General discussion


Trace Security

By larrywpace ·
I have just hired Trace Security to do some vulnerability testing and social engineering for us. We have signed a contract and will be working with them for quite some time. any body have any good stories to report that they found. I'm particulary insterested in the internal threats that were found from employees who are not security conscious.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Not impressed

by tom.dejoira In reply to Trace Security

Trace is an average provider. Not bad, but there are much more professional and skilled companies available for the costs.

Collapse -

Dissatisfied PREVIOUS Customer

by 1pwnedu In reply to Not impressed

The marketing machine behind Trace is fueled by on site "one-on-one social engineering" posing as someone you are not in an attempt to get unescorted and steal data.

No where in any of the reports for my company do you address or recommend a
layered security model which would prevent that data loss in the first place.

The reports are generated from scans that you run and have little to do with the overall security posture of my network.
You focus more on policy review than on implementing proper network controls.

Let?s face it, a hacker or unauthorized user does not care about my policies. The full report is over 1479 pages and far too large for anyone to ever actually read which renders is pointless.

Reports are canned and contain errors. If you review the 3 reports you have generated for us so far, you will see the discrepancies. Reports are late and don't have much personalized information about my
environment. You recommend that I outsource my IDS monitoring which is what we did
before I arrived. The value for the 3rd party IDS vendor was non-existent and they added no value so I terminated the relationship

I need a vendor who is interested in defense in depth, controls & architecture.

I need a vendor who is an expert in the above areas and has skilled employees who can exploit vulnerabilities in the same fashion an unauthorized person would.

I need a vendor that is not too busy selling product from sensationalism and looses focus on defense in depth, controls & architecture.
Posing as an exterminator and trying to get unescorted does not meet those criteria.

Related Discussions

Related Forums