Stealth penetration testing (PEN testing) is a vital means of allowing companies to learn how exposed their networks are to real world threats by displaying how well their corporate security procedures and technologies hold up against intentional but unannounced attacks by veteran cyber security specialists utilizing advanced hacking techniques. Progent offers one-time PEN testing or continual penetration testing delivered as a remote management service.
Progent's cyber security consultants can safely carry out thorough penetration testing without warning internal IT staff. So-called Stealth PEN testing uncovers whether your current security monitoring mechanisms and processes such as intrusion alerts and event log monitoring are correctly configured and actively monitored.
Stealth PEN testing can include any or all of these areas:
- Use a string of port scanning tools to spot open network access vectors and to identify and characterize a client's network infrastructure and overall security posture.
- Deploy a string of threat recognition tools that examine all open connection vectors against a large database of known security gaps caused by servers that are not up to date on security patches, outdated firmware/software, poorly configured servers and infrastructure devices, and out-of-the-box or obvious passwords.
- Assess wireless network security by trying to gain on-site access from publicly accessible spots including parking lots, hallways, restrooms, and physically attached spaces. Understanding of security methods used by WiFi infrastructure and running familiar exploit tools to get access.
- Attempt to determine remote access capabilities of the network and use exploit and brute force attack methods to get access through remote access gaps.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Perform brute force account and password attacks using a database of more than 40 million common passwords.
- For servers and devices penetrated, Progent cybersecurity professionals will manually use various hacker techniques to broaden identified vectors to develop a picture of the complete network environment and determine how many internal systems can be accessed and exploited. This type of security testing can expose the actual scope of the exposure of a network.
- Understand internal and external network addressing set up via email beaconing techniques.
- Perform a variety of Denial of Service attacks, coordinated with senior network management to seeif it is possible to stop or hinder network operation. After evidence of impact is recognized, such activity can be immediately ceased to avoid seriously affecting business productivity.
- Carry out PBX remote access and voice mail security testing.
- Provide continuous autonomous PEN testing to define your internal/external attack surface and to identify ways that vulnerabilities, unsafe configurations, compromised credentials, skipped patches, and unsound product defaults can be combined by threat actors into the multi-front attacks typical of the latest variants of ransomware.
Progent consultants can utilize social engineering techniques and public information to attempt personalized password penetration testing based on information such as the names of an employee's family members, date of birth, home address, and phone number. Progent team members can commonly uncover this data via Internet search and readily available public records. Progent can uncover employee names/email addresses through publicly available data on the Internet, from PBX voice mail directories, public filings, marketing materials and press releases, web sites, and receptionists.
Progent will generate a full report of techniques utilized and vulnerabilities exposed during stealth PEN testing, along with a comprehensive list of suggested fixes. Progent can then work with internal IT staff to carry out an audit and evaluation of your in-place security defense, configuration, utilities, and work flows and help your business to develop and deploy a comprehensive security solution.
ProSight Flat-rate Managed Services for Information Assurance
Progent's affordable ProSight portfolio of network monitoring and management services is designed to provide small and mid-size organizations with enterprise-class support and cutting-edge technology for all facets of information assurance. Managed services available from Progent include:
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Defense
Progent's ProSight Active Security Monitoring is an endpoint protection solution that utilizes SentinelOne's next generation behavior machine learning tools to defend endpoint devices as well as physical and virtual servers against new malware attacks like ransomware and file-less exploits, which routinely evade traditional signature-matching AV products. ProSight Active Security Monitoring safeguards on-premises and cloud resources and offers a unified platform to manage the entire threat lifecycle including blocking, detection, containment, remediation, and forensics. Top features include one-click rollback with Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against newly discovered threats. Progent is a SentinelOne Partner, reseller, and integrator. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense with SentinelOne technology.
- ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
Progent's ProSight Enhanced Security Protection (ESP) managed services offer affordable in-depth security for physical servers and VMs, workstations, smartphones, and Exchange email. ProSight ESP uses adaptive security and advanced machine learning for round-the-clock monitoring and reacting to security assaults from all vectors. ProSight ESP offers firewall protection, intrusion alerts, endpoint management, and web filtering through cutting-edge tools incorporated within a single agent accessible from a unified control. Progent's security and virtualization experts can assist you to design and implement a ProSight ESP environment that meets your organization's unique requirements and that allows you achieve and demonstrate compliance with legal and industry data protection standards. Progent will assist you specify and implement policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require immediate attention. Progent can also assist you to install and test a backup and disaster recovery solution such as ProSight Data Protection Services (DPS) so you can recover quickly from a destructive security attack like ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint protection and Exchange filtering.
