Founded in 2018, Intenseye is a startup using AI technology to help manufacturing clients prevent workplace accidents. By applying intelligent algorithms to video analytics, it’s able to send real-time alerts to managers, helping to tackle a problem that collectively costs US businesses an estimated $250 billion per year. Led by CEO, Sercan Esen, and CTO Serhat Cillidag, the firm is on the cutting edge of innovation, as illustrated by its recent COVID-19 addition for social distancing to its platform.
As a technology provider handling highly sensitive personal data and images, Intenseye understood that it is an attractive target for cyber criminals. Esen and Cillidag also knew that video monitoring in the workplace can be a contentious decision for employers to make, so extra effort was required to head off the privacy and security concerns of prospective customers.
As a result, Intenseye anonymizes all collected data, does not store any biometric information such as face scans, and works with third-party companies to ensure its AI technology is being implemented and used ethically. It also uses the security tools offered by its cloud providers to protect data where possible. However, a missing piece of the puzzle was penetration testing; it was seen by the firm as a prerequisite for improved data security, to reassure customers (especially at the enterprise level) and drive enhanced awareness among its developers.
“Startups usually pick not the correct path but the fastest path to beat other companies. But in our case we put a lot of effort into security,” explains Cillidag. “We do code reviews and we do regular testing, but they are definitely not enough. We needed to look outside for our metrics. So that's why we opted for a web application test, an internal test, and external test.”
Cillidag had a good experience of working with Rapid7’s Metasploit tool back in university. But it was our strong brand reputation and market recognition that swung the deal, he says.
“I actually shopped around and looked for lots of providers. There were also small shops which I think are very good,” Cillidag continues. “But since enterprise clients usually want to see established companies with good branding, this was also a deciding factor. So both professionalism and brand recognition were strong factors for us.”
Rapid7 Penetration Testing Services leverage the firm’s industry leading expertise in vulnerability management and exploit detection to simulate real-world attacks on client networks (internal and external), applications, devices, and/or people. With the knowledge gleaned from these exercises, they can better understand where security gaps are and how to fill them. Customers typically receive a detailed description and proof-of-concept for each finding, an actionable remediation plan, a comparison of the environment with best practices, and an Executive Report for their leadership team.
Intenseye enlisted the help of Rapid7 for its first ever penetration test. The whole process went like clockwork.
“It was basically a very good experience: professional and organized,” says Cillidag. “Also we didn't have any kind of trouble in terms of production, so there were no disruptions.”
The test allowed Cillidag and his team to start immediately working through the vulnerabilities highlighted by Rapid7, from highest to lowest severity. It also helped the team revisit and stay accountable to its KPIs. However, there were no critical issues to prioritize—a testament to the hard work, attention to detail, and focus on best practice security at Intenseye. The process has also had wider benefits for the firm.
“We got a nice report at the end explaining all the best practices that we could put in place,” explains Cillidag. “Once the penetration testing was done, I came up with some extra questions, on how can we make things better? So it was very informative. And I also learned some things, outside of our scope for the penetration test, which I’m applying.”
He was particularly pleased with the responsiveness of the Rapid7 team, despite his team being geographically dispersed.
“It was great that I was able to communicate with the team without the time zone barrier,” he says. “Everything was clear. I didn't need to talk to them late at night or anything like that.”
Perhaps most importantly, having Rapid7 on board has helped Intenseye ramp up its growth plans, according to Esen.
“When we talk to our customers and say that Rapid7 is completing our penetration tests we never hear the question, ‘Who?’,” he explains. Now our enterprise deals are moving forward.”
The firm’s experience has been so positive that it will be continuing to run tests with Rapid7 in the future, and double down on security as a key market differentiator.
“Our experience was great and now we need to do regular testing and we are looking for a schedule for our team, so we can basically provide this report for all the IT executives from our customers,” concludes Esen. “The investment that we made in our security is paying off because it's getting our sales cycle much shorter. So I think this investment has added a lot of value for the business.”