Stealth penetration testing (PEN testing) is a key means of allowing organizations to find out how exposed their IT systems are to real world threats by showing how well their corporate security processes hold up against authorized but unannounced attacks by seasoned cyber security specialists utilizing the latest hacking techniques. Progent offers on-demand PEN testing or continual PEN testing performed as a managed service.
Progent's network security experts can safely carry out thorough penetration testing without the knowledge of internal IT personnel. So-called Stealth PEN testing uncovers whether your current security monitoring tools and procedures such as intrusion detection alarms and event log monitoring are correctly set up and actively managed.
Penetration testing can encompass any of the following areas:
- Use a series of port scanning utilities to identify open network access vectors and to discover and characterize a customer's network infrastructure and overall security posture.
- Run a series of threat recognition tools that test all open access vectors against an extensive database of known vulnerabilities caused by servers that are not up to date on security patches, out of date firmware/software, misconfigured servers and devices, and out-of-the-box or obvious passwords.
- Assess WiFi network security by attempting on-site access from publicly available locations such as parking lots, stairways, restrooms, and physically attached spaces. Identification of security methods used by WiFi infrastructure and running familiar exploit utilities to get access.
- Attempt to determine remote connectivity features of the network and use exploit and brute force techniques to gain access through remote access gaps.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Perform brute force identity and password attacks based on a trove of more than 40 million common passwords.
- For resources successfully penetrated, Progent cybersecurity professionals will manually use various hacker techniques to extend identified vectors to develop an understanding of the full network environment and determine how many internal systems can be penetrated and exploited. This class of security testing can expose the real scope of the vulnerability of a network.
- Determine internal and external network addressing set up through email beaconing methods.
- Perform various Denial of Service attacks, coordinated with top network management to determinewhether it is possible to stop or obstruct network productivity. Once evidence of impact is recognized, such testing can be immediately ceased to avoid seriously affecting operations.
- Carry out PBX remote access and voice mail security testing.
- Implement continuous autonomous PEN testing to discover and fingerprint your internal/external attack surface and to detect ways that exploitable vulnerabilities, improper configurations, compromised credentials, skipped patches, and dangerous IT product defaults can be chained together by hackers into the multi-front attacks common to modern versions of ransomware.
Progent experts can use social engineering techniques and public information to attempt personalized password penetration testing using information such as the names of an employee's family members, birth date, home address, and phone number. Progent experts can often quickly find this information through Internet online search and readily available public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public filings, marketing materials and press releases, web sites, and office receptionists.
Progent will provide a complete report of techniques utilized and vulnerabilities exposed during stealth PEN testing, along with a comprehensive list of suggested fixes. Progent can then cooperate with internal IT staff to carry out an audit and assessment of your actual security protection, configuration, tools, and processes and help your company to develop and deploy a comprehensive security solution.
ProSight Low-Cost Managed Services for Information Assurance
Progent's affordable ProSight suite of outsourced network management services is designed to provide small and mid-size businesses with enterprise-class support and state-of-the-art technology for all facets of information assurance. Managed services offered by Progent include:
- ProSight Active Security Monitoring (ASM): Next Generation Endpoint Protection and Ransomware Defense
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection service that incorporates SentinelOne's cutting edge behavior analysis technology to defend endpoint devices as well as physical and virtual servers against modern malware assaults such as ransomware and email phishing, which easily escape legacy signature-matching AV tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to automate the entire threat lifecycle including filtering, identification, mitigation, remediation, and post-attack forensics. Top features include single-click rollback with Windows VSS and real-time network-wide immunization against new threats. Progent is a SentinelOne Partner, dealer, and integrator. Read more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery with SentinelOne technology.
- ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Security
ProSight Enhanced Security Protection services offer economical in-depth protection for physical servers and virtual machines, workstations, smartphones, and Microsoft Exchange. ProSight ESP uses adaptive security and advanced heuristics for round-the-clock monitoring and responding to cyber threats from all attack vectors. ProSight ESP offers firewall protection, intrusion alarms, device control, and web filtering through cutting-edge tools incorporated within one agent managed from a single control. Progent's data protection and virtualization consultants can assist your business to design and configure a ProSight ESP environment that meets your company's unique needs and that helps you prove compliance with government and industry information protection standards. Progent will help you specify and implement security policies that ProSight ESP will manage, and Progent will monitor your network and react to alarms that require immediate action. Progent can also help you to install and test a backup and disaster recovery solution like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Microsoft Exchange email filtering.
- ProSight DPS: Managed Cloud Backup
Progent has worked with advanced backup technology companies to create ProSight Data Protection Services (DPS), a selection of subscription-based management offerings that provide backup-as-a-service. All ProSight DPS products manage and track your backup operations and allow transparent backup and fast restoration of critical files, applications, system images, plus Hyper-V and VMware virtual machines. ProSight DPS helps your business recover from data loss caused by equipment breakdown, natural disasters, fire, malware such as ransomware, human error, malicious employees, or software bugs. Managed services available in the ProSight Data Protection selection include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro Office 365 Backup), ProSight ECHO Backup based on Barracuda dedicated storage, and ProSight DPS MSP360 Cloud and On-prem Backup. Your Progent service representative can help you to identify which of these managed services are best suited for your network.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security solution that incorporates the technology of top data security vendors to provide centralized management and world-class security for all your email traffic. The powerful architecture of Email Guard combines a Cloud Protection Layer with a local security gateway appliance to offer complete defense against spam, viruses, Dos Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. Email Guard's Cloud Protection Layer serves as a first line of defense and blocks most threats from making it to your network firewall. This decreases your vulnerability to inbound threats and saves system bandwidth and storage. Email Guard's on-premises security gateway appliance provides a further layer of analysis for incoming email. For outbound email, the onsite gateway offers AV and anti-spam protection, DLP, and encryption. The onsite gateway can also help Exchange Server to track and safeguard internal email traffic that originates and ends within your security perimeter. Find out more about Progent's ProSight Email Guard spam filtering, virus defense, email content filtering and data loss protection.
- ProSight WAN Watch: Network Infrastructure Management
Progent's ProSight WAN Watch is a network infrastructure monitoring and management service that makes it simple and affordable for smaller organizations to diagram, track, enhance and troubleshoot their connectivity appliances like routers, firewalls, and access points as well as servers, printers, client computers and other networked devices. Incorporating cutting-edge RMM technology, ProSight WAN Watch ensures that infrastructure topology maps are kept current, captures and displays the configuration of almost all devices connected to your network, monitors performance, and generates notices when issues are detected. By automating complex management processes, ProSight WAN Watch can knock hours off common tasks like making network diagrams, expanding your network, locating devices that require critical updates, or resolving performance problems. Learn more about ProSight WAN Watch network infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Monitoring and Management
ProSight LAN Watch is Progent's server and desktop monitoring managed service that uses advanced remote monitoring and management techniques to help keep your IT system operating efficiently by checking the health of critical computers that power your information system. When ProSight LAN Watch detects a problem, an alarm is sent immediately to your specified IT staff and your assigned Progent consultant so that any looming problems can be resolved before they can impact productivity Find out more details about ProSight LAN Watch server and desktop monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's Tier III Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size business can have its key servers and apps hosted in a secure fault tolerant data center on a high-performance virtual machine host configured and maintained by Progent's IT support professionals. With Progent's ProSight Virtual Hosting model, the client retains ownership of the data, the operating system platforms, and the apps. Because the system is virtualized, it can be moved immediately to a different hardware environment without a time-consuming and difficult reinstallation procedure. With ProSight Virtual Hosting, your business is not tied a single hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to capture, update, find and protect information related to your network infrastructure, processes, applications, and services. You can instantly locate passwords or serial numbers and be alerted about upcoming expirations of SSLs ,domains or warranties. By updating and organizing your IT infrastructure documentation, you can eliminate as much as half of time wasted looking for critical information about your network. ProSight IT Asset Management features a centralized repository for storing and collaborating on all documents related to managing your network infrastructure like standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also offers a high level of automation for gathering and associating IT information. Whether you're making enhancements, performing regular maintenance, or responding to a crisis, ProSight IT Asset Management gets you the information you need the instant you need it. Find out more about ProSight IT Asset Management service.
- Patch Management: Software/Firmware Update Management Services
Progent's managed services for patch management provide businesses of any size a versatile and affordable solution for assessing, validating, scheduling, applying, and tracking updates to your ever-evolving IT network. In addition to optimizing the security and reliability of your computer environment, Progent's patch management services free up time for your in-house IT staff to focus on more strategic projects and activities that derive the highest business value from your network. Learn more about Progent's patch management support services.
- ProSight Duo Two-Factor Authentication: ID Confirmation, Endpoint Remediation, and Secure Single Sign-on (SSO)
Progent's Duo MFA service plans utilize Cisco's Duo cloud technology to defend against compromised passwords through the use of two-factor authentication. Duo enables single-tap identity confirmation on iOS, Google Android, and other personal devices. With Duo 2FA, when you sign into a protected online account and enter your password you are asked to confirm who you are on a device that only you possess and that is accessed using a different ("out-of-band") network channel. A wide selection of devices can be utilized for this added form of ID validation such as a smartphone or wearable, a hardware/software token, a landline phone, etc. You can designate multiple validation devices. For details about ProSight Duo identity validation services, visit Duo MFA two-factor authentication services for access security.
ProSight Network Audits
Progent's ProSight Network Audits are a quick and affordable way for small and mid-size organizations to obtain an objective evaluation of the overall health of their information system. Based on some of the top remote monitoring and management tools available, and overseen by Progent's certified team of information technology professionals, ProSight Network Audits show you how closely the deployment of your essential network assets adhere to industry leading practices. The Basic and Advanced options for ProSight Network Audit services are available at a budget-friendly, one-time cost and deliver instant ROI like a cleaner Active Directory (AD) system. Both versions also include a year of state-of-the-art remote network monitoring and management. Advantages can include lower-cost network management, better compliance with government and industry security requirements, higher utilization of network resources, quicker troubleshooting, more reliable backup and recovery, and increased uptime. Read more about Progent's ProSight Network Audits IT infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report Service
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around a brief phone discussion with a Progent backup/recovery consultant. The fact-finding interview is intended to assess your company's preparedness either to block or recover quickly after an assault by a ransomware variant like Ryuk, WannaCry, NotPetya, or Hermes. Progent will work with you personally to collect information concerning your current AV defense and backup platform, and Progent will then produce a written Basic Security and Best Practices Report describing how you can follow industry best practices to build an efficient security and backup/recovery system that meets your company's needs. For details, refer to The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
For more information about Progent's security help, call Progent at 800-993-9400 or see Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to guide organizations to complete the time-critical first steps in responding to a ransomware attack by putting out the fire. Progent's remote ransomware expert can help you to identify and quarantine infected devices and guard clean resources from being compromised. If your system has been breached by any version of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, see Progent's Ransomware 24x7 Hot Line.