Home Case Studies Greenhill Testing defenses, strengthening cybersecurity
Greenhill & Co. uses IBM Security Randori to simulate cyberattacks and hone defenses
Conceptual image of a cyber city with targeted areas lit up in red


“I want to truly understand how good my cybersecurity program is,” says John Shaffer, CIO of Greenhill & Co., a leading investment and financial advisory firm with 15 offices worldwide. For the past 17 years, Shaffer has overseen the infrastructure and security that keeps Greenhill running and secure. 

Maintaining an up-to-date picture of Greenhill’s global attack surface was a constant challenge for Shaffer and his team.

As Greenhill evolves, shadow IT and the potential for blind spots, misconfigurations, or gaps in the security program were of increasing concern. As the threat landscape changes and the security program advances, the fundamental question remains: “How effective is our security program at protecting what is most important to Greenhill?”

Shaffer was looking for a solution that would not only reveal weaknesses and validate existing investments, but train and challenge Greenhill to elevate its security program.

Using Randori has helped me understand how much risk I am willing to accept. It has completely changed my mindset on how we should do security. John Shaffer CIO Greenhill & Co.
Automated attack-surface analysis and defense testing  

Starting from a single email address, Shaffer’s team used IBM Security® Randori Recon software to surveil Greenhill’s external attack surface and find systems the team didn’t know were exposed to the internet. With the help of Randori Recon’s prioritization engine, Target Temptation, the team patched, reconfigured and deployed new controls to protect their most tempting targets.

Then, it was time to move beyond models to the real-world with IBM Security Randori Attack Targeted software. Shaffer authorized the software to automatically attempt critical objectives, such as accessing sensitive file shares hosted on Greenhill’s internal network. Emulating an authentic adversary, the Randori Attack Targeted platform gained initial access by executing an exploit for an undisclosed vulnerability on the company’s perimeter infrastructure.

The scenario allowed Greenhill to train an “assume compromise” scenario. When facing new exploits, misconfigurations or stolen credentials, patching isn’t a way out: teams must effectively detect and respond. This requires the right products deployed effectively, the right set of incident response processes and a team experienced in execution. The goal of the Randori Attack Targeted platform is to train and optimize these defenses.

With authorization in place, the Randori Attack Targeted software pivoted through controls to achieve persistence and lateral movement—creating an opportunity to exercise Greenhill’s detection and response capabilities. At each stage in the kill chain, Shaffer had visibility into executed actions and which defenses worked successfully, and which did not. This revealed the need for increased reporting at key points in the network, and the optimization of detection rules in the company’s SIEM solution. With changes in place, the team ran it back with the Randori Attack Targeted solution to confirm implementation and reduce “time to contain.” But that wasn’t a stopping point. The Attack-Defend process is continuous—the Greenhill team receives notifications from the solution as their attack surface changes and can test against new and emerging attacker techniques.

Security that’s faster, more efficient and more informed 

With the combination of Randori Attack Action Reports and Randori Recon Target Temptation, Shaffer can measure efficacy—what’s working, what’s not—and better invest across his security program. “Seeing authentic attacks on our network gives me a powerful narrative to share with leadership,” Shaffer says. “I can validate what’s working and build up my team.” Through the adoption of a unified offensive security platform, Greenhill is able to act faster, drive team efficiencies and extend its security expertise.

Primanti Bros. logo
About Greenhill & Co., Inc. 

Greenhill (link resides outside of ibm.com) is a leading independent investment bank focused on providing financial advice globally on significant mergers, acquisitions, restructurings, financings and capital advisory to corporations, partnerships, institutions and governments. Headquartered in New York City, Greenhill employs 400 people and has offices across North America, Europe, and Asia-Pacific, and an alliance partnership in Israel. 


IBM Security® Randori Recon

Manage the expansion of your digital footprint and get on target with fewer false positives to improve your organization's cyber resilience quickly.

Learn more Randori Recon Attack Surface Management Data Sheet 

Randori Recon provides a continuous view of your external perimeter to reduce the risks of shadow IT, misconfigurations, and process failures.

Read the data sheet
A united front against cyberattacks 

Proactively detecting and understanding the severity, scope, and root cause of threats before they impact the business.

Read the case study
Leaning on automation and analytics to keep cyberthreats at bay 24x7
Askari Bank turns to the IBM QRadar platform to build a new security operations center
Read the case study

© Copyright IBM Corporation 2023. IBM Corporation, IBM Security, New Orchard Road, Armonk, NY 10504.

Produced in United States of America, July 2023.

IBM, the IBM logo, ibm.com, and IBM Security are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/trademark.

Randori is a trademark of Randori, an IBM Company.

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.

All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. Generally expected results cannot be provided as each client's results will depend entirely on the client's systems and services ordered. THE INFORMATION IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.