Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.

Progentís security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.

Penetration testing can encompass any or all of the following areas:

  • Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
  • Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
  • Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
  • Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
  • Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
  • Performing brute force account and password attacks using a database of over 40 million possible passwords
  • For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
  • Determination of internal and external network addressing configuration through email beaconing techniques
  • Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
  • Perform PBX remote access and voice mail security testing
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.

Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employeesí family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.

Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.

Progent's Low-Cost Managed Services for Information Assurance
Progent's low-cost ProSight family of outsourced network management services is designed to provide small and mid-size businesses with enterprise-class support and state-of-the-art technology for all aspects of information assurance and compliance. ProSight managed services available from Progent include:

  • ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Email Encryption
    ProSight Email Guard is Progent's email filtering and encryption platform that uses the services and infrastructure of top information security companies to deliver web-based control and world-class protection for all your inbound and outbound email. The powerful structure of Email Guard combines a Cloud Protection Layer with a local security gateway device to offer advanced protection against spam, viruses, Dos Attacks, DHAs, and other email-based malware. Email Guard's cloud filter serves as a first line of defense and blocks most unwanted email from reaching your security perimeter. This decreases your exposure to inbound threats and conserves network bandwidth and storage space. Email Guard's onsite gateway device adds a further layer of analysis for incoming email. For outbound email, the local security gateway offers AV and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The onsite gateway can also assist Microsoft Exchange Server to track and protect internal email that originates and ends inside your corporate firewall. Find out more about Progent's ProSight Email Guard spam filtering, virus blocking, email content filtering and data leakage protection.

  • ProSight Active Security Monitoring: Endpoint Protection and Ransomware Recovery
    Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that utilizes cutting edge behavior-based analysis tools to defend endpoint devices as well as servers and VMs against new malware assaults such as ransomware and file-less exploits, which easily get by traditional signature-matching anti-virus tools. ProSight ASM protects local and cloud resources and offers a unified platform to manage the entire threat progression including protection, detection, containment, remediation, and forensics. Key features include single-click rollback with Windows VSS and automatic system-wide immunization against newly discovered threats. Learn more about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware recovery.

  • ProSight DPS: Managed Backup and Recovery
    ProSight Data Protection Services provide small and medium-sized businesses a low cost end-to-end solution for reliable backup/disaster recovery (BDR). For a fixed monthly rate, ProSight DPS automates your backup activities and enables fast recovery of vital data, apps and virtual machines that have become unavailable or damaged due to component failures, software glitches, disasters, human error, or malicious attacks such as ransomware. ProSight DPS can help you protect, retrieve and restore files, folders, applications, system images, plus Hyper-V and VMware images. Critical data can be protected on the cloud, to an on-promises device, or to both. Progent's backup and recovery specialists can deliver world-class expertise to set up ProSight Data Protection Services to be compliant with government and industry regulatory requirements such as HIPPA, FINRA, and PCI and, when necessary, can help you to recover your business-critical information. Learn more about ProSight DPS managed cloud backup.

  • ProSight WAN Watch: Infrastructure Management
    ProSight WAN Watch is a network infrastructure monitoring and management service that makes it simple and affordable for smaller businesses to map, monitor, optimize and debug their networking hardware like routers and switches, firewalls, and load balancers plus servers, client computers and other networked devices. Using state-of-the-art Remote Monitoring and Management (RMM) technology, WAN Watch ensures that network diagrams are kept updated, copies and manages the configuration information of virtually all devices on your network, tracks performance, and generates notices when potential issues are detected. By automating time-consuming management and troubleshooting processes, ProSight WAN Watch can cut hours off ordinary tasks like making network diagrams, reconfiguring your network, locating appliances that require important updates, or resolving performance issues. Find out more about ProSight WAN Watch infrastructure management services.

  • ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
    ProSight LAN Watch is Progentís server and desktop monitoring managed service that incorporates advanced remote monitoring and management technology to help keep your IT system operating efficiently by tracking the health of vital assets that power your business network. When ProSight LAN Watch uncovers a problem, an alert is sent immediately to your designated IT personnel and your Progent consultant so all potential issues can be addressed before they have a chance to disrupt productivity Learn more about ProSight LAN Watch server and desktop remote monitoring services.

  • ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
    With Progent's ProSight Virtual Hosting service, a small or mid-size business can have its key servers and apps hosted in a protected fault tolerant data center on a high-performance virtual host configured and maintained by Progent's IT support professionals. With the ProSight Virtual Hosting model, the client owns the data, the operating system platforms, and the applications. Since the system is virtualized, it can be ported immediately to a different hardware solution without requiring a time-consuming and technically risky reinstallation procedure. With ProSight Virtual Hosting, you are not tied one hosting provider. Learn more details about ProSight Virtual Hosting services.
Contact Progent for Penetration Testing Consulting
If you want security expertise, call Progent at 800-993-9400 or see Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.

More topics of interest: