Praetorian’s application security team hits the ground running for Zoom.

Like any fast-growing digital platform, Zoom’s surging popularity attracted trolls and hackers, as well as scrutiny from privacy advocates and customers. [Update] Security concerns reached a peak for Zoom in early 2020, when trolling and inserting graphic content became so prevalent that “zoombombing” gathered national attention. Zoom turned to a small number of security “heavyweights,” including Praetorian, to help address their vulnerabilities.

The depth of experience and skills that Praetorian brings to the table is hard to build in house”

Richard Farley Chief Information Security Officer, Zoom

The Solution

In this engagement, Praetorian conducted threat modeling, identifying the inputs and outputs of Zoom’s system to identify areas that an attacker might try to exploit. Output from threat modeling included a systematic analysis of what controls Zoom should have in place, given the nature of their platform and its users, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Praetorian also conducted a thorough source code review, and performed manual and automated penetration testing.

Why Praetorian?

We chose Praetorian primarily because we knew they could hit the ground running. Praetorian brought in a team of top-notch security engineers who were extremely valuable in identifying issues and getting them addressed very quickly.”

Richard Foley CISO, Zoom

The Results

Through threat modeling, Praetorian helped Zoom identify and prioritize structural vulnerabilities and the absence of appropriate safeguards for their communication platform. As a result, Zoom and its customers gained valuable assurance that the Zoom platform provides an ability to communicate with minimum security risk, including unwanted parties interrupting or accessing a communication. The security certification Zoom earned from Praetorian is helping to support its continued business growth by serving as a proof point for customers that Zoom sees security as a key driver for accelerating innovation and moving to scale with confidence. Praetorian’s deep security expertise is supporting Zoom’s vision to accelerate the delivery of a secure communications platform that can be safely used by companies and government organizations of all sizes.

The Value to Securing the Next Wave of Innovation

[Update]As the COVID pandemic shifted schools and businesses to virtual models almost overnight, Zoom saw meteoric rise on its platform, growing from 10 million daily users in December 2019 to more than 200 million daily users by March 2020. Growth hit a wall however in mid-March when “zoombombing” captured national headlines. Scores of Zoom customers sought safer alternatives, the company’s share price dropped by 28.7% in a 2 week period, and its market cap dropped by $2.5 billion.

More and more companies are recognizing that security is a foundational element to the next wave of innovation and a requisite for new technologies to meet full market potential. In the case of Zoom, their rapid response to security issues helped them return to a growth trajectory which they continue today. But not all companies are as fortunate to recover from negative brand exposure due to security problems.

Praetorian acts as an extension of its customer’s teams, offering deep security expertise and enabling the creation of more secure products. Our aspiration is to solve security issues before they become problems, but if we are engaged after a security breach or issue, we approach as if it were our own.

Ensuring a Superior Customer Experience

Praetorian helps to reduce or remove the variable of security risks and thereby the time it takes to resolve different types of security issues. Consequently, clients are able to deliver product to market faster and safer. Praetorian’s security expertise has helped Zoom build confidence across its millions of customers.