Stealth penetration testing (PEN testing) is a crucial method for allowing companies to find out how vulnerable their networks are to cyber threats by showing how successfully their current security processes withstand intentional but unannounced attacks by veteran security experts using the latest hacking tools and techniques. Progent offers on-demand penetration testing or continual PEN testing performed as a remote management service.
Progent's network security consultants can safely carry out extensive penetration testing without warning internal IT staff. So-called Stealth PEN testing uncovers whether existing security management mechanisms and procedures such as intrusion alerts and event log monitoring are properly set up and regularly managed.
Stealth PEN testing can encompass any or all of the following areas:
- Run a string of port scanning tools to spot open network connection vectors and to identify and characterize a customer's network environment and overall security level.
- Deploy a series of threat identification tools that examine all open connection vectors against a large database of known vulnerabilities resulting from servers that are not up to date on patches, out of date firmware/software, misconfigured servers and infrastructure devices, and default or common installation passwords.
- Assess WiFi network security by attempting on-site access from publicly available locations such as parking lots, hallways, bathrooms, and physically attached areas. Identification of security techniques utilized by WiFi networks and executing familiar exploit utilities to get access to the network.
- Try to determine remote connectivity features of the network and use exploit and brute force techniques to get access via remote access gaps.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Perform brute force account and password attacks using a database of more than 40 million common passwords.
- For resources penetrated, Progent cybersecurity experts will manually use various hacker tricks to expand identified vectors to develop a picture of the complete network environment and see how many internal systems can be penetrated and exploited. This type of PEN testing can expose the real extent of the vulnerability of a network.
- Understand internal and external network addressing configuration via email beaconing techniques.
- Perform a variety of Denial of Service attacks, in concert with senior network management to determinewhether it is possible to halt or hinder network productivity. After evidence of impact is recognized, such testing can be instantly ceased to avoid seriously affecting business productivity.
- Carry out PBX phone system remote access and voice mail security assessment.
- Implement ongoing automatic PEN testing to map your internal and external attack surface and to identify ways that vulnerabilities, unsafe configurations, harvested credentials, overlooked patches, and ill-advised product defaults can be chained together by threat actors into the multi-vector attacks typical of modern versions of ransomware.
Progent experts can use social engineering techniques and public information to attempt customized password PEN testing based on information such as the names of an employee's family members, birth date, residential address, and phone number. Progent team members can commonly find this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly available information on the Internet, from PBX voice mail listings, public records filings, marketing collateral and press releases, web sites, and office receptionists.
Progent will provide a complete report of techniques used and vulnerabilities uncovered during stealth penetration testing, along with a comprehensive list of recommended remediation steps. Progent can then work with internal IT team members to carry out an audit and assessment of your in-place security protection, configuration, tools, and work flows and help your company to develop and implement a comprehensive cyber security solution.
ProSight Flat-rate Managed Services for Information Assurance
Progent's value-priced ProSight suite of managed services is designed to provide small and mid-size organizations with enterprise-class support and cutting-edge technology for all facets of information assurance and compliance. Managed services available from Progent include:
- ProSight Active Security Monitoring (ASM): Next Generation Endpoint Protection and Ransomware Recovery
ProSight Active Security Monitoring is an endpoint protection (EPP) service that incorporates SentinelOne's next generation behavior-based analysis tools to defend endpoint devices and physical and virtual servers against new malware attacks like ransomware and email phishing, which easily get by legacy signature-based anti-virus products. ProSight ASM safeguards on-premises and cloud resources and offers a single platform to automate the complete malware attack progression including protection, infiltration detection, mitigation, cleanup, and forensics. Top capabilities include one-click rollback using Windows Volume Shadow Copy Service and real-time network-wide immunization against new threats. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense with SentinelOne technology.
