SawPer -
I totally agree with you. I know alot of companies that seriously blow smoke up your ass and wait for the checks. However with that being said your company did hire them for a reason. I am not sure who or what you work for but if you need to be security audited (certain banks must do this every 6 months) then bring in your network and security people in on the consultations and check to see if the vulnerability they are claiming are infact vulnerabilities.
We have had companies come into our organization and have talked bad about the network. I took offence to this as I am the Network Administrator. Luckily the boss had friends who owned some tech companies and they brought them in under a bias opinion and they only found that it would be good to disable the USB drives on all the computers (we cant do this of course because of the printers hooking up through USB). I had already set up an alternative that there can be no hardware changes (memory sticks and such) to the computer.
Either way I wish you the best of luck.
- MilitantEidolon
