We lost a lot of money on that engagement. :) We went waaay over margin. So we started thinking how can we automate this and make it a repeatable process that customers can run on an on-demand and on-going basis. Security is who we are and in our blood. We we started coding...
And here we are.
So there are two sides:
1. Web based spear phishing engine that sends out "malicious" emails with all kinds of different options (e.g. malicious attachments, links to malicious web sites, 'your pass expired, enter it here!' sites, etc.) We track who clicked on what, who has out of date Acrobat, Flash, Java, etc.
2. Bottom line is that phishers will ALWAYS get people to click on something. No matter what. And the attacker only needs 1 person to do it. Just 1. So let's assume that we're going to eventually get in. We have an on-demand executable that mimics attacker malware complete with ninja-sneaky network tricks that phones home fake credit card numbers, .rar files, all kinds of cool network trickery.
All of the above is run by the end user and presented in a nice web UI so a security guy/gal can make intelligent decisions on where their security is good and where it sucks.
We're super excited about our new service and we hope everyone else is too. Would love to hear more feedback.
Perhaps you could tell us an average price (or median, which would be lower), or even just an example of a price someone paid.
If I can't tell what this is going to cost me to within a factor of 10, then I probably can't afford it. Based on what I see here, the entry level cost might be as cheap as $100, or as expensive as $50,000.
If you put some of this information on your website, you could get some of the prequalification done for free.