Anyone have any suggestions for a decent vendor that provides network
penetration testing? We have a customer requirement for a third party
test for a certain facility. Have you used anyone that you thought did a
great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might
get from the community if anyone is interested.
I'm interested in a summary of what people suggest.
Depends on where you are... I've used Sysnet in Europe (www.sysnet.ie) and
they are excellent. We used Deloitte (
in non-european countries, with not such a good result (but other people may
have different experiences).
If I wanted someone to do this, I'd probably look at a security vendor
instead of a general purpose consulting firm.
Some examples off the top of my head might include IBM's ISS and
Metasploit / Rapid7 (open source)
BreakingPoint Systems (commercial)
I use to use ISS on the last 4 year. They are very good. Helped us find many problem and suggest mitigation for each of them.
Secureworks MSS group, formerly VeriSign's MSS division, has a great
British Telecom managed services, Mandiant and Inguardians.
Verizon Business (formerly CyberTryst formerly ...)?
Verizon Business ( purchased the cybertrust group)