Friday, November 30, 2007

Sword and Shield ( A )

Sword and Shield Enterprise Security ("SSES") offers a wide range of quality Professional Security Services that include Enterprise Security, Compliance/Governance, Penetration Tests, Payment Card Data Security, Incident Handling/Forensics, and Managed Services. When we browsed through their website, we found it to be accurate, well written and truthful.

In fact, we were so impressed with the technical depth and content of their website that we decided to call them while posing as a prospective customer to see what kinds of services they could truly deliver and to see if we could stump them. This usually works because websites often advertise services that can't be delivered in full, but this was not the case with Sword and Sheild. They were actually more impressive on the telephone than they were on the web!

Not only were we impressed by their service offerings, but we were also impressed because of the technical depth of the conversation that we were able to have with the Sword and Sheild Account Manager. (Its not often that you get a technically capable Account Manager.) We called them asking to remain anonymous, claiming that we were trying to decide on three vendors of interest. This anonymity would turn most vendors off, but not Sword and Shield. They treated us in a respectful manner answered all of our questions quickly and honestly, including pricing questions! In fact, they even sent us sample reports (which looked pretty good).

When we threw terms at them like evasive testing, distributed metastasis, etc, they didn't even blink. They knew what we were talking about immediately which is far more than we can say for most Professional IT Security Service Providers. They also have their terminology right. When we asked them for a price quote for a Penetration Test they asked "Are you sure that you want a penetration test? Penetration tests will actually compromise computers." This amazed us because they are the first vendor that we've talked to that properly differentiates Penetration Testing and Vulnerability Assessments. Most vendors sadly don't know the difference.

When focusing on the Sword and Sheild homepage we noticed that the writing was professional, clear, technical and accurate. Again that is more than we can say for most of the Professional IT Security Service Providers. Many providers try to use complex and unclear sentences mixed with technical jargon so that they sound like they know what they are talking about when they really don't. Sword and Sheild don't do that, they actually know what they are talking about and take the time to educate their customers and prospects.

The only gripe that we have with Sword and Sheild is that they did not fully respect our request to remain anonymous. Shortly after we talked with them and received their sample reports, we received a second email from the Account Manager. He made an attempt at identifying us by searching for "vocovi" on google, ebay and other places. While we appreciate the fact that he's technical enough to do that, he should have done more homework before jumping to conclusions about who he thought we were. That being said, he did give us another good company to review, which we'll do later.

All in all, we'd recommend Sword and Sheild despite their almost impulsive attempt to figure out who we are. They are a capable security company that offers real services and they have the ability to deliver. So Sword and Sheild, keep up the good work!

Score Card (Click to Enlarge)

No comments: