Full Disclosure mailing list archives
[Professional IT Security Providers - Exposed] Syrex ( B )
From: secreview <secreview () hushmail com>
Date: Fri, 4 Jan 2008 13:27:51 -0800 (PST)
Syrex, located at http://www.syrex.com, is a quality Professional IT Security Services Provider that offers Risk Assessments, Risk Mitigation, Security Management, Security Training and Incident Response as well as advanced networking services. We found Syrex because they came to us and requested that we perform a review, so here are the results.Looking at the Syrex website was refreshing in comparison to some of the other websites that we've reviewed. Not only was theirs written clearly, but the services were well defined and the content was complete. It is also clear that Syrex is ready to service a wide range of companies based on the structure of their service offerings. For example, under the Risk Assessment offering they have a specific "Snapshot offering" to help meet the requirements of smaller companies that can't afford a more intense service.Syrex is not your average Professional IT Security Services Provider in that they do not offer Penetration Testing or ethical hacking type services. They also do not offer Web Application Security Assessments or source code reviews (at least not yet). Instead, Syrex helps their customers by performing complete or partial OSSTMM based security audits. The results of those audits enables Syrex to enhance the overall security of their customers IT Infrastructures by exposing weaknesses in policies, proceedures, technologies, etc. and proving remediation services. While these auditing services are not as technically deep as penetration testing services, or web application security assessment services, they do help to raise the proverbial security bar.When speaking with the founder of Syrex, we learned that they do in fact have talent. The founder himself has a deep understanding of Intrusion Detection Systems ("IDS") and Intrusion Prevention Systems ("IPS"), Security Information Management Systems ("SIMS"), network and routing protocols, as well as key Cisco technologies like the ASA, Clean Access, ACS, MARS, and CSM. In conjunction with this, he also has experience as a programmer and understands quite a bit about malware, viruses, and other malicious technologies. This is more than we can say for a lot of the other companies that we've interviewed.Another thing that we were impressed with during our telephone interview was the amount of effort that Syrex put into being honest and ethical. On multiple occasions they pointed out limitations in their service capabilities, and at no point did they try to flaunt anything that they were not certain about. This is the second company that we've interviewed that did not make an effort to sound like they are the best. Instead, they talk the talk and walk the walk.In conjunction with the telephone interview and website review, we were given sample reports and materials. When reviewing the reports it became immediately clear that Syrex was focused on providing their customers with high quality services that were in fact human driven. The reports were very obviously not the product of automated tools, but instead were the product of human talent. Again, this is more than we can say for a lot of the companies that we review. Most companies these days seem to rely heavily on automation and have little to no real human talent.All in all we would recommend using Syrex if you are looking to increase your levels of security. They will help you define methods for properly managing and maintaining your network, people and information, all the wile being honest and ethical. We almost feel bad giving Syrex a B instead of an A, but they are missing research and development capabilities, as well as advanced service delivery capabilities. Other than that, great company! Keep up the good work Syrex!Score Card ( Click to Enlarge ) -- Posted By secreview to Professional IT Security Providers - Exposed at 1/04/2008 01:24:00 PM
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Professional IT Security Providers - Exposed] Syrex ( B ) secreview (Jan 04)