Stealth penetration testing (PEN testing) is a vital method for enabling companies to determine how vulnerable their networks are to real world threats by displaying how well their existing security procedures and technologies hold up against authorized but unannounced exploits by veteran cyber security experts using advanced hacking tools and techniques. Progent can provide one-time penetration testing or ongoing penetration testing delivered as a managed service.
Progent's cyber security consultants can safely perform in-depth penetration testing without alerting internal IT staff. Stealth penetration testing reveals whether existing security monitoring tools and procedures such as intrusion detection alerts and event log monitoring are properly configured and regularly monitored.
Penetration testing can include any or all of the following areas:
- Run a series of port scanning tools to spot open network connection vectors and to identify and profile a customer's network infrastructure and general security level.
- Run a combination of exploit recognition utilities that test all open access vectors against an extensive database of known security gaps caused by servers that are not up to date on patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluate wireless network security by attempting on-site access from publicly available places including parking lots, stairways, restrooms, and physically attached spaces. Identification of security methods utilized by wireless networks and executing familiar exploit utilities to gain access.
- Attempt to understand remote connectivity capabilities of the network and perform exploit and brute force techniques to gain access through remote access gaps.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Perform brute force account and password attacks using a database of over 40 million possible passwords.
- For servers and devices successfully penetrated, Progent cybersecurity experts will manually use assorted hacker tricks to extend such exploit vectors to develop a picture of the complete network ecosystem and determine how many internal systems can be penetrated and exploited. This type of security testing can expose the real scope of the exposure of a network.
- Understand internal and external network addressing set up through email beaconing techniques.
- Launch a variety of DoS attacks, coordinated with top network management to determineif it is possible to halt or obstruct network operation. Once proof of impact is recognized, such testing can be instantly ceased to avoid seriously impacting operations.
- Carry out PBX phone system remote access and voice mail security testing.
- Implement continuous automatic PEN testing to discover and fingerprint your internal and external attack surface and to determine ways that vulnerabilities, unsafe configurations, stolen credentials, uninstalled patches, and dangerous product defaults can be chained together by hackers into the multi-front attacks common to modern versions of ransomware.
Progent experts can utilize social engineering methods and public data to attempt customized password penetration testing using information such as the names of an employee's family members, birth date, home address, and phone number. Progent team members can commonly find this information through Internet search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail listings, public filings, marketing collateral and press releases, web sites, and office receptionists.
Progent will provide a complete report of techniques utilized and vulnerabilities exposed during stealth PEN testing, along with a comprehensive list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of your in-place security protection, set up, tools, and work flows and assist your business to design and deploy a solid security solution.
ProSight Flat-rate Managed Services for Information Assurance
Progent's value-priced ProSight line of network management outsourcing services is intended to provide small and mid-size businesses with enterprise-class support and state-of-the-art technology for all aspects of information assurance and compliance. Managed services available from Progent include:
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection service that utilizes SentinelOne's next generation behavior machine learning tools to defend endpoint devices and servers and VMs against new malware attacks such as ransomware and file-less exploits, which routinely get by legacy signature-matching AV products. ProSight Active Security Monitoring protects on-premises and cloud resources and offers a single platform to address the complete malware attack progression including blocking, identification, mitigation, cleanup, and forensics. Key capabilities include one-click rollback with Windows Volume Shadow Copy Service and automatic network-wide immunization against new threats. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware defense with SentinelOne technology.
- ProSight Enhanced Security Protection: Unified Physical and Virtual Endpoint Security
Progent's ProSight Enhanced Security Protection managed services offer economical multi-layer security for physical servers and virtual machines, desktops, smartphones, and Exchange email. ProSight ESP uses adaptive security and advanced machine learning for round-the-clock monitoring and reacting to cyber assaults from all vectors. ProSight ESP provides firewall protection, penetration alerts, device management, and web filtering via leading-edge technologies incorporated within one agent managed from a single control. Progent's security and virtualization experts can assist you to design and implement a ProSight ESP environment that addresses your company's specific requirements and that helps you prove compliance with government and industry data protection regulations. Progent will assist you specify and implement policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that require urgent action. Progent can also help your company to install and verify a backup and restore system such as ProSight Data Protection Services (DPS) so you can get back in business rapidly from a destructive cyber attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint protection and Exchange filtering.
- ProSight Data Protection Services: Managed Backup
Progent has partnered with advanced backup/restore technology companies to produce ProSight Data Protection Services (DPS), a portfolio of subscription-based offerings that deliver backup-as-a-service (BaaS). All ProSight DPS products automate and monitor your backup processes and allow non-disruptive backup and rapid recovery of vital files, apps, system images, plus virtual machines. ProSight DPS lets your business protect against data loss resulting from hardware breakdown, natural calamities, fire, cyber attacks like ransomware, human error, ill-intentioned employees, or application glitches. Managed services in the ProSight DPS portfolio include ProSight Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro Office 365 Backup), ProSight ECHO Backup based on Barracuda purpose-built storage, and ProSight DPS MSP360 Cloud and On-prem Backup. Your Progent consultant can assist you to determine which of these managed backup services are most appropriate for your network.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Email Encryption
ProSight Email Guard is Progent's email filtering and encryption solution that incorporates the technology of top data security companies to provide web-based management and world-class protection for your inbound and outbound email. The hybrid architecture of Email Guard managed service integrates a Cloud Protection Layer with an on-premises security gateway device to provide advanced protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. The cloud filter acts as a first line of defense and blocks most threats from making it to your security perimeter. This decreases your vulnerability to external attacks and saves system bandwidth and storage space. Email Guard's onsite security gateway device adds a deeper level of analysis for incoming email. For outgoing email, the local security gateway provides AV and anti-spam protection, DLP, and encryption. The local security gateway can also assist Microsoft Exchange Server to monitor and protect internal email that stays inside your corporate firewall. Learn more about Progent's ProSight Email Guard spam filtering, virus blocking, email content filtering and data loss protection.