- ProSight DPS: Managed Backup
Progent has partnered with leading backup/restore technology companies to create ProSight Data Protection Services (DPS), a selection of subscription-based management offerings that deliver backup-as-a-service. All ProSight DPS products automate and track your backup operations and allow non-disruptive backup and rapid recovery of important files/folders, applications, images, plus Hyper-V and VMware virtual machines. ProSight DPS lets your business recover from data loss caused by hardware failures, natural calamities, fire, cyber attacks such as ransomware, human mistakes, ill-intentioned insiders, or software glitches. Managed services available in the ProSight DPS family include ProSight Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro Office 365 Backup), ProSight ECHO Backup based on Barracuda purpose-built hardware, and ProSight MSP360 Cloud and On-prem Backup. Your Progent consultant can help you to determine which of these managed backup services are most appropriate for your IT environment.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security platform that incorporates the technology of leading information security vendors to deliver web-based control and world-class protection for your inbound and outbound email. The hybrid architecture of Email Guard managed service integrates a Cloud Protection Layer with an on-premises gateway appliance to provide complete defense against spam, viruses, Dos Attacks, Directory Harvest Attacks, and other email-based malware. The Cloud Protection Layer acts as a first line of defense and keeps most threats from making it to your security perimeter. This reduces your exposure to external threats and conserves network bandwidth and storage. Email Guard's onsite gateway device adds a further level of analysis for incoming email. For outgoing email, the onsite gateway offers anti-virus and anti-spam protection, DLP, and email encryption. The on-premises gateway can also help Microsoft Exchange Server to monitor and safeguard internal email that originates and ends inside your security perimeter. Find out more about Progent's ProSight Email Guard spam filtering, virus blocking, email content filtering and data loss prevention.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
ProSight WAN Watch is a network infrastructure management service that makes it easy and affordable for small and mid-sized organizations to map, track, optimize and debug their networking appliances such as routers and switches, firewalls, and access points plus servers, printers, client computers and other devices. Using state-of-the-art Remote Monitoring and Management (RMM) technology, ProSight WAN Watch makes sure that infrastructure topology diagrams are always updated, copies and displays the configuration of virtually all devices on your network, monitors performance, and sends alerts when issues are detected. By automating tedious management activities, ProSight WAN Watch can cut hours off ordinary chores such as making network diagrams, expanding your network, locating appliances that need important software patches, or isolating performance bottlenecks. Learn more details about ProSight WAN Watch infrastructure management services.
- ProSight LAN Watch: Server and Desktop Monitoring and Management
ProSight LAN Watch is Progent's server and desktop monitoring service that incorporates advanced remote monitoring and management (RMM) techniques to keep your network operating efficiently by checking the state of vital computers that power your information system. When ProSight LAN Watch uncovers a problem, an alarm is transmitted automatically to your designated IT staff and your Progent consultant so any potential problems can be resolved before they can impact productivity Learn more about ProSight LAN Watch server and desktop monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small business can have its critical servers and applications hosted in a protected Tier III data center on a fast virtual machine host configured and managed by Progent's IT support experts. With the ProSight Virtual Hosting service model, the client owns the data, the operating system platforms, and the apps. Since the environment is virtualized, it can be ported easily to a different hardware solution without requiring a time-consuming and technically risky reinstallation process. With ProSight Virtual Hosting, you are not locked into a single hosting service. Find out more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to capture, update, retrieve and safeguard information about your network infrastructure, procedures, applications, and services. You can quickly find passwords or serial numbers and be warned automatically about impending expirations of SSL certificates ,domains or warranties. By cleaning up and managing your network documentation, you can eliminate up to half of time wasted trying to find vital information about your IT network. ProSight IT Asset Management includes a centralized location for storing and sharing all documents required for managing your network infrastructure such as standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also supports advanced automation for collecting and relating IT data. Whether you're making improvements, doing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the data you require when you need it. Find out more details about Progent's ProSight IT Asset Management service.
- Patch Management: Patch Management Services
Progent's support services for software and firmware patch management offer businesses of any size a flexible and affordable alternative for assessing, testing, scheduling, implementing, and documenting software and firmware updates to your ever-evolving IT system. In addition to maximizing the protection and functionality of your IT network, Progent's patch management services free up time for your IT staff to focus on line-of-business projects and tasks that derive the highest business value from your information network. Find out more about Progent's patch management services.
- ProSight Duo Two-Factor Authentication: Access Security, Endpoint Remediation, and Secure Single Sign-on (SSO)
Progent's Duo authentication managed services incorporate Cisco's Duo technology to defend against stolen passwords by using two-factor authentication. Duo enables single-tap identity confirmation with Apple iOS, Google Android, and other personal devices. Using Duo 2FA, whenever you log into a protected application and give your password you are asked to confirm who you are via a device that only you possess and that uses a different network channel. A wide range of devices can be used as this added means of authentication such as an iPhone or Android or watch, a hardware token, a landline telephone, etc. You can designate several validation devices. For more information about ProSight Duo two-factor identity validation services, visit Cisco Duo MFA two-factor authentication services.
ProSight Network Audits
Progent's ProSight Network Audits are a quick and low-cost alternative for small and mid-size organizations to get an objective assessment of the overall health of their IT system. Powered by some of the top remote monitoring and management tools in the industry, and supervised by Progent's world-class team of IT experts, ProSight Network Audits show you how closely the configuration of your essential infrastructure devices conform to best practices. The Basic and Advanced versions of ProSight Network Audit services are available at a budget-friendly, one-time cost and deliver instant ROI like a more manageable Active Directory system. Both also include one year of state-of-the-art remote network monitoring and management. Advantages can include easier management, better compliance with information security standards, higher utilization of network assets, quicker problem resolution, more reliable backup and restore, and higher availability. See more information about Progent's ProSight Network Audits IT infrastructure assessment.
The ProSight Ransomware Preparedness Report
Progent's ProSight Ransomware Preparedness Report service is an affordable service based on a brief interview with a Progent backup/recovery consultant. The fact-finding interview is intended to evaluate your organization's preparedness either to block or recover quickly after an attack by a ransomware variant like Ryuk, WannaCry, NotPetya, or Locky. Progent will work with you directly to collect information concerning your current security profile and backup/recovery platform, and Progent will then produce a custom Basic Security and Best Practices Report detailing how you can follow best practices to deploy a cost-effective security and backup environment that meets your company's requirements. For additional information, see The ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
If you're looking for security expertise, phone Progent at 800-993-9400 or refer to Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to assist you to take the time-critical first steps in responding to a ransomware assault by stopping the bleeding. Progent's online ransomware engineer can assist you to locate and isolate breached devices and protect undamaged resources from being penetrated. If your network has been breached by any version of ransomware, act fast. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, visit Progent's Ransomware 24x7 Hot Line.