Security program reviews

GuardsArm Inc. helped us pinpoint the right assets to monitor and optimized our systems for peak performance. Now, we only receive notifications for genuine threats, allowing my team to focus more on their core objectives.

We’ve been working with GuardsArm Inc. for several years to conduct quarterly vulnerability assessments. While we typically change vendors every few years, the exceptional service from GuardsArm has kept us loyal. The reports we receive are thorough and provide clear, prioritized remediation advice.

GuardsArm Inc. performed a web application penetration test on several of our edge applications. They identified numerous configuration weaknesses, including insecure direct object reference (IDOR). They alerted us right away and provided detailed advice on how to resolve the issue. Their expert engineers guided us through the fix step-by-step and retested to ensure the critical vulnerability was fully addressed.

Wi-Fi can be tricky to manage, and we turned to GuardsArm Inc. to test the wireless networks we provide for employees and customers accessing store services. GuardsArm sent a team onsite, equipped with their "toolkit" of antennas. They successfully set up a rogue access point, mimicking ours, and users unknowingly connected to it. They then conducted an evil twin attack to intercept and inject data into the network stream between user devices and other systems. Following this, they delivered detailed findings, helping us educate users and improve behaviors.

GuardsArm Inc. conducted an external penetration test on our networks and flagged critical vulnerabilities. They provided insights into potential responses from the host before attempting any exploitation. We received updates twice daily, which was incredibly helpful for both me and my team. Additionally, their expert remediation guidance allowed us to address the vulnerabilities quickly and effectively.

Our company outsources web development, and we asked GuardsArm Inc. to review the source code and assess for insecure API calls. We were shocked by the vulnerabilities they uncovered. It was unsettling to realize that the web developer we hired had left so many security gaps in our code. I can’t express how reassuring it was to have the GuardsArm team provide us, and our partner, with clear recommendations to secure and fix the source code.

GuardsArm Inc. conducted a phishing campaign targeting our employees by replicating a realistic payroll website we use. Their engineers successfully captured several IT administrators' credentials. With domain administrator access, they compromised our entire domain within just 20 minutes of starting the campaign. This gave us a valuable opportunity to demonstrate to leadership the critical need for stronger user account practices, multi-factor authentication (MFA), improved user security awareness training, and the allocation of funds into our annual IT security budget.

GuardsArm Inc. conducted an internal penetration test using one of our legacy network protocols. They gained administrative access and pushed malicious code into our network. Had this been a real attack, we could have faced a total loss.

GuardsArm Inc. assessments give us crucial visibility into our third-party risk exposure. With over 40 vendors, we don’t have the internal resources to conduct annual assessments. These valuable insights guide our decisions when selecting and managing partnerships.

GuardsArm Inc. has been crucial to our SOC operations. Without their flexibility, expertise, and rapid response, our small SOC team wouldn’t be able to function effectively. GuardsArm consistently engages with us at both the operational and executive levels, always seeking innovative solutions. Not only do they think outside the box, but they also deliver         results.