Stealth penetration testing (PEN testing) is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Fixed-price Managed Services for Information Assurance
Progent's affordable ProSight family of managed services is designed to provide small and mid-size organizations with enterprise-class support and cutting-edge technology for all facets of information assurance. ProSight managed services offered by Progent include:
- ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that utilizes SentinelOne's next generation behavior machine learning tools to guard endpoints as well as servers and VMs against new malware assaults like ransomware and file-less exploits, which routinely escape legacy signature-matching AV tools. ProSight ASM safeguards on-premises and cloud resources and offers a single platform to automate the entire threat lifecycle including protection, infiltration detection, mitigation, cleanup, and forensics. Key features include single-click rollback with Windows VSS and automatic network-wide immunization against new attacks. Progent is a SentinelOne Partner. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense with SentinelOne technology.
- ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
ProSight Enhanced Security Protection services deliver ultra-affordable in-depth security for physical servers and VMs, workstations, mobile devices, and Exchange Server. ProSight ESP utilizes adaptive security and advanced heuristics for continuously monitoring and reacting to security assaults from all vectors. ProSight ESP delivers firewall protection, intrusion alerts, device control, and web filtering via cutting-edge technologies incorporated within one agent accessible from a single control. Progent's security and virtualization experts can help you to design and configure a ProSight ESP environment that meets your organization's specific requirements and that helps you achieve and demonstrate compliance with government and industry information security regulations. Progent will assist you specify and configure security policies that ProSight ESP will manage, and Progent will monitor your IT environment and respond to alerts that call for immediate action. Progent's consultants can also assist you to install and verify a backup and disaster recovery system such as ProSight Data Protection Services so you can get back in business quickly from a potentially disastrous security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange filtering.
- ProSight DPS: Managed Cloud Backup and Recovery
Progent has partnered with leading backup/restore product vendors to create ProSight Data Protection Services, a selection of offerings that provide backup-as-a-service (BaaS). All ProSight DPS products automate and monitor your data backup operations and allow non-disruptive backup and fast restoration of vital files, applications, system images, and Hyper-V and VMware virtual machines. ProSight DPS helps you recover from data loss resulting from equipment breakdown, natural calamities, fire, cyber attacks such as ransomware, user error, ill-intentioned employees, or software bugs. Managed services available in the ProSight ProSight Data Protection product line include ProSight Ataro VM Backup, ProSight Ataro Office 365 Backup, ProSight DPS ECHO Backup using Barracuda purpose-built hardware, and ProSight DPS MSP360 Hybrid Backup. Your Progent consultant can assist you to identify which of these managed services are best suited for your network.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email filtering and encryption solution that uses the technology of leading information security vendors to provide web-based control and comprehensive security for all your inbound and outbound email. The hybrid structure of Email Guard integrates a Cloud Protection Layer with an on-premises security gateway appliance to offer complete protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks, and other email-based malware. The cloud filter acts as a first line of defense and blocks the vast majority of unwanted email from making it to your network firewall. This decreases your vulnerability to external threats and saves system bandwidth and storage. Email Guard's onsite security gateway device provides a further level of inspection for inbound email. For outgoing email, the onsite gateway offers AV and anti-spam protection, policy-based Data Loss Prevention, and encryption. The onsite security gateway can also help Exchange Server to monitor and protect internal email traffic that originates and ends inside your corporate firewall. Learn more about Progent's ProSight Email Guard spam filtering, virus defense, content filtering and data leakage prevention.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
Progent�s ProSight WAN Watch is a network infrastructure management service that makes it easy and affordable for smaller businesses to map, monitor, enhance and troubleshoot their networking hardware such as routers and switches, firewalls, and load balancers as well as servers, printers, client computers and other networked devices. Incorporating state-of-the-art Remote Monitoring and Management technology, ProSight WAN Watch ensures that network diagrams are always current, captures and displays the configuration information of almost all devices on your network, monitors performance, and generates alerts when potential issues are detected. By automating complex network management activities, ProSight WAN Watch can cut hours off ordinary tasks like network mapping, reconfiguring your network, locating devices that need critical software patches, or isolating performance issues. Learn more about ProSight WAN Watch network infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Remote Monitoring
ProSight LAN Watch is Progent�s server and desktop monitoring service that incorporates state-of-the-art remote monitoring and management (RMM) technology to help keep your network operating at peak levels by tracking the state of vital computers that drive your business network. When ProSight LAN Watch uncovers a problem, an alert is sent immediately to your designated IT staff and your Progent consultant so all potential problems can be addressed before they can impact productivity Find out more details about ProSight LAN Watch server and desktop monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small business can have its critical servers and apps hosted in a protected Tier III data center on a high-performance virtual host set up and managed by Progent's network support experts. Under Progent's ProSight Virtual Hosting model, the customer owns the data, the OS platforms, and the apps. Since the system is virtualized, it can be moved easily to a different hosting environment without requiring a lengthy and difficult configuration procedure. With ProSight Virtual Hosting, your business is not tied one hosting service. Learn more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, maintain, retrieve and safeguard information related to your IT infrastructure, procedures, business apps, and services. You can instantly find passwords or serial numbers and be alerted about impending expirations of SSL certificates or domains. By updating and organizing your network documentation, you can eliminate up to half of time spent searching for vital information about your network. ProSight IT Asset Management includes a common repository for storing and sharing all documents related to managing your business network like recommended procedures and self-service instructions. ProSight IT Asset Management also supports a high level of automation for gathering and relating IT data. Whether you�re making enhancements, doing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the knowledge you need the instant you need it. Find out more details about ProSight IT Asset Management service.
- Patch Management: Software/Firmware Update Management Services
Progent's support services for software and firmware patch management offer organizations of any size a flexible and affordable alternative for assessing, testing, scheduling, applying, and tracking software and firmware updates to your dynamic IT system. Besides maximizing the protection and functionality of your IT environment, Progent's patch management services permit your in-house IT team to concentrate on line-of-business projects and tasks that deliver maximum business value from your information network. Learn more about Progent's patch management services.
- ProSight Duo Multi-Factor Authentication: Identity Validation, Endpoint Remediation, and Protected Single Sign-on (SSO)
Progent's Duo authentication services incorporate Cisco's Duo technology to defend against stolen passwords by using two-factor authentication. Duo enables one-tap identity verification with iOS, Android, and other personal devices. Using Duo 2FA, when you sign into a secured online account and enter your password you are requested to verify your identity on a device that only you have and that uses a different network channel. A wide selection of out-of-band devices can be utilized as this second means of authentication such as an iPhone or Android or wearable, a hardware/software token, a landline telephone, etc. You may register multiple validation devices. For more information about Duo identity authentication services, go to Duo MFA two-factor authentication (2FA) services for access security.
ProSight Network Audits
Progent's ProSight Network Audits are a quick and low-cost way for small and medium-size businesses to obtain an objective evaluation of the health of their information system. Based on a selection of the top remote monitoring and management tools available, and overseen by Progent's certified group of IT experts, ProSight Network Audits show you how closely the deployment of your essential infrastructure devices conform to leading practices. Both the Basic and Advanced options for ProSight Network Audit services are offered at a budget-friendly, one-time cost and provide instant benefits such as a more manageable Active Directory environment. Both versions also include one year of state-of-the-art remote network monitoring and management (RMM). Advantages can include simpler management, better compliance with information security regulations, higher utilization of network resources, quicker problem resolution, more dependable backup and restore, and increased uptime. See more about ProSight Network Audits network infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report
The ProSight Ransomware Preparedness Report is an affordable service based on a brief interview with a Progent backup/recovery expert. The fact-finding interview is intended to help evaluate your organization's ability either to stop or recover quickly following an assault by a ransomware variant like Ryuk, WannaCry, NotPetya, or Hermes. Progent will consult with you personally to collect information about your current antivirus tools and backup platform, and Progent will then deliver a custom Basic Security and Best Practices Report document describing how you can apply best practices to build an efficient AV and backup/recovery environment that meets your company's needs. For more information, refer to Progent's ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
To learn more about Progent's computer security support services, call Progent at 800-993-9400 or see Contact Progent.