- ProSight WAN Watch: Infrastructure Management
ProSight WAN Watch is a network infrastructure monitoring and management service that makes it simple and affordable for small and mid-sized organizations to map out, monitor, optimize and troubleshoot their networking appliances such as routers, firewalls, and load balancers as well as servers, printers, client computers and other devices. Incorporating state-of-the-art RMM technology, ProSight WAN Watch ensures that network diagrams are always current, copies and displays the configuration information of almost all devices on your network, monitors performance, and sends notices when problems are detected. By automating tedious network management processes, WAN Watch can knock hours off ordinary chores such as making network diagrams, reconfiguring your network, locating appliances that need important software patches, or identifying the cause of performance problems. Find out more details about ProSight WAN Watch infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring
ProSight LAN Watch is Progent's server and desktop monitoring managed service that uses state-of-the-art remote monitoring and management (RMM) technology to help keep your network operating at peak levels by tracking the state of vital assets that power your business network. When ProSight LAN Watch uncovers a problem, an alarm is sent automatically to your designated IT management personnel and your assigned Progent engineering consultant so that all potential problems can be addressed before they have a chance to impact your network Learn more details about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With ProSight Virtual Hosting service, a small or mid-size business can have its critical servers and apps hosted in a secure Tier III data center on a high-performance virtual host configured and maintained by Progent's network support experts. With the ProSight Virtual Hosting model, the client retains ownership of the data, the OS software, and the applications. Since the system is virtualized, it can be ported immediately to an alternate hardware environment without a time-consuming and technically risky reinstallation procedure. With ProSight Virtual Hosting, your business is not locked into one hosting provider. Find out more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, update, find and safeguard information related to your IT infrastructure, processes, applications, and services. You can quickly find passwords or IP addresses and be alerted automatically about impending expirations of SSLs or warranties. By cleaning up and organizing your IT infrastructure documentation, you can eliminate as much as half of time thrown away looking for vital information about your network. ProSight IT Asset Management includes a centralized location for storing and collaborating on all documents required for managing your network infrastructure like standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also supports advanced automation for collecting and relating IT data. Whether you're planning enhancements, doing maintenance, or responding to an emergency, ProSight IT Asset Management gets you the knowledge you need as soon as you need it. Find out more about ProSight IT Asset Management service.
- Progent's Patch Management: Patch Management Services
Progent's support services for patch management provide businesses of all sizes a flexible and cost-effective solution for assessing, testing, scheduling, implementing, and tracking software and firmware updates to your dynamic information network. Besides optimizing the protection and reliability of your IT environment, Progent's software/firmware update management services free up time for your in-house IT team to focus on more strategic initiatives and activities that deliver maximum business value from your information network. Learn more about Progent's patch management services.
- ProSight Duo Multi-Factor Authentication: Identity Validation, Endpoint Remediation, and Protected Single Sign-on
Progent's Duo MFA services incorporate Cisco's Duo cloud technology to protect against stolen passwords by using two-factor authentication. Duo enables one-tap identity verification on iOS, Android, and other personal devices. With 2FA, when you log into a secured application and enter your password you are requested to verify your identity via a device that only you have and that is accessed using a separate network channel. A broad range of out-of-band devices can be utilized as this second form of authentication including an iPhone or Android or wearable, a hardware token, a landline phone, etc. You can designate several verification devices. For more information about ProSight Duo two-factor identity validation services, visit Duo MFA two-factor authentication services.
ProSight Network Audits
Progent's ProSight Network Audits are a fast and affordable way for small and mid-size businesses to get an unbiased evaluation of the overall health of their IT system. Powered by some of the top remote monitoring and management (RMM) platforms available, and supervised by Progent's certified group of IT professionals, ProSight Network Audits help you see how well the configuration of your essential infrastructure devices adhere to industry leading practices. Both the Basic and Advanced options for ProSight Network Audit services are offered at a budget-friendly, one-time cost and provide instant benefits such as a more manageable Active Directory system. Both versions also come with one year of state-of-the-art remote network monitoring and management. Advantages can include easier network management, better compliance with government and industry security regulations, more efficient utilization of IT resources, faster troubleshooting, more dependable backup and restore, and less downtime. Read more information about ProSight Network Audits IT infrastructure review.
The ProSight Ransomware Preparedness Report
Progent's ProSight Ransomware Preparedness Report is an affordable service centered on a brief discussion with a Progent information assurance consultant. The interview is intended to help assess your organization's ability either to stop or recover rapidly after an assault by a ransomware variant such as Ryuk, WannaCry, MongoLock, or Hermes. Progent will consult with you directly to gather information about your current AV defense and backup platform, and Progent will then produce a custom Basic Security and Best Practices Report detailing how you can apply industry best practices to create an efficient AV and backup/recovery system that meets your business requirements. For details, visit The ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
If you need computer security expertise, call Progent at 800-993-9400 or see Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to guide you to take the urgent first phase in responding to a ransomware assault by putting out the fire. Progent's online ransomware engineer can help you to locate and isolate breached servers and endpoints and protect undamaged resources from being penetrated. If your network has been breached by any strain of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For details, see Progent's Ransomware 24x7 Hot Line.