Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Low-Cost Managed Services for Information Assurance
Progent's affordable ProSight suite of network management outsourcing services is intended to provide small and mid-size organizations with enterprise-class support and state-of-the-art technology for all aspects of information assurance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring is an endpoint protection (EPP) service that incorporates next generation behavior analysis tools to guard endpoint devices as well as servers and VMs against new malware attacks such as ransomware and email phishing, which easily evade legacy signature-matching AV products. ProSight ASM protects on-premises and cloud-based resources and offers a single platform to automate the complete malware attack progression including filtering, identification, mitigation, cleanup, and post-attack forensics. Top features include one-click rollback using Windows VSS and automatic system-wide immunization against new threats. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection (ESP): Unified Endpoint Security
Progent's ProSight Enhanced Security Protection (ESP) services offer ultra-affordable multi-layer protection for physical servers and virtual machines, workstations, mobile devices, and Microsoft Exchange. ProSight ESP uses contextual security and advanced machine learning for continuously monitoring and reacting to security assaults from all attack vectors. ProSight ESP offers two-way firewall protection, intrusion alarms, device control, and web filtering through cutting-edge technologies incorporated within one agent accessible from a single console. Progent's security and virtualization consultants can help you to plan and implement a ProSight ESP environment that addresses your organization's unique requirements and that helps you achieve and demonstrate compliance with legal and industry data protection standards. Progent will help you define and configure security policies that ProSight ESP will manage, and Progent will monitor your network and respond to alerts that call for urgent attention. Progent can also help your company to set up and verify a backup and restore system like ProSight Data Protection Services so you can get back in business rapidly from a destructive cyber attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint security and Exchange email filtering.
- ProSight DPS: Managed Cloud Backup and Recovery
ProSight Data Protection Services offer small and medium-sized businesses an affordable end-to-end service for secure backup/disaster recovery (BDR). For a low monthly cost, ProSight Data Protection Services automates your backup processes and enables fast restoration of critical files, apps and VMs that have become unavailable or corrupted as a result of hardware failures, software bugs, natural disasters, human error, or malware attacks such as ransomware. ProSight Data Protection Services can help you back up, retrieve and restore files, folders, apps, system images, as well as Hyper-V and VMware virtual machine images. Critical data can be protected on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class expertise to set up ProSight Data Protection Services to be compliant with government and industry regulatory requirements like HIPPA, FIRPA, PCI and Safe Harbor and, whenever needed, can assist you to recover your critical information. Read more about ProSight Data Protection Services Managed Cloud Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security solution that uses the technology of leading data security companies to provide web-based control and comprehensive security for all your email traffic. The powerful structure of Email Guard integrates a Cloud Protection Layer with a local gateway appliance to offer advanced defense against spam, viruses, Dos Attacks, Directory Harvest Attacks (DHAs), and other email-borne threats. Email Guard's Cloud Protection Layer acts as a preliminary barricade and blocks the vast majority of unwanted email from reaching your security perimeter. This decreases your exposure to inbound attacks and saves system bandwidth and storage space. Email Guard's on-premises gateway appliance provides a further layer of analysis for inbound email. For outbound email, the local gateway provides AV and anti-spam protection, DLP, and encryption. The on-premises gateway can also assist Exchange Server to monitor and safeguard internal email that originates and ends within your corporate firewall. Find out more about Progent's ProSight Email Guard spam filtering, virus blocking, content filtering and data leakage protection.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
ProSight WAN Watch is an infrastructure monitoring and management service that makes it simple and inexpensive for smaller businesses to map out, monitor, enhance and debug their connectivity appliances like routers, firewalls, and load balancers plus servers, printers, endpoints and other networked devices. Using cutting-edge RMM technology, WAN Watch ensures that network diagrams are always updated, copies and manages the configuration information of virtually all devices on your network, tracks performance, and generates notices when potential issues are discovered. By automating time-consuming management processes, WAN Watch can cut hours off ordinary tasks like making network diagrams, expanding your network, locating appliances that need important software patches, or identifying the cause of performance issues. Learn more about ProSight WAN Watch infrastructure monitoring and management consulting.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop remote monitoring service that uses advanced remote monitoring and management techniques to help keep your IT system operating efficiently by checking the state of critical assets that drive your business network. When ProSight LAN Watch uncovers an issue, an alert is sent immediately to your specified IT staff and your assigned Progent consultant so that all looming issues can be addressed before they have a chance to disrupt productivity Learn more details about ProSight LAN Watch server and desktop monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small business can have its critical servers and applications hosted in a secure fault tolerant data center on a fast virtual machine host set up and maintained by Progent's IT support experts. Under Progent's ProSight Virtual Hosting model, the customer retains ownership of the data, the OS platforms, and the apps. Since the system is virtualized, it can be ported easily to an alternate hosting solution without requiring a lengthy and technically risky reinstallation procedure. With ProSight Virtual Hosting, you are not tied one hosting provider. Learn more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to create, maintain, find and protect data about your network infrastructure, processes, business apps, and services. You can quickly find passwords or serial numbers and be warned about upcoming expirations of SSLs or warranties. By cleaning up and organizing your IT documentation, you can save up to half of time thrown away searching for vital information about your network. ProSight IT Asset Management includes a centralized location for storing and collaborating on all documents required for managing your business network like standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also offers advanced automation for gathering and associating IT information. Whether youíre making improvements, doing regular maintenance, or reacting to a crisis, ProSight IT Asset Management delivers the information you require when you need it. Find out more details about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits are a fast and affordable way for small and medium-size organizations to obtain an unbiased evaluation of the health of their network. Powered by some of the top remote monitoring and management (RMM) platforms available, and overseen by Progent's world-class team of information technology experts, ProSight Network Audits help you see how closely the configuration of your core infrastructure assets conform to best practices. Both the Basic and Advanced options for ProSight Network Audit services are offered at a budget-friendly, one-time cost and deliver instant benefits such as a more manageable Active Directory system. Both also come with one year of advanced remote network monitoring and management. Advantages can include lower-cost management, improved compliance with government and industry security regulations, higher utilization of network assets, faster problem resolution, more dependable backup and recovery, and higher availability. Learn more about ProSight Network Audits IT infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report
The ProSight Ransomware Preparedness Report is a low-cost service centered on a brief phone discussion with a Progent backup/recovery expert. The interview is designed to help evaluate your organization's preparedness either to stop or recover quickly following an attack by a ransomware strain such as Ryuk, WannaCry, NotPetya, or Hermes. Progent will work with you directly to gather information about your current antivirus tools and backup/recovery system, and Progent will then produce a custom Basic Security and Best Practices Report detailing how you can follow best practices to create a cost-effective AV and backup/recovery system that meets your company's requirements. For details, refer to Progent's ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
For network security consulting expertise, call Progent at 800-993-9400 or visit Contact Progent.