As it turns out, their website is actually very well written. On the first page of their website in the lower right hand corner you see a "Security Advisories and Articles" section. Under that section we see security advisories that were released by, and authored by Netragard. In fact, those advisories are the product of Netragard's own research performed by their SNOsoft Research Team. This is more than we can say for most Professional IT Security Service Providers as most of them host third party advisories and news. Netragard seems to make their their own news.
We also noticed that some of the articles that were referenced under the news section were directly linked to Forbes, e-week and other similar high profile magazines. After reading some of the articles we realized that Netragard wasn't being written about in the same manner as other security companies. In fact, most of the articles were fairly bleeding edge. For example, this article from SC Magazine thanks Netragard's Kevin Finisterre for finding a bug in Apple's X Code Tools. While this article talks about Adriel T. Desautels, Netragard's CTO and exploit brokering as well as historical HP/SNOsoft/DMCA issues.
While digging into the Netragard services, both on the phone and via their website, we also noticed a significantly different edge than we've seen in most Professional IT Security Service Providers. For example, they advertise and clearly explain Penetration Testing Techniques
that are used by real world hackers such as Distributed Metastasis, Stealth Penetration, Blind Penetration, and Directed Penetration (most commonly offered by providers.). They also use (and we verified this by looking at sample deliverables) very deep testing methodologies that are versions of the OSSTMM and OWASP which are augmented by their own Vulnerability Research and Development methodologies.
One last thing that we should mention is that Netragard's SNOsoft Research Team has been around for quite a while. They gained international recognition in 2001 when they performed Research HP's Tru64 Operating System. According to articles and emails, HP tried to quash their research by threatening them with the DMCA and other similar things. SNOsoft did not back down and in the end actually prevailed!
All in all we are very impressed with Netragard and would recommend Netragard to anyone that is serious about their security. So far, they are the most "hardcore" security company that we've reviewed. They have minimal marketing fluff, and they seem to live on the bleeding edge of information security. Based on what we've seen, Netragard can do a lot to help you raise your proverbial security bar.
Score Card ( Click to Enlarge)
2 comments:
Just wanted to say thank you for doing such a great review on our parent company! We're very happy to see that someone is finally doing the work that you are doing. Keep up the good work and keep it honest!
Hello,
I would like to say that while this review is accurate as a client though I can tell you it still does not do them justice. We contracted Netragard for a vulnerability assessment for our website which is a national financial institution. They did not scan and audit our website like some other security services have done in the past. They went after it like some one who wanted to break in and not get caught. They read the source code looking for errors altered the java to try cross side scripting attacks obfuscated the sql injection attacks. As the AVP in INFOSEC I had a report I could use and not only did we get what we paid for I don't think we paid them enough.
Post a Comment