem at all.

What did you find most impressive about this company?

I don't know that there was any one thing that stood out about them. They did quality professional work, at a reasonable price.

Are there any areas for improvement?

They could have provided more progress reports during the evaluation, but given the short duration of the project, it wasn't necessary.

Introduce your business and what you do there.

I’m the owner and system director of Market Access Direct, a marketing, consulting, and lead generation company. We focus on senior market products such as Medicare supplements or final expense insurance.

What challenge were you trying to address with UnderDefense?

We were trying to address our security. Our CRM’s security requirements needed to reflect the policy-holder data and personally-identifying information (PII) in it. We started looking for cybersecurity help when we realized our existing process was insufficient.

What was the scope of their involvement?

They took us from a shared-server platform to a private AWS infrastructure. They created a roadmap for us, so we knew where our data resided, how it was accessed, and how it was treated and protected. Everything needed to be addressed and put into the roadmap, and we had a very short time to get this done.

One of the invaluable consulting services UnderDefense gave us was walking us through the different areas where we needed security. I had done some research, then they drew us a picture of how we’d access the data, encryption, vulnerabilities, and solution.

What is the team composition?

We worked with 5–6 people from their team.

How did you come to work with UnderDefense?

I went through all the vendors listed on Clutch and got quotes, then Victoria (Cybersecurity Strategic Partnerships & Business Development, UnderDefense) called us that very night to say she would take our project to her CEO. Within three hours, I was contacted by someone who said they could help us. I explained the timeline and highlighted the fact that we couldn’t change it even though it was extremely tight.

Nazar (CEO, UnderDefense) called us the next night. He had a consultative approach and took time to educate us before we picked them. I’m based outside Philadelphia, and he took the time to come to our location, going above and beyond to help our decision. It was comforting, as we were in trouble with our cybersecurity.

How much have you invested with them?

For the first phase, we’re now at $25,000. Going forward, they’re going to reperform penetration vulnerability testing every 4–6 weeks over the next year. There will be a monthly spend of $10,000–$20,000 for the foreseeable future.

What is the status of this engagement?

We started working with UnderDefense in March 2019, and our collaboration is ongoing. Within three weeks, they had the platform up and running.

What evidence can you share that demonstrates the impact of the engagement?

We wouldn’t have passed any testing before, then two and a half weeks in, the vulnerability testing was looking really good, and the penetration testing identified a couple of things to work on. Now, I feel we’re free and clear.

UnderDefense rapidly organized a team that understood the code we were moving and how the system needed to be accessed by multiple users. They acted on the roadmap in such a way to not disturb our workforce, frequently working at night. We threw them some curveballs, and they handled them nicely.

How did UnderDefense perform from a project management standpoint?

I’m very pleased. We normally communicate over phone and email.

What did you find most impressive about them?

UnderDefense is that they became more of a partner than a vendor. We had two other companies tell us that our requirements weren’t acceptable, but UnderDefense put together a problem-solving team that figured it out. Both sets of people—on our side and theirs—did their own research, reconvened, talked through different solutions, and then deployed one. It was quite collaborative.

I’m also now very familiar with what a virtual CIO is. In a very short period of time, UnderDefense explained it to us and put solutions in place. We have a higher standard of actually participating with our clients, in terms of protecting their data.

Are there any areas they could improve?

No. I expected there to be some time-zone or language issues, but there weren’t. Their project manager was in New York, so we had face-to-face brainstorming meetings. I would highly recommend them.

Do you have any advice for future clients of theirs?

It’s easy to make a list of services to buy and think we know best, but this was new territory for me. UnderDefense proposed the best solutions for me and are exactly the kind of partner I’d choose.

Please describe your company and your position there.

I am the director of information security at Betsson Group. We offer casino, sportsbook and other games via gaming licenses in 11 countries in Europe and Central Asia.

For what projects/services did your company hire UnderDefense?

We engaged UnderDefense to serve as the team in our security operations center (SOC). Their purpose is to monitor our production data in real time.

What were your goals for this project?

