What's the going rate for counter-intrusion services?

[Magicthyse]

A new client has a problem - a sneaky little hacker that we've observed. It's probably not a pro since the attempts look as though they're coming from established 'hacking' tools. However we've only seen the tip of the iceberg as far as logs and research goes, so not sure yet.

I've got in a couple of guys who're very experienced in this sort of thing, and I've also some experience in this area. The thing is, my IT company has to date never been called upon to offer these services.

I don't owe the new client any favours and I know that most of the work is time/resource-consuming, eye-straining poring over logs, or checking the results of automated searches. So I'm keen to charge this service out at fair market rates.

So what is a fair rate for a counter-intrusion service if it were to be offered on a contract, per-day basis? Anyone shed any light on this?

 

[GermyBoy]

It really depends on the system. Gateway does theirs for $199, and it's crap from my experience. My job got that done on their server over the summer and I was bothering the guys after they were done in 60 minutes asking them what they did exactly. They just port scanned the server to make sure that they couldn't remotely log in through any of the ports. So goofy and so cheesy if you ask me.

If your hacker friend can't find an open port, your hacker friend cannot attack you.

I'm no expert though, so let us see what the others have to come up with.

 

[Soybomb]

Its kinda like paying musical talent for a party, it depends on how good they are. The better they are, the more you'll pay. I'd guess starting out something like $200 a day maybe and then up from there with skill/experience.

 

[Magicthyse]

Well... I know that most of what is commonly termed 'counter-intrusion services' is a joke. We're not talking about port scanning.

The team consists of me, two freelance security guys that I've taken on on trial after an extensive test of their abilities, two of my brightest general techs who I'm training to become familiar with this service, a "tech lawyer" who's a research demon and a "trial lawyer" with links to law firms in the US, UK, Western and Eastern Europe.

We're talking about identifying the method of attack, hardening the server against it and other possible attacks, identifying the attacker, shutting them down by legal means, and seeking restitution - an 'end to end' service. Bearing in mind that the server may be under a spoofed DDOS attack as well as other probes, it's obviously going to take a while to pin down who's responsible. Those are the kind of services I'm talking about.

Skill level? I think compared to the vast majority of this industry sector the team I've assembled for this project is pretty good - I've got the common sense / good base tech / old fart+old hand IP+WAN skills, two young security guys with extremely good skills, two good techs who can gopher and learn at the same time, and two excellent lawyers in their respective fields.

The lawyers are of course charged on a different scale and they come in at the very end of the process after we've positively identified the attacker. I still have no clear idea of what to charge for the tech stage.

Anyone?

 

[Shaftatplanetquake]

Figure out what it costs you and tripple it.

 

[StageLeft]

If it's a really big deal it's free. www.fbi.gov 😉

 

[vi edit]

Drop this post in the networking forum. There's some guys there that probably do this stuff for a living and can give you a better idea.

 

[Magicthyse]

Thanks Vi. I'll do that.