Webfargo ( D )

Webfargo should be called an IT Company and not a Security Company. This becomes evident as you read through their website and study the services that they offer. At no point in their website do they demonstrate any clear security expertise, but they do demonstrate an ability to perform IT augmentation services such as firewall management and router management services.

When it comes to their Managed IDS Technologies, you'd probably be better off downloading prelude-ids from http://www.prelude-ids.org and binding it to snort with prelude-lml than using their service. The Webfargo managed IDS solution is based strictly on snort, which is a free Network Intrusion Detection Engine (download it from http://www.snort.org). Their solution does not provide any event correlation what so ever. Even more, it does not contain any log management, centralization or correlation capabilities. Frankly, its just doesn't seem to be worth the money as there are better free solutions that are readily available.

When it comes to their Professional Security Services, such as performing Assessments and other security tests, we weren't impressed at all. They confuse terminology when they say that they target the "LAN" with an "External Vulnerability Assessment". The LAN is after all the internal network and is not accessible during the performance of an External assessment. Also and oddly, they do not offer any penetration testing services. If they do, then they are not advertised on their website in any clear way.

Webfargo is also not an active participant in the security research community. We have never seen a published Webfargo security advisory (and we've looked). When choosing a Professional Security Services Provider it is important that they perform their own security research. Security research keeps a team's skill set honed and can be applied to services like Penetration Tests, Web Application Assessments, and Vulnerability Assessments. Webfargo doesn't appear to do any of that.

All in all Webfargo is not a company that we'd recommend using for the performance of professional security services; At least not if you are serious about protecting your network from real world hackers. We'd recommend finding a company with real security capabilities. With that said, Webfargo most probably does offer useful managed IT Services.

Our opinions are based on our own research and our own professional experience. If any of the comments in this post are wrong, please feel free to comment with a correction. If the correction is legitimate then we'll post a change.

Score Card (Click to Enlarge)