Network-1 unveils fixed-price security service

Network-1 Security Solutions Inc. now offers a fixed-price consulting service to help agencies assess the vulnerabilities of their network security.

Called the Tactical Remote Access Penetration Study (TRAPS), the package involves using "white hat" hackers to test how easy it is to penetrate an organization's network defenses over the Internet. Unlike other consulting services, however, Network-1 is providing these services at a set price, rather than billing for time, the company said.

TRAPS covers penetration testing of up to three Internet connections and one "class C" address range of about 256 Transmission Control Protocol/Internet Protocol addresses for $5,995. Waltham, Mass.-based Network-1 plans to offer TRAPS on the General Services Administration schedule, said Robert Russo, vice president of Network-1's Professional Services Group, which will offer the package to the federal government.

In the few days following TRAPS' launch, the company received inquiries from several state agencies. Among the unit's past federal clients is the Architect of the Capitol.

Network-1's professional services organization also sells to the government through Wang Government Services' GSA schedule, Russo said.

In conducting tests, Network-1 has employees certified by the International Information Systems Security Certification Consortium supervising the work. Network-1 technicians do the tests using a mix of off-the-shelf products and internally developed tools, Russo said. "We don't use hackers. These are professional people who know what they're doing."

The technicians also will try to use "little pieces of code" gathered from common hacker World Wide Web sites that can be used to breach network security, he said. The company then produces executive-level and technical reports that explain the client's vulnerabilities.

"This is a great deal," said Jim Hurley, a senior analyst for network security with Aberdeen Group. Entry-level pricing of $50,000 is "not abnormal" at the information technology consulting arms of the "Big Five" accounting firms. The reason midtier companies—who hire the consulting firms—only do security testing once a year is because the service is terribly expensive, Hurley said.

"We're trying to make it easier for people to do [security testing]," said Jim Gildea, director of product marketing for Network-1. "We're laying it out for you and saying, 'Here's a list of what we're testing, and it's at a fixed price.' " Additional Internet connections, address classes and servers, as well as limited "war dialing" exercises, can be added for an additional nominal charge, according to the company.

"We've seen this type of security sweep at more than four to five times what we're charging," Russo said.

-- Adams is a free-lance writer based in Alexandria, Va.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.