Main Nav

TrustCC has done good work on main , north (health science Center) campuses and UNM hospitals. Cheers.-Grish David Grisham, PhD, CISM Manager, IT Security, UNMH, HSC >>> "Blair R. Bernhardt" 12/18/2012 3:01 PM >>> Does anyone have any recommendations for companies that do penetration testing? We are considering bringing in an outside company to do penetration testing on Lehigh's systems and network and would like someone with experience in the higher ed domain. Reply here or off-line if you prefer. Thanks. -- Blair R. Bernhardt, Ed.D. Security and Information Policy Officer Lehigh University


Do you actually mean "penetration testing" or do you really want a vulnerability assessment? Or just an external vulnerability scan? LOTS of folk will do a Nessus-like scan, possibly rating the vulnerabilities high/medium/low, but very few will go further and say "your security status is passing/failing". I don't think "zero defects" is reasonable for higher ed; we're not a bank or military facility. Our job is to distribute information. So what do you really want?
If you just want a scan Tenable provides the Nessus scan from off-site for $3,600/year. You configure it and run it when and on what you want. From that information you can see what ports are open and a rough idea of what might be vulnerable. Then you can dive deeper with other tools or farm it out. Thx Steve
Spider Labs. an affiliate of Trustwave, offers Pen-Test services.