Pricing and Fees
PEN Consultants offers the most competitive pricing on the market for security testing services. When considering hiring a company, many people ask, can I afford this? The question that should be asked, though, is can you afford NOT to do this? Think about what a breach will cost if a malicious attacker finds the gaps in your network. As seen in the report from Ponemon Institute, the average cost, per breach, is $3.62 million.
Our security testing prices are only $225/hr, which provides you the lowest cost, quality security testing services in the industry! The exact total fee for an engagement is based on projected hours for the testing, which is determined during a no-obligation scoping call.
Below is a list of services we offer. Click on each service to learn more! If you have questions or would like more information, please contact us.
Competitor’s Pricing 60
Security Testing Services
It is vital to discover unmitigated/undetected attack vectors and remedy them before an adversary does. PEN Consultants can help you do just that. By mimicking the actions of a hacker, we can uncover potential attack vectors (vulnerabilities, misconfigurations, detection gaps, etc.) that would greatly damage your organization by compromising your data. But, unlike a hacker, we will perform the attacks with great care (to maintain confidentiality/integrity/availability of your data and systems) and will follow up with an actionable plan for you to protect yourself.
Although there is no magic bullet, and you’ll never achieve “100% secure”, the benefits of having on-going security testing performed is significant. To read more about these benefits, Google: “benefits of red teaming“.
PEN Consultants offers traditional Vulnerability Scanning, Penetration Testing, and Red Teaming services. In addition to our core services, we also offer customized services, the exact blend of which is driven by the unique needs of each of our clients. For example, some clients want an exclusive deep dive web application testing, while others want a broad “everything is fair game” engagement. Others bring us in to simply test their incident response team, perform phishing evaluations, or lead lunch-and-learn trainings. We will tailor the engagement to your organization’s specific needs, which will be based on your risk concerns.
What is the difference between “Vulnerability Scanning”, “Vulnerability Assessments”, “Penetration Testing”, and “Red Teaming”? What do they mean? Which one do you need performed on your systems? For a detailed look at this topic, and to make an informed decision about what testing best meets your organization’s needs, check out this blog post: Red Teaming vs Penetration Testing vs Vulnerability Scanning vs Vulnerability Assessments
Example testing techniques and services performed during a given engagement 10:
- Physical access attacks (network/wiring closets, offices, computers, etc.) 20
- Wireless attacks (rouge APs, inadequate encryption, bruteforcing keys, circumventing radius authentication, etc.)
- Network attacks (routers, switches, firewalls, etc.)
- Enumerate all network attached devices (discovery and port/services enumeration)
- Social engineering (phishing, dumpster diving, tailgating, masquerading, etc.)
- Endpoint / IoT attacks (computers, servers, PEDs, projectors, TVs, Disc players, etc.)
- Unpatched vulnerabilities (scans, CVE checks, etc.)
- Application attacks (CVEs, binary patching/trojanizing, etc.) 30
- Network service attacks (web, email, FTP, SSH, DNS, etc.)
- Website attacks (Injection, authentication bypass, XSS, CSRF, SQLi, etc.)
- 3rd party “cloud” providers (HR services, email/web service, etc.) 40
- Suite of industry standard “eval” tools (Nessus, opanVas, etc.)
- Suite of “hacker” tools (PSEmpire, Metasploit, etc.)
- Misconfigurations and logic flaws
- In-depth manual analysis
- Cursory network/host forensics (has it already been exploited?)
- Individual technique testing: phishing exercise(s), threat emulation (ex. Mitre ATT&CK technique(s)), port|vuln scan(s), etc.
- Training: lunch-and-learns/brown-bags, in-depth skills training, CTFs, tabletop exercises, etc.
- Consulting: via email, phone, slack, on-site, video conference, etc. with a defined cadence or adhoc/as-needed basis
- SOC staff augmentation: writing new detections, reviewing and testing existing detections, product evaluation/bakeoff, etc.
- And so much more
By hiring PEN Consultants to mimic the actions of a hacker, you can be confident knowing your organization has Rock Solid Security.
10: The list is not inclusive and in no way guarantees all these attacks/tests will be performed. Examples: (ex. 1) It would be rare to have a physical access attack component with an application security testing engagement. (ex. 2) We would most likely avoid all “noisy” automated scanning/eval tools during a stealthy Red Teaming engagement. (ex. 3) Only a Red Teaming engagement or social engineering assessment would include social engineering.
20: Physical attacks will not be possible with remote-only testing. Social engineering will be limited to remote-only (via phone, email, etc.). Wireless attacks would not be possible, etc..
30: Application attacks for the general pentesting/red teaming is limited to looking for known vulnerabilities and testing of common attack vectors against applications. To fully evaluate an application(s), the separate Application Testing Service is required.
40: Although 3rd party vulnerabilities are discovered in nearly every security testing engagement, in most cases, this is the most limited of testing and you may only be given limited details about the discovery. This is due to the fact that we may/may not obtain the third party’s permission for testing (ex. bug bounty), and have an obligation to withhold disclosure of any discovered vulnerabilities for a period of time to allow for a “patch”. With that said, we are usually able to “manually” evaluate most 3rd party service provider’s services and work directly with the provider to responsibly disclose the vulnerability and track it until mitigated. In the end, you are more secure, as are their other customers. We typically get approval to release at least some of the details, if not all, to our clients.
50: Quarterly engagements require an initial full-scope engagement.
60: Hourly pricing is based on the 12-month average published rate for a Subject Matter Expert – Level III. Total Red Teaming service cost calculated at the same number of labor-hours as listed above.