Razorpoint Security advises multinational corporations, international financial firms, retail, healthcare, media, and e-commerce companies, as well as foreign governments on how to best secure their organizations using advanced security expertise, not buzzwords.
NYC FINANCIAL FIRM
Within two days of a five week engagement, Razorpoint gained complete control of the entire network (servers, workstations, databases, usernames, passwords, confidential documents, etc.) of an NYC-based, multi-billion dollar financial firm. The client had entrusted their business and the livelihoods of hundreds of employees and customers to buzzwords like firewalls, VPNs and encryption. Razorpoint was able to vividly demonstrate how these buzzwords provided only a false sense of security. Razorpoint was then contracted to redesign the firm’s entire network architecture and security posture.
MAJOR NEWS ORGANIZATION
During a web application security engagement for a renowned news organization, Razorpoint discovered vulnerable source code on the client’s main web site. Razorpoint’s further analysis uncovered source code that was not only a gateway into the client’s systems, but was at least seven years old. This was missed by many other security vendors. Razorpoint helped identify the vulnerable source code and its outsourced vendor, and then worked with the client to provide secure, up-to-date code changes that not only enhanced the site’s functionality but provided far more security to the organization.
COMPLIANCE vs. SECURITY
A company managing a wealth of information regarding client health and wellness data had just completed various required compliance audits (HIPAA, SOX, SAS 70/SSAE 16, etc.). Razorpoint was retained to perform a comprehensive, real-world cybersecurity assessment after the compliance efforts. Within 24 hours of beginning the engagement, Razorpoint controlled the entire company with complete access to employee and client data. This damning revelation definitively demonstrated to executive management how compliance audits in no way provide realistic cybersecurity analysis.
INEFFECTIVE PHYSICAL SECURITY
An international financial firm assumed their palatial marble lobby with video surveillance cameras and uniformed security personnel would deter physical access breaches to their executive offices. Razorpoint sent an operative, unannounced, to the building attempting to gain access to the executive office suites. Within minutes, the operative entered the well-appointed, 50th floor reception area, with a freshly printed access badge, all without appearing on any access lists. Razorpoint’s demonstration began a chain reaction of modifications to the client’s operations. Razorpoint led these global security modifications.
ROGUE GOVERNMENT ATTACKS
Razorpoint designed and built a custom global network environment for distributing and maintaining the monitored security state of thousands of Internet-connected devices. Razorpoint utilized strategic global locations and developed a redundant, private cloud-based, cybersecurity analysis engine. Razorpoint’s comprehensive solution enabled the client to continuously monitor and test its cybersecurity, and effectively thwart repeated cyberattack attempts from malicious foreign government agencies.
INTERNATIONAL INSURANCE FIRM
During a time-sensitive security engagement for an international insurance firm, Razorpoint employed its proprietary security methodology and attack vector analysis.
Because of Razorpoint’s detailed review, a change the client made in error was discovered. This mistake could have proven disastrous for the client’s corporate image. Razorpoint identified that their new web application had a misconfigured IP address embedded in the source code. Instead of displaying the client’s new service offerings, a customer was redirected to a rather graphic porn site. Razorpoint caught the error in time and helped avert what could have been an incredible embarrassment.
Razorpoint performed research and analysis on subpoenaed electronic data records in a physical and sexual harassment case. Through tracking and digital corroboration of the subpoenaed data, Razorpoint confirmed and demonstrated that the accusations were fabricated and without any merit. The result was the dismissing of all charges against a wrongfully accused party.
Razorpoint developed a “sandbox style” network that allows for the analysis of all traffic to and from a network-connected device. This network fools the compromised connected device into thinking it is on the real Internet, but in reality Razorpoint is able to monitor and analyze its traffic and attempted data usage. Razorpoint uses this network to track malicious activity to botnet and other malware-related networks.