Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

Pentration testing vendor advice

Hi,

We have a North American client, who`s firm has a global footprint, that has come to us for advice on Penetration Testing.

This is not our core business area and are therefore looking to recommend vendors to the client. We have a few relationships, but fear these may be dated and hence would like some advice:

- Can anyone recommend top-end, premier, 'clever' penetration testing firms? Preferable ones that operate and have experience in this geographical region? Our client is not looking for 'box tickers' or to simply meet regulatory requirements, they want their global network tested, weakest links found, exploited and pragmatic, actionable recommendations made.

- What is the going rate for this type of service?

Thanks
0
Roger Adams
Asked:
Roger Adams
  • 2
  • 2
1 Solution
 
raghav_lalCommented:
AT&T Security Managed services team/Ernst & Young/PwC

0
 
younghvCommented:
r0cky07,
It's been a long time since I did this kind of work, but I've been through training (and some collaboration) with some of the people from: http://www.raytheon.com/

This company has been in the business for a very long time and will be able to cusomize a plan for your client.

The costs are going to be entirely dependent upon the scope of work that will be agreed to prior to the work commencing.

Raytheon and all of the other companies I worked with are used to global/remote functionality and testing - and they are insured and bonded.

In my experience, the government/military contractors stay current with the current techniques (and threats).

One of the largest companies I worked with was SAIC, but if you do a Google search for SAIC+fraud, you can make your own decision about approaching them.
0
 
Roger AdamsAuthor Commented:
Thanks for your comments guys.

I understand estimating pricing is complex. What is a the ball park pricing structure on this type of project? e.g.  typical day rate, hourly rate etc?

0
 
younghvCommented:
I've never seen a cost presented that way.

The last time I did this, we had several email exchanges with the vendor to establish what we wanted done, then held an on-site meeting to finalize (finalise) the "Scope of Work".

We ended up with a three year contract with a minimum number of tests that would be spread over the entire period - and accompanied by remediation recommendations for any vulnerabilities found. The actual remediation was always done by my team (regulations prevented outsiders from performing it).

This was several years ago (now retired) and the details are somewhat hazy, but the cost was about US$10,000/year for the three year contract.
0
 
raghav_lalCommented:
Pricing varies according to the requirements including a one time or a recurring option.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now