- ProSight Enhanced Security Protection: Unified Physical and Virtual Endpoint Security
ProSight Enhanced Security Protection services deliver ultra-affordable multi-layer protection for physical servers and virtual machines, desktops, mobile devices, and Exchange email. ProSight ESP utilizes adaptive security and advanced machine learning for continuously monitoring and responding to security threats from all vectors. ProSight ESP provides firewall protection, penetration alerts, endpoint management, and web filtering through leading-edge technologies incorporated within one agent managed from a single console. Progent's security and virtualization experts can assist your business to plan and configure a ProSight ESP deployment that addresses your organization's unique requirements and that helps you prove compliance with legal and industry data protection standards. Progent will assist you specify and implement policies that ProSight ESP will manage, and Progent will monitor your network and respond to alerts that call for urgent action. Progent can also help your company to install and verify a backup and restore system such as ProSight Data Protection Services (DPS) so you can get back in business rapidly from a destructive security attack such as ransomware. Learn more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.
- ProSight DPS: Managed Backup and Recovery
Progent has partnered with leading backup product companies to produce ProSight Data Protection Services (DPS), a selection of offerings that deliver backup-as-a-service. All ProSight DPS services automate and track your backup operations and enable non-disruptive backup and rapid restoration of vital files, applications, images, and Hyper-V and VMware virtual machines. ProSight DPS helps you protect against data loss resulting from equipment failures, natural calamities, fire, malware such as ransomware, human mistakes, ill-intentioned employees, or software glitches. Managed backup services in the ProSight Data Protection selection include ProSight Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro Office 365 Backup), ProSight ECHO Backup using Barracuda dedicated hardware, and ProSight MSP360 Hybrid Backup. Your Progent expert can help you to determine which of these fully managed services are best suited for your network.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security solution that uses the services and infrastructure of leading data security companies to deliver centralized control and comprehensive protection for your email traffic. The powerful architecture of Email Guard managed service integrates a Cloud Protection Layer with an on-premises security gateway appliance to offer advanced defense against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks, and other email-based malware. Email Guard's cloud filter acts as a first line of defense and blocks the vast majority of threats from making it to your network firewall. This decreases your exposure to inbound threats and saves system bandwidth and storage. Email Guard's on-premises gateway appliance adds a deeper layer of inspection for inbound email. For outbound email, the onsite gateway offers AV and anti-spam filtering, protection against data leaks, and encryption. The on-premises security gateway can also assist Exchange Server to monitor and safeguard internal email traffic that originates and ends inside your security perimeter. Learn more about Progent's ProSight Email Guard spam filtering, virus defense, email content filtering and data leakage protection.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
ProSight WAN Watch is a network infrastructure monitoring and management service that makes it simple and affordable for smaller organizations to map out, track, enhance and debug their connectivity appliances like routers, firewalls, and access points as well as servers, printers, endpoints and other networked devices. Using state-of-the-art RMM technology, ProSight WAN Watch ensures that infrastructure topology maps are kept updated, captures and displays the configuration information of virtually all devices connected to your network, monitors performance, and generates alerts when issues are detected. By automating time-consuming management and troubleshooting activities, ProSight WAN Watch can cut hours off ordinary chores such as making network diagrams, reconfiguring your network, finding devices that require critical updates, or isolating performance issues. Learn more details about ProSight WAN Watch network infrastructure management services.
- ProSight LAN Watch: Server and Desktop Monitoring
ProSight LAN Watch is Progent's server and desktop remote monitoring service that uses state-of-the-art remote monitoring and management technology to keep your network running at peak levels by tracking the health of critical computers that power your information system. When ProSight LAN Watch detects a problem, an alarm is sent immediately to your designated IT staff and your Progent engineering consultant so that all looming problems can be resolved before they can impact your network Learn more details about ProSight LAN Watch server and desktop monitoring services.
- ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small organization can have its critical servers and apps hosted in a secure Tier III data center on a fast virtual machine host configured and maintained by Progent's network support professionals. With the ProSight Virtual Hosting model, the customer owns the data, the OS software, and the apps. Since the system is virtualized, it can be moved easily to a different hardware solution without requiring a lengthy and technically risky configuration procedure. With ProSight Virtual Hosting, you are not tied a single hosting service. Learn more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to capture, update, find and protect information related to your IT infrastructure, processes, business apps, and services. You can instantly find passwords or serial numbers and be alerted automatically about upcoming expirations of SSLs or domains. By cleaning up and organizing your IT infrastructure documentation, you can eliminate up to 50% of time wasted searching for vital information about your network. ProSight IT Asset Management includes a centralized repository for storing and collaborating on all documents required for managing your business network such as standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also offers a high level of automation for gathering and relating IT data. Whether you're planning enhancements, performing regular maintenance, or responding to a crisis, ProSight IT Asset Management delivers the data you need the instant you need it. Find out more about ProSight IT Asset Management service.
- Progent's Patch Management: Software/Firmware Update Management Services
Progent's support services for patch management provide organizations of all sizes a flexible and cost-effective alternative for assessing, validating, scheduling, implementing, and tracking updates to your dynamic IT network. Besides maximizing the security and functionality of your computer environment, Progent's software/firmware update management services permit your in-house IT team to focus on more strategic initiatives and activities that derive maximum business value from your network. Find out more about Progent's patch management services.
- ProSight Duo Multi-Factor Authentication: ID Confirmation, Endpoint Remediation, and Secure Single Sign-on
Progent's Duo authentication services incorporate Cisco's Duo cloud technology to protect against stolen passwords by using two-factor authentication (2FA). Duo supports single-tap identity verification on Apple iOS, Google Android, and other out-of-band devices. Using 2FA, whenever you log into a protected application and enter your password you are requested to verify who you are via a unit that only you possess and that is accessed using a separate network channel. A wide range of devices can be used as this added means of ID validation including an iPhone or Android or wearable, a hardware/software token, a landline telephone, etc. You can designate several verification devices. To learn more about Duo identity validation services, visit Duo MFA two-factor authentication (2FA) services for access security.
ProSight Network Audits
Progent's ProSight Network Audits are a quick and affordable alternative for small and mid-size organizations to obtain an unbiased assessment of the overall health of their information system. Powered by a selection of the leading remote monitoring and management (RMM) platforms in the industry, and supervised by Progent's world-class team of information technology experts, ProSight Network Audits help you see how well the deployment of your essential infrastructure assets adhere to best practices. Both the Basic and Advanced options for ProSight Network Audit services are offered at a low, one-time cost and deliver instant benefits like a cleaner Active Directory (AD) environment. Both versions also come with a year of advanced remote network monitoring and management (RMM). Advantages can include lower-cost management, improved compliance with government and industry security requirements, higher utilization of IT assets, faster problem resolution, more dependable backup and restore, and higher availability. See more about ProSight Network Audits network infrastructure review.
Progent's ProSight Ransomware Preparedness Report
Progent's ProSight Ransomware Preparedness Report service is an affordable service based on a brief interview with a Progent backup/recovery expert. The fact-finding interview is intended to assess your organization's preparedness to stop or recover quickly following an attack by a ransomware strain such as Ryuk, WannaCry, MongoLock, or Hermes. Progent will work with you directly to collect information about your current antivirus tools and backup/recovery system, and Progent will then deliver a custom Basic Security and Best Practices Report document describing how you can apply best practices to deploy a cost-effective AV and backup environment that meets your company's requirements. For additional information, visit The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
To learn more about Progent's security consulting, call Progent at 800-993-9400 or refer to Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to assist you to complete the urgent first step in responding to a ransomware attack by putting out the fire. Progent's online ransomware engineer can assist you to locate and quarantine infected devices and protect clean resources from being penetrated. If your network has been penetrated by any version of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For details, visit Progent's Ransomware 24x7 Hot Line.