We had an aggressive timeline in that we wanted to launch very quickly. We needed a partner that could offer high value at a reasonable price and feature an extensive knowledge of the InfoSec space. 

How did you select this vendor?

We received seven proposals in response to our request for tenders. We selected UnderDefense because they met most of our stated requirements.

Describe the project in detail.

We held several discovery meetings with UnderDefense so that they could understand how we operate. They have visited each of our locations to learn about nuanced scenarios and build relationships with staff. The UnderDefense team developed several use cases that we approved, and they managed to meet our specified launch date of April 1, 2019.

Can you share any outcomes from the project that demonstrate progress or success?

Within three months, UnderDefense defined a great number of use cases, and we have a plan to stage two use cases using Splunk Enterprise Security. UnderDefense built incident response and service management procedures from the ground up and conducted tabletop testing to ensure we are hitting all of our requirements.

How effective was the workflow between your team and theirs?

We communicate through Slack and Jira to keep track of all of our projects. We also have a Kanban board arranged to see what is progressing, paused or completed.

What did you find most impressive about this company?

They capably developed our SOC within the timeline. UnderDefense has been very loyal and a great group to work with.

Are there any areas for improvement?

No, everything has gone well to this point.

Please describe your company and your position there.

I am a CIO of Kromtech. Our company provides international software and technology services on the global market.

For what projects/services did your company hire UnderDefense?

Our business required infrastructure penetration testing.

What were your goals for this project?

We wanted to test our environment to see whether an attacker would be able to access our database of customer information.
 

How did you select this vendor?

We chose them based on our previous experience working together. 

Describe the project in detail.

UnderDefense’s team of ethical hackers investigated our system for three weeks. They detected a chain of vulnerabilities we needed to monitor. In a report we received at the end of the project, they indicated the flaws classified by level of severity. They provided extensive explanations of the specific degrees of risk.  

As a bonus, UnderDefense provided a free remediation penetration test to check how we should cover all of the gaps. We plan to continue working together on a more in-depth analysis of our company. Going forward, we’ll conduct an internal penetration test similar to our previous experience with UnderDefense.

What was the team composition?

The team included three ethical hackers.

Can you share any outcomes from the project that demonstrate progress or success?

We conducted this project to analyze our system for any loopholes a hacker may notice. UnderDefense's cybersecurity experts offered a professional view from which to tackle these problems. The penetration testing gave us valuable insights into the strong and weak points of our infrastructure.

How effective was the workflow between your team and theirs?

We are satisfied with the workflow between our companies. Since UnderDefense executed the project remotely, we communicated through calls and emails. The team kept us informed about the investigation’s progress and sent us their findings from each level of the security checks.

What did you find most impressive about this company?

We appreciate the clear communication our companies have established. UnderDefense delivered our project at a high-quality level.

Are there any areas for improvement?

We want to continue our collaboration in the near future.

Please describe your company and your position there.

I am a security expert at an IT services firm.

For what projects/services did your company hire UnderDefense?

UnderDefense coordinated penetration testing and provided security support for our website to identify and solve potential data leaks.

What were your goals for this project?

We relied on UnderDefense to review the state of our safety measures and to check the strength of our passwords by simulating an attack.

How did you select this vendor?

UnderDefense’s security specialists identified our potential data leak following an internet misconfiguration. The contacted us and informed us of their findings according to a responsible disclosure model.

Describe the project in detail.

UnderDefense identified and solved our potential data leaks. Afterward, we requested password decryption testing to simulate further outside attacks and measure the time necessary to access our data. We wanted to determine our risks and assess the potential damage we could face.

What was the team composition?

We worked with two security analysts.

Can you share any outcomes from the project that demonstrate progress or success?

UnderDefense supported us in our efforts to secure our website and ensure that we have data stored in accordance with all regulations.

How effective was the workflow between your team and theirs?

UnderDefense’s team is communicative and highly responsive.

What did you find most impressive about this company?

They proved to be professional and trustworthy.

Are there any areas for improvement?

No, they did not underperform in any way.