Penetration Test Vendors

Anyone have any suggestions for a decent vendor that provides network
penetration testing? We have a customer requirement for a third party
test for a certain facility. Have you used anyone that you thought did a
great job? Anyone you would suggest avoiding?

Replies can be sent off list and I will summarize any feedback I might
get from the community if anyone is interested.


I'm interested in a summary of what people suggest.


Depends on where you are... I've used Sysnet in Europe ( and
they are excellent. We used Deloitte (
in non-european countries, with not such a good result (but other people may
have different experiences).



If I wanted someone to do this, I'd probably look at a security vendor
instead of a general purpose consulting firm.

Some examples off the top of my head might include IBM's ISS and


Metasploit / Rapid7 (open source)

BreakingPoint Systems (commercial)


I use to use ISS on the last 4 year. They are very good. Helped us find many problem and suggest mitigation for each of them.

Secureworks MSS group, formerly VeriSign's MSS division, has a great
pentest group.



British Telecom managed services, Mandiant and Inguardians.

Verizon Business (formerly CyberTryst formerly ...)?

Pen-testing for what?

Verizon Business ( purchased the cybertrust group)