Solved

Pentration testing vendor advice

Posted on 2011-09-19
5
263 Views
Last Modified: 2013-11-29
Hi,

We have a North American client, who`s firm has a global footprint, that has come to us for advice on Penetration Testing.

This is not our core business area and are therefore looking to recommend vendors to the client. We have a few relationships, but fear these may be dated and hence would like some advice:

- Can anyone recommend top-end, premier, 'clever' penetration testing firms? Preferable ones that operate and have experience in this geographical region? Our client is not looking for 'box tickers' or to simply meet regulatory requirements, they want their global network tested, weakest links found, exploited and pragmatic, actionable recommendations made.

- What is the going rate for this type of service?

Thanks
0
Comment
Question by:Roger Adams
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:raghav_lal
ID: 36565019
AT&T Security Managed services team/Ernst & Young/PwC

0
 
LVL 38

Expert Comment

by:younghv
ID: 36566510
r0cky07,
It's been a long time since I did this kind of work, but I've been through training (and some collaboration) with some of the people from: http://www.raytheon.com/

This company has been in the business for a very long time and will be able to cusomize a plan for your client.

The costs are going to be entirely dependent upon the scope of work that will be agreed to prior to the work commencing.

Raytheon and all of the other companies I worked with are used to global/remote functionality and testing - and they are insured and bonded.

In my experience, the government/military contractors stay current with the current techniques (and threats).

One of the largest companies I worked with was SAIC, but if you do a Google search for SAIC+fraud, you can make your own decision about approaching them.
0
 

Author Comment

by:Roger Adams
ID: 36566877
Thanks for your comments guys.

I understand estimating pricing is complex. What is a the ball park pricing structure on this type of project? e.g.  typical day rate, hourly rate etc?

0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 36566950
I've never seen a cost presented that way.

The last time I did this, we had several email exchanges with the vendor to establish what we wanted done, then held an on-site meeting to finalize (finalise) the "Scope of Work".

We ended up with a three year contract with a minimum number of tests that would be spread over the entire period - and accompanied by remediation recommendations for any vulnerabilities found. The actual remediation was always done by my team (regulations prevented outsiders from performing it).

This was several years ago (now retired) and the details are somewhat hazy, but the cost was about US$10,000/year for the three year contract.
0
 
LVL 1

Expert Comment

by:raghav_lal
ID: 36567350
Pricing varies according to the requirements including a one time or a recurring option.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now