Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding? Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested. George
I'm interested in a summary of what people suggest. --Matt On Tue, Jun 22, 2010 at 4:48 PM, George Bonser <gbonser@seven.com> wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
George
-- LITTLE GIRL: But which cookie will you eat FIRST? COOKIE MONSTER: Me think you have misconception of cookie-eating process.
Depends on where you are... I've used Sysnet in Europe (www.sysnet.ie) and they are excellent. We used Deloitte ( http://www.deloitte.com/view/en_GX/global/services/enterprise-risk-services/...) in non-european countries, with not such a good result (but other people may have different experiences). Regards, Ken On 22 June 2010 14:48, George Bonser <gbonser@seven.com> wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
George
If I wanted someone to do this, I'd probably look at a security vendor instead of a general purpose consulting firm. Some examples off the top of my head might include IBM's ISS and SecureWorks. -Scott -----Original Message----- From: Ken Gilmour [mailto:ken.gilmour@gmail.com] Sent: Tuesday, June 22, 2010 4:58 PM To: George Bonser Cc: nanog@nanog.org Subject: Re: Penetration Test Vendors Depends on where you are... I've used Sysnet in Europe (www.sysnet.ie) and they are excellent. We used Deloitte ( http://www.deloitte.com/view/en_GX/global/services/enterprise-risk-services/ security-privacy-resiliency/pcidss/index.htm) in non-european countries, with not such a good result (but other people may have different experiences). Regards, Ken On 22 June 2010 14:48, George Bonser <gbonser@seven.com> wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
George
Metasploit / Rapid7 (open source) BreakingPoint Systems (commercial) Sent from my mobile device... Chris On Jun 22, 2010, at 4:28 PM, "Scott Berkman" <scott@sberkman.net> wrote:
If I wanted someone to do this, I'd probably look at a security vendor instead of a general purpose consulting firm.
Some examples off the top of my head might include IBM's ISS and SecureWorks.
-Scott
-----Original Message----- From: Ken Gilmour [mailto:ken.gilmour@gmail.com] Sent: Tuesday, June 22, 2010 4:58 PM To: George Bonser Cc: nanog@nanog.org Subject: Re: Penetration Test Vendors
Depends on where you are... I've used Sysnet in Europe (www.sysnet.ie) and they are excellent. We used Deloitte ( http://www.deloitte.com/view/en_GX/global/services/enterprise-risk-services/ security-privacy-resiliency/pcidss/index.htm) in non-european countries, with not such a good result (but other people may have different experiences).
Regards,
Ken
On 22 June 2010 14:48, George Bonser <gbonser@seven.com> wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
George
Pen-testing for what? -----Original Message----- From: Scott Berkman [mailto:scott@sberkman.net] Sent: Wednesday, June 23, 2010 1:28 AM To: 'Ken Gilmour'; 'George Bonser' Cc: nanog@nanog.org Subject: RE: Penetration Test Vendors If I wanted someone to do this, I'd probably look at a security vendor instead of a general purpose consulting firm. Some examples off the top of my head might include IBM's ISS and SecureWorks. -Scott -----Original Message----- From: Ken Gilmour [mailto:ken.gilmour@gmail.com] Sent: Tuesday, June 22, 2010 4:58 PM To: George Bonser Cc: nanog@nanog.org Subject: Re: Penetration Test Vendors Depends on where you are... I've used Sysnet in Europe (www.sysnet.ie) and they are excellent. We used Deloitte ( http://www.deloitte.com/view/en_GX/global/services/enterprise-risk-services/ security-privacy-resiliency/pcidss/index.htm) in non-european countries, with not such a good result (but other people may have different experiences). Regards, Ken On 22 June 2010 14:48, George Bonser <gbonser@seven.com> wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
George
Verizon Business ( purchased the cybertrust group) -----Original Message----- From: Chris Gravell [mailto:chris.gravell@green.ch] Sent: Thursday, June 24, 2010 2:39 PM To: nanog@nanog.org Subject: RE: Penetration Test Vendors Pen-testing for what? -----Original Message----- From: Scott Berkman [mailto:scott@sberkman.net] Sent: Wednesday, June 23, 2010 1:28 AM To: 'Ken Gilmour'; 'George Bonser' Cc: nanog@nanog.org Subject: RE: Penetration Test Vendors If I wanted someone to do this, I'd probably look at a security vendor instead of a general purpose consulting firm. Some examples off the top of my head might include IBM's ISS and SecureWorks. -Scott -----Original Message----- From: Ken Gilmour [mailto:ken.gilmour@gmail.com] Sent: Tuesday, June 22, 2010 4:58 PM To: George Bonser Cc: nanog@nanog.org Subject: Re: Penetration Test Vendors Depends on where you are... I've used Sysnet in Europe (www.sysnet.ie) and they are excellent. We used Deloitte ( http://www.deloitte.com/view/en_GX/global/services/enterprise-risk-services/ security-privacy-resiliency/pcidss/index.htm) in non-european countries, with not such a good result (but other people may have different experiences). Regards, Ken On 22 June 2010 14:48, George Bonser <gbonser@seven.com> wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
George
I use to use ISS on the last 4 year. They are very good. Helped us find many problem and suggest mitigation for each of them. -----Original Message----- From: George Bonser [mailto:gbonser@seven.com] Sent: Tuesday, June 22, 2010 5:48 PM To: nanog@nanog.org Subject: Penetration Test Vendors Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding? Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested. George
Secureworks MSS group, formerly VeriSign's MSS division, has a great pentest group. Best, Marty On 6/22/10, George Bonser <gbonser@seven.com> wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
George
British Telecom managed services, Mandiant and Inguardians. -----Original Message----- From: George Bonser [mailto:gbonser@seven.com] Sent: Tuesday, June 22, 2010 4:48 PM To: nanog@nanog.org Subject: Penetration Test Vendors Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding? Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested. George Confidentiality Notice: The information contained in this e-mail and any attachments (including, but not limited to, any attached e-mails) may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.
On 6/22/2010 10:48 PM, George Bonser wrote:
Anyone have any suggestions for a decent vendor that provides network penetration testing? We have a customer requirement for a third party test for a certain facility. Have you used anyone that you thought did a great job? Anyone you would suggest avoiding?
Replies can be sent off list and I will summarize any feedback I might get from the community if anyone is interested.
Verizon Business (formerly CyberTryst formerly ...)?
participants (11)
-
Chris Fenton -
Chris Gravell -
Dante Martins -
Delgado,Rodolfo -
George Bonser -
Ken Gilmour -
Laurens Vets -
Martin Hannigan -
Matt Simmons -
Scott Berkman -
suess13@cfl.rr.com