Solved

Pentration testing vendor advice

Posted on 2011-09-19
5
266 Views
Last Modified: 2013-11-29
Hi,

We have a North American client, who`s firm has a global footprint, that has come to us for advice on Penetration Testing.

This is not our core business area and are therefore looking to recommend vendors to the client. We have a few relationships, but fear these may be dated and hence would like some advice:

- Can anyone recommend top-end, premier, 'clever' penetration testing firms? Preferable ones that operate and have experience in this geographical region? Our client is not looking for 'box tickers' or to simply meet regulatory requirements, they want their global network tested, weakest links found, exploited and pragmatic, actionable recommendations made.

- What is the going rate for this type of service?

Thanks
0
Comment
Question by:Roger Adams
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:raghav_lal
ID: 36565019
AT&T Security Managed services team/Ernst & Young/PwC

0
 
LVL 38

Expert Comment

by:younghv
ID: 36566510
r0cky07,
It's been a long time since I did this kind of work, but I've been through training (and some collaboration) with some of the people from: http://www.raytheon.com/

This company has been in the business for a very long time and will be able to cusomize a plan for your client.

The costs are going to be entirely dependent upon the scope of work that will be agreed to prior to the work commencing.

Raytheon and all of the other companies I worked with are used to global/remote functionality and testing - and they are insured and bonded.

In my experience, the government/military contractors stay current with the current techniques (and threats).

One of the largest companies I worked with was SAIC, but if you do a Google search for SAIC+fraud, you can make your own decision about approaching them.
0
 

Author Comment

by:Roger Adams
ID: 36566877
Thanks for your comments guys.

I understand estimating pricing is complex. What is a the ball park pricing structure on this type of project? e.g.  typical day rate, hourly rate etc?

0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 36566950
I've never seen a cost presented that way.

The last time I did this, we had several email exchanges with the vendor to establish what we wanted done, then held an on-site meeting to finalize (finalise) the "Scope of Work".

We ended up with a three year contract with a minimum number of tests that would be spread over the entire period - and accompanied by remediation recommendations for any vulnerabilities found. The actual remediation was always done by my team (regulations prevented outsiders from performing it).

This was several years ago (now retired) and the details are somewhat hazy, but the cost was about US$10,000/year for the three year contract.
0
 
LVL 1

Expert Comment

by:raghav_lal
ID: 36567350
Pricing varies according to the requirements including a one time or a recurring option.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question