Solved

Pentration testing vendor advice

Posted on 2011-09-19
5
264 Views
Last Modified: 2013-11-29
Hi,

We have a North American client, who`s firm has a global footprint, that has come to us for advice on Penetration Testing.

This is not our core business area and are therefore looking to recommend vendors to the client. We have a few relationships, but fear these may be dated and hence would like some advice:

- Can anyone recommend top-end, premier, 'clever' penetration testing firms? Preferable ones that operate and have experience in this geographical region? Our client is not looking for 'box tickers' or to simply meet regulatory requirements, they want their global network tested, weakest links found, exploited and pragmatic, actionable recommendations made.

- What is the going rate for this type of service?

Thanks
0
Comment
Question by:Roger Adams
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:raghav_lal
ID: 36565019
AT&T Security Managed services team/Ernst & Young/PwC

0
 
LVL 38

Expert Comment

by:younghv
ID: 36566510
r0cky07,
It's been a long time since I did this kind of work, but I've been through training (and some collaboration) with some of the people from: http://www.raytheon.com/

This company has been in the business for a very long time and will be able to cusomize a plan for your client.

The costs are going to be entirely dependent upon the scope of work that will be agreed to prior to the work commencing.

Raytheon and all of the other companies I worked with are used to global/remote functionality and testing - and they are insured and bonded.

In my experience, the government/military contractors stay current with the current techniques (and threats).

One of the largest companies I worked with was SAIC, but if you do a Google search for SAIC+fraud, you can make your own decision about approaching them.
0
 

Author Comment

by:Roger Adams
ID: 36566877
Thanks for your comments guys.

I understand estimating pricing is complex. What is a the ball park pricing structure on this type of project? e.g.  typical day rate, hourly rate etc?

0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 36566950
I've never seen a cost presented that way.

The last time I did this, we had several email exchanges with the vendor to establish what we wanted done, then held an on-site meeting to finalize (finalise) the "Scope of Work".

We ended up with a three year contract with a minimum number of tests that would be spread over the entire period - and accompanied by remediation recommendations for any vulnerabilities found. The actual remediation was always done by my team (regulations prevented outsiders from performing it).

This was several years ago (now retired) and the details are somewhat hazy, but the cost was about US$10,000/year for the three year contract.
0
 
LVL 1

Expert Comment

by:raghav_lal
ID: 36567350
Pricing varies according to the requirements including a one time or a recurring option.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now