Well for starters, writing a company/service review by reading their website is akin to doing a movie review by looking at the trailer, think about it.<br><br>Second: people go to qualys resellers for the addon services/extra value that you can get/they may provide, as opposed to the stock services provided by qualys.
<br><br>And: with Qualys doing a bulk of the scanning work, they can devote the rest of their time to other aspects of their security service.<br><br>There are many possible scenarios. The bottom line is the service you're offering, is a disservice. Seriously. Buy and Try, or keep doing movie reviews on the trailer. No one takes this seriously. I read them for entertainment value only.
<br><br>Just like a trailer! OMG. See how well it all fits?<br><br>Are you siskel or ebert? or roper? who's left there anyway.<br><br><div class="gmail_quote">On Dec 18, 2007 11:07 AM, SecReview <<a href="mailto:secreview@hushmail.com">
secreview@hushmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">It is not highly possible that they have developed a high quality
<br>automated tool that covers all the basis because their price points<br>are not high enough to afford them a good development team. In<br>conjunction, they clearly advertise the use of QualysGuard all over<br>their website which is not their own tool.
<br><br>It is more likely that they are a "rubber stamp shop of approval"<br>that make a buck by enabling their customers to put a "check in the<br>box". Frankly, thats not security, thats even a a disservice. They
<br>are for all intents and purposes selling a false sense of security<br>to customers who don't know any better.<br><br>That said, I'd have to guess that you are Mitchell H. Levine as<br>you've taken this post so personally. If you are, then why don't
<br>you improve the quality of your service offerings so that we can<br>give you a better review. As it stands, you've received an F-<br>because of the poor quality of your service. Not even sure why<br>people would use your service instead of going direct to Qualys.
<br><br>Cheers<br><br><br><br><br><br>On Tue, 18 Dec 2007 05:39:48 -0500 SilentRunner<br><<a href="mailto:silentrunner@hushmail.com">silentrunner@hushmail.com</a>> wrote:<br>>Are you an idiot?<br>><br>>It is certainly more than possible that Audit Serve are a low
<br>>quality one-size-fits-all merchant. It is also equally possible<br>>that they have developed a high quality automated tool that covers<br>>all the basics and provides them a lead to upsell more advanced<br>>services. That's business, you get what you pay for.
<br>><br>>You don't know because you read their website with the critical<br>>eye<br>>of a self-important nerd, trying to be something you aren't (IE<br>>professional). You might as well write a car review by reading the
<br>>financial reports of the car manufacturer.<br>><br>>What you should have done at the very least is purchased their<br>>service and asked them to test elements of your pre-configured and<br>>properly baselined honey-net against known criteria. I'm guessing
<br>>that your student loan doesn't stretch beyond partying or you<br>>might<br>>have produced something useful, muppet.<br>><br>>SR<br>><br>><br>><br>><br>><br>>On Mon, 17 Dec 2007 20:46:59 +0000 secreview
<br>><<a href="mailto:secreview@hushmail.com">secreview@hushmail.com</a>> wrote:<br>>>We found Audit Serve, Inc., run by Mitchell H. Levine, by<br>>>searching<br>>>for "Penetration Testing" on Google. Audit Serve, Inc. offers, IS
<br>>>Auditing, Integrated Auditing, Sarbanes-Oxley Implementation<br>>>Services,<br>>>Sarbanes-Oxley Ongoing Compliance Services, PCI, Security<br>>>andInternet<br>>>Vulnerability Assessment & Penetration Testing
Services.Our first<br>>>impression of Audit Serve, Inc. was that they were a "rubber<br>>stamp<br>><br>>>of<br>>>approval" shop that offers services that will do nothing to truly<br>>>raise
<br>>>your proverbial security bar but will let you fill in your<br>>>security<br>>>checklist. This impression was made so quickly because of the<br>>>$495.00<br>>>price quote on their main page. It reads "Internet Vulnerability
<br>>>Assessment & Penetration Testing starting at $495". (Just as an<br>>>FYI, it<br>>>is impossible to perform any human driven professional security<br>>>services for that price. The cost of talent is simply too
<br>>>high.)When<br>>>digging into their services we quickly realize that our initial<br>>>impression of Audit Serve was accurate. They are in fact a<br>>"rubber<br>>>stamp of approval" shop. Their security service deliverables
<br>>>appear to<br>>>be the product of automated scanners (QualysGuard) and not the<br>>>product<br>>>of human talent. This also coincides with them being able to<br>>>offer "Internet Vulnerability Assessment & Penetration Testing"
<br>>>services starting at $495, as no human element is incorporated<br>>>into the<br>>>deliverable based on what we saw.If you do not care about the<br>>>security<br>>>of your IT Infrastructure, and only want to get the "rubber stamp
<br>>>of<br>>>approval" then Audit Serve, Inc. is your one stop shop. If on the<br>>>other<br>>>hand you do care about the security of your IT infrastructure,<br>>>then<br>>>we'd suggest finding a different
provider.Grade Note:We're giving<br>>>Audit<br>>>Serve an F- for two reasons. The first reason is that they appear<br>>>to be<br>>>in the Information Security business to make a buck by providing
<br>>>people<br>>>with the "rubber stamp of approval". In doing so they are<br>>actually<br>>>doing a disservice to the IT community, and the IT Security<br>>>Community.<br>>>The second reason why we are giving them an F- is because their
<br>>>security services appear to use no human element and rely<br>>strictly<br>><br>>>on<br>>>automated scanning (QualysGuard). If you feel that this grade is<br>>>too<br>>>harsh, let us know.
<br>>><br>>>--<br>>>Posted By secreview to Professional IT Security Providers -<br>>>Exposed at<br>>>12/17/2007 10:28:00 AM<br>Regards,<br> The Secreview Team<br> <a href="http://secreview.blogspot.com" target="_blank">
http://secreview.blogspot.com</a><br> Professional IT Security Service Providers - Exposed<br><font color="#888888"><br>--<br>Remove unsightly stains with high quality carpet cleaning. Click now!<br><a href="http://tagline.hushmail.com/fc/Ioyw6h4dY5DNELqoccKb12Rno3eu1RZZK7yiDLfbhc6Zy85DlxhPQU/" target="_blank">
http://tagline.hushmail.com/fc/Ioyw6h4dY5DNELqoccKb12Rno3eu1RZZK7yiDLfbhc6Zy85DlxhPQU/</a><br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br><br></font></blockquote></div><br>