Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Fixed-price Managed Services for Information Assurance
Progent's value-priced ProSight family of outsourced network management services is designed to provide small and mid-size organizations with enterprise-class support and state-of-the-art technology for all facets of information assurance and compliance. Managed services available from Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Next Generation Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection service that incorporates cutting edge behavior analysis tools to defend endpoints and physical and virtual servers against modern malware assaults such as ransomware and file-less exploits, which routinely evade traditional signature-based AV tools. ProSight Active Security Monitoring safeguards on-premises and cloud-based resources and offers a unified platform to automate the complete threat lifecycle including protection, identification, mitigation, cleanup, and forensics. Key capabilities include one-click rollback using Windows VSS and automatic network-wide immunization against new attacks. Find out more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection: Unified Physical and Virtual Endpoint Protection
ProSight Enhanced Security Protection managed services offer economical multi-layer protection for physical servers and VMs, workstations, mobile devices, and Exchange email. ProSight ESP uses contextual security and advanced heuristics for round-the-clock monitoring and reacting to security assaults from all attack vectors. ProSight ESP delivers firewall protection, penetration alarms, endpoint control, and web filtering via leading-edge tools packaged within one agent accessible from a single console. Progent's data protection and virtualization consultants can assist you to plan and configure a ProSight ESP deployment that addresses your organization's specific requirements and that helps you prove compliance with government and industry data protection regulations. Progent will assist you specify and implement policies that ProSight ESP will manage, and Progent will monitor your network and react to alarms that call for urgent action. Progent's consultants can also assist you to install and test a backup and disaster recovery system like ProSight Data Protection Services (DPS) so you can get back in business quickly from a potentially disastrous security attack like ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint security and Microsoft Exchange filtering.
- ProSight DPS: Managed Cloud Backup
ProSight Data Protection Services from Progent offer small and mid-sized businesses a low cost end-to-end service for reliable backup/disaster recovery (BDR). For a low monthly cost, ProSight DPS automates your backup activities and enables rapid restoration of critical files, applications and VMs that have become unavailable or damaged as a result of component breakdowns, software glitches, disasters, human error, or malicious attacks such as ransomware. ProSight Data Protection Services can help you protect, retrieve and restore files, folders, apps, system images, plus Microsoft Hyper-V and VMware images/. Important data can be backed up on the cloud, to an on-promises storage device, or to both. Progent's BDR consultants can deliver world-class expertise to set up ProSight Data Protection Services to comply with regulatory standards such as HIPPA, FIRPA, PCI and Safe Harbor and, whenever necessary, can help you to recover your business-critical data. Find out more about ProSight DPS Managed Backup.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security solution that incorporates the services and infrastructure of top data security vendors to provide web-based control and world-class security for your inbound and outbound email. The powerful structure of Email Guard integrates cloud-based filtering with a local security gateway device to provide advanced protection against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks (DHAs), and other email-borne malware. The Cloud Protection Layer serves as a first line of defense and keeps the vast majority of threats from reaching your security perimeter. This reduces your exposure to external attacks and conserves network bandwidth and storage. Email Guard's onsite gateway device provides a further level of analysis for incoming email. For outbound email, the local security gateway offers anti-virus and anti-spam protection, protection against data leaks, and encryption. The onsite gateway can also help Exchange Server to track and safeguard internal email traffic that stays within your corporate firewall. Learn more about Progent's ProSight Email Guard spam filtering, virus defense, email content filtering and data loss protection.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
Progentís ProSight WAN Watch is an infrastructure monitoring and management service that makes it easy and affordable for small and mid-sized businesses to diagram, track, reconfigure and debug their connectivity appliances such as routers, firewalls, and load balancers as well as servers, endpoints and other devices. Incorporating cutting-edge RMM technology, WAN Watch ensures that infrastructure topology diagrams are always current, copies and displays the configuration of virtually all devices on your network, monitors performance, and generates notices when problems are discovered. By automating complex management and troubleshooting activities, ProSight WAN Watch can cut hours off ordinary chores such as network mapping, reconfiguring your network, finding appliances that require important software patches, or identifying the cause of performance bottlenecks. Learn more about ProSight WAN Watch network infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop monitoring service that incorporates advanced remote monitoring and management (RMM) techniques to help keep your IT system running efficiently by tracking the state of vital computers that drive your business network. When ProSight LAN Watch uncovers an issue, an alert is sent automatically to your specified IT management personnel and your assigned Progent engineering consultant so any potential problems can be addressed before they can impact productivity Learn more details about ProSight LAN Watch server and desktop monitoring services.
- ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
With ProSight Virtual Hosting service, a small or mid-size business can have its key servers and apps hosted in a secure fault tolerant data center on a high-performance virtual machine host set up and managed by Progent's network support experts. With the ProSight Virtual Hosting model, the customer owns the data, the OS platforms, and the apps. Since the environment is virtualized, it can be ported easily to an alternate hosting environment without a time-consuming and difficult configuration process. With ProSight Virtual Hosting, you are not locked into a single hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
ProSight IT Asset Management service is an IT infrastructure documentation management service that allows you to capture, update, find and safeguard data related to your IT infrastructure, processes, applications, and services. You can instantly find passwords or IP addresses and be alerted about upcoming expirations of SSLs or domains. By cleaning up and managing your network documentation, you can eliminate up to 50% of time wasted trying to find vital information about your IT network. ProSight IT Asset Management includes a centralized repository for holding and collaborating on all documents related to managing your business network such as standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also offers advanced automation for collecting and relating IT data. Whether youíre making improvements, doing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the data you require when you need it. Learn more about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits offer a fast and affordable way for small and medium-size organizations to get an objective evaluation of the overall health of their information system. Based on a selection of the top remote monitoring and management (RMM) platforms in the industry, and overseen by Progent's world-class group of information technology experts, ProSight Network Audits help you see how well the deployment of your essential network assets conform to industry best practices. The Basic and Advanced options for ProSight Network Audit services are available at a low, one-time cost and deliver instant benefits such as a more manageable Active Directory environment. Both also come with one year of cutting-edge remote network monitoring and management. Benefits can include simpler management, improved compliance with government and industry security regulations, higher utilization of IT resources, faster troubleshooting, more dependable backup and restore, and less downtime. See more about ProSight Network Audits IT infrastructure review.
Progent's ProSight Ransomware Preparedness Report Service
Progent's ProSight Ransomware Preparedness Report service is a low-cost service based on a brief discussion with a Progent backup/recovery consultant. The fact-finding interview is designed to assess your organization's preparedness either to block or recover rapidly following an attack by a ransomware variant such as Ryuk, WannaCry, NotPetya, or Locky. Progent will work with you personally to collect information about your current antivirus tools and backup platform, and Progent will then produce a written Basic Security and Best Practices Report describing how you can follow industry best practices to create an efficient security and backup environment that aligns with your company's needs. For additional information, see The ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
If you want computer security consulting, call Progent at 800-993-9400 or go to Contact Progent.