Subject: [Dshield] Outsourced Vulnerability scanning?

Tony Carothers tony.carothers at lifestreamtech.com
Fri Mar 1 15:11:32 GMT 2002


www.e3tech.net  does this kind of thing now.  VERY sharp group.

-----Original Message-----
From: mmcgillis [mailto:mmcgillis at inline.com]
Sent: Friday, March 01, 2002 6:33 AM
To: list at dshield.org
Cc: mmhome at iqmail.net
Subject: Re: Subject: [Dshield] Outsourced Vulnerability scanning?


My guess is that they are charging to set up and monitor a snort box. 



On Thu, 28 Feb 2002, David Sentelle wrote:

> 
> I know a friend who's network is being monitored by SecureWorks.  Info on
them is available at www.secureworks.net 
> 
> >From what I understand they email you daily with totals on the types of
attacks and probes they've deterred.  The sample I saw seemed to be focusing
on CodeRed and Nimda, but also reported some Queso, Syn/Fin, and Wingate
probes.  They put a 1U rackmountable (cobalt?) UNIX box of some type between
your router and the protected network.  This computer can operate in
monitoring or blocking mode, depending on what you request of them.  
> 
> I am not sure what their services cost, but seem to remember wondering
where they were going to make money handing out that equipment and
(presumably) assuming liability.
> 
> My friend did say that his firewall sitting behind their box still rejects
lotsa of packets, which makes me wonder what that box is doing, anyhow.
> 
> 
> --__--__--
> 
> Message: 2
> From: "MM" <mmhome at iqmail.net>
> To: <list at dshield.org>
> Date: Wed, 27 Feb 2002 14:31:15 -0600
> Organization: SSI
> Subject: [Dshield] Outsourced Vulnerability scanning?
> Reply-To: list at dshield.org 
> 
> Does anyone know of a good IT auditing firm that focuses on monthly
> vulnerability scanning? My company needs a third-party to outsource this
> security service to for legal liability purposes. We have looked into
@Stake
> and larger players, but they charge an exorbitant amount of money for
little
> work. We have looked at smaller players like Strongboxsecurity.com and
like
> their low cost subscription service, but what I really wanted to know is
> does anyone have any suggestions to picking a security vendor that does
this
> kind of work and what I should watch out for?
> Kevin
> 
> 
> This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they are
addressed. If you have received this e-mail in error, please notify
admin at cnbcbank.com and delete it from your system.
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/list
> 
> 

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/list




More information about the list mailing list