VirtualizationSecurity

News: $2,000 Network Penetration Test Changes the Cyber Security Industry

VirtualizationSecurity

If you’ve ever engaged the services of a penetration testing company, you know they’re not cheap. In fact, it’s not unusual to feel you’ve been slapped, thrown in a bag, and hung up to dry. These types of costs can be absorbed by larger companies and enterprises, but not smaller ones, which lack the budgets to take that kind of hit.

Most small and medium businesses (SMBs) lack the funding for a five-figure report. Yet, it can be argued that these companies are more in need of this sort of professional aid. If they lack the budget for penetration testing, they also lack the budget for a large team of security experts to continually monitor and protect their assets.

So, what exactly do companies in this position do to protect themselves? Usually, they rely on the ISP that provides their ADSL or FIOS link and a couple of copies of consumer-grade AV and malware protection. I know that some companies are more thorough than this, but I’m talking about the vast majority of SMBs.

These are small businesses that take payments. It’s considered “OK” because customers use the bank-authorised applications, running on a machine protected by a consumer-grade AV product, connected to the Internet via an ADSL router that has default settings, because obviously the ISP has configured it to be safe.

This should be a cause for concern. How sure can you be that these businesses conform to regulations like those of the PCI (payment card industry), when they can’t afford the cost of a full penetration test?

Well, as of February 26, this is no longer the case. The Cyber Protection Group has announced it is offering a network penetration test and vulnerability assessment for only $2,000. This is great news for SMBs, as breaches seem to have become the norm, and the demand for network and web application security is increasing rapidly.

How can the Cyber Protection Group provide this service for a fifth of the usual going rate? Simple economics. It has lower overhead and a greater run rate. If you take a traditional penetration tester that charges $10,000 per test, it typically does one or two tests a month, which runs to twelve through twenty-four per annum, generating $120K to $240K in revenue. At the price the Cyber Protection Group is offering, it should be conducting one to three tests per week, and the rate will pick up rapidly as the demand increases. It should quickly ramp up to $8,000 and $12,000 per week and will keep its consultants busy over the course of a year, not sitting on a bench.

One potential fly in the ointment is the consultant knowledge base. Consultants who are fully engaged on customer sites may not have the time to keep their knowledge up to date on new threats and ingression testing.

So, what you get for your $2K is a standard non-exploitation test. If Cyber Protection Group finds any vulnerabilities, it will not exploit them but will give you a report and advice on remediating them. Cyber Protection Group runs the test remotely, so it avoids additional costs surrounding travel and overnight stays. Long story made short, if you have up to fifty external IP addresses and are worried about your IT security, this looks like a cost-effective offering.

 

Share this Article:

The following two tabs change content below.
Tom Howarth
Tom Howarth is an IT Veteran of over 20 years experience and is the owner of PlanetVM.Net Ltd, Tom is a moderator of the VMware Communities forum. He is a contributing author on VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment, and the forthcoming vSphere a Quick Guide. He regularly does huge virtualization projects for enterprises in the U.K. and elsewhere in EMEA. Tom was Elected vExpert for 2009 and each subsequent year thereafter.

Related Posts:

Leave a Reply

Be the First to Comment!

wpDiscuz