Dan, I think you are functionally looking for two different companies. I have used Accuvant to do general network security audits as well as focused vulnerability assessments in the past and have been very happy with them. Their level of understanding about the internet threat space is very comprehensive and their work is thorough, but companies versed in doing vulnerability assessments against the normal sorts of threats will not be accustomed to the types of threats an ITSP faces. On the voip side the market is much more slim since very few understand the implications of carrier scale voip on a network, or the regulatory requirements that come with this space etc. My personal recommendation on the voip side would be for ECG, Mark Lindsey over there has a firm grasp of many of the security problems facing a telecom provider these days. I've spent far too much time in recent months dealing with these sorts of topics, so please feel free to ask if you have other questions. -Ryan On 03/05/2013 08:54 AM, Dan White wrote:
I have been asked by management to find options to bring in an external auditing company to evaluate our network and provide appropriate recommendations.
We are a small telecommunications company looking for firms with experience in Voice (VoIP) security audits, as well as general security experience appropriate for a Broadband ISP, with an internal corporate network.
We're located in the southern US (Oklahoma).
Public and private recommendations are welcomed.
Thank You,