General discussion

  • Creator
    Topic
  • #2193430

    Trace Security

    Locked

    by larrywpace ·

    I have just hired Trace Security to do some vulnerability testing and social engineering for us. We have signed a contract and will be working with them for quite some time. any body have any good stories to report that they found. I’m particulary insterested in the internal threats that were found from employees who are not security conscious. http://www.tracesecurity.com

All Comments

  • Author
    Replies
    • #2593786

      Not impressed

      by tom.dejoira ·

      In reply to Trace Security

      Trace is an average provider. Not bad, but there are much more professional and skilled companies available for the costs.

      • #2755077

        Dissatisfied PREVIOUS Customer

        by 1pwnedu ·

        In reply to Not impressed

        The marketing machine behind Trace is fueled by on site “one-on-one social engineering” posing as someone you are not in an attempt to get unescorted and steal data.

        No where in any of the reports for my company do you address or recommend a
        layered security model which would prevent that data loss in the first place.

        The reports are generated from scans that you run and have little to do with the overall security posture of my network.
        You focus more on policy review than on implementing proper network controls.

        Let?s face it, a hacker or unauthorized user does not care about my policies. The full report is over 1479 pages and far too large for anyone to ever actually read which renders is pointless.

        Reports are canned and contain errors. If you review the 3 reports you have generated for us so far, you will see the discrepancies. Reports are late and don’t have much personalized information about my
        environment. You recommend that I outsource my IDS monitoring which is what we did
        before I arrived. The value for the 3rd party IDS vendor was non-existent and they added no value so I terminated the relationship

        I need a vendor who is interested in defense in depth, controls & architecture.

        I need a vendor who is an expert in the above areas and has skilled employees who can exploit vulnerabilities in the same fashion an unauthorized person would.

        I need a vendor that is not too busy selling product from sensationalism and looses focus on defense in depth, controls & architecture.
        Posing as an exterminator and trying to get unescorted does not meet those criteria.

Viewing 0 reply threads