Rapid7 > Case Studies > Rapid7 Conducts a Penetration Test for Eyelock

Rapid7 Conducts a Penetration Test for Eyelock

Company Size

200-1,000

Region

America

Country

United States

Product

Eyelock Iris-Based Identity Authentication Products
Rapid7 Professional Services

Tech Stack

Penetration Testing
DREAD Reporting Methodology

Implementation Scale

Enterprise-wide Deployment

Impact Metrics

Customer Satisfaction

Technology Category

Cybersecurity & Privacy - Application Security
Cybersecurity & Privacy - Security Compliance

Applicable Industries

Security & Public Safety

Applicable Functions

Product Research & Development
Quality Assurance

Services

Cybersecurity Services
System Integration

About The Customer

Eyelock Corporation is a biometric technology provider specializing in iris-based identity authentication products and technology solutions. They are a major player in the biometric space, revolutionizing iris scanning technology. Eyelock’s products span physical and logical access and can be found in numerous places such as banks, commercial buildings, airports, and border crossings. Their core business revolves around ensuring the highest standards of security and encryption for their iris templates, making them a trusted name in the industry.

The Challenge

Recently, Eyelock set out on a new project: making security airtight for logical access devices. They wanted an external team to take a very close look at their security architecture to implement a design that would allow for access to computers, websites, online banking, and the like. The RFP process kicked off, and the Eyelock team began evaluating various third-party vendors. The top three qualifications were extensive experience with embedded products, a high level of security expertise, and a strong overall reputation within the industry. Through a combination of these factors, Rapid7 won out.

The Solution

Eyelock chose Rapid7’s Professional Services for their penetration test due to their extensive knowledge, professionalism, and dedication. Rapid7’s ability to think like an attacker and their willingness to be on-site during the eight-week engagement were key factors. Eyelock’s approach to a penetration test exemplifies their extreme commitment to security, ensuring that security is baked in from the start. Rapid7’s expertise in penetration testing, their DREAD reporting methodology, and their constant communication throughout the process were crucial in identifying and addressing potential security vulnerabilities.

Operational Impact

Rapid7’s on-site presence allowed for direct collaboration with Eyelock’s hardware and software teams, ensuring a thorough and effective penetration test.
The use of the DREAD reporting methodology provided a clear and structured way to score and address security findings.
Constant communication between Rapid7 and Eyelock allowed for continuous improvement and tweaking of security measures throughout the engagement.
Rapid7’s ability to mimic attacks from both software and hardware perspectives provided a comprehensive assessment of Eyelock’s security architecture.

Quantitative Benefit

The eight-week engagement period allowed for an in-depth and thorough penetration test.
Rapid7’s DREAD reporting methodology provided a structured scoring system for security findings.