Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Low-Cost Managed Services for Information Assurance
Progent's value-priced ProSight series of network monitoring and management services is designed to provide small and mid-size businesses with enterprise-class support and cutting-edge technology for all facets of information assurance and compliance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring: Next Generation Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that utilizes cutting edge behavior analysis tools to defend endpoints as well as servers and VMs against new malware assaults such as ransomware and file-less exploits, which routinely evade traditional signature-matching AV tools. ProSight Active Security Monitoring protects on-premises and cloud resources and offers a unified platform to manage the entire malware attack lifecycle including protection, detection, mitigation, cleanup, and forensics. Top capabilities include one-click rollback using Windows Volume Shadow Copy Service (VSS) and real-time system-wide immunization against new attacks. Find out more about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
ProSight Enhanced Security Protection (ESP) services deliver affordable in-depth security for physical servers and virtual machines, workstations, smartphones, and Microsoft Exchange. ProSight ESP utilizes adaptive security and modern behavior analysis for round-the-clock monitoring and reacting to security assaults from all attack vectors. ProSight ESP delivers two-way firewall protection, intrusion alerts, endpoint management, and web filtering through cutting-edge tools incorporated within a single agent managed from a unified control. Progent's security and virtualization consultants can help your business to plan and configure a ProSight ESP environment that meets your company's specific needs and that allows you demonstrate compliance with legal and industry information protection regulations. Progent will assist you define and implement policies that ProSight ESP will manage, and Progent will monitor your IT environment and respond to alarms that require immediate action. Progent can also assist you to set up and verify a backup and restore solution such as ProSight Data Protection Services so you can get back in business rapidly from a potentially disastrous cyber attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Exchange filtering.
- ProSight DPS: Managed Cloud Backup and Recovery
ProSight Data Protection Services offer small and mid-sized organizations a low cost end-to-end solution for reliable backup/disaster recovery. Available at a fixed monthly cost, ProSight Data Protection Services automates and monitors your backup activities and enables rapid recovery of vital data, applications and virtual machines that have become unavailable or corrupted due to hardware failures, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight Data Protection Services can help you protect, retrieve and restore files, folders, apps, system images, plus Hyper-V and VMware images/. Important data can be protected on the cloud, to a local storage device, or to both. Progent's BDR specialists can provide advanced support to configure ProSight Data Protection Services to be compliant with regulatory standards like HIPAA, FINRA, and PCI and, whenever needed, can help you to restore your critical data. Read more about ProSight DPS Managed Cloud Backup.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security platform that incorporates the services and infrastructure of top information security vendors to deliver centralized management and comprehensive security for all your email traffic. The powerful architecture of Progent's Email Guard managed service combines cloud-based filtering with an on-premises gateway device to offer advanced defense against spam, viruses, Denial of Service (DoS) Attacks, DHAs, and other email-based threats. Email Guard's Cloud Protection Layer serves as a first line of defense and blocks most threats from reaching your network firewall. This reduces your exposure to external threats and conserves system bandwidth and storage. Email Guard's onsite security gateway appliance provides a deeper level of analysis for inbound email. For outgoing email, the on-premises gateway offers AV and anti-spam filtering, DLP, and encryption. The local gateway can also help Microsoft Exchange Server to track and protect internal email that originates and ends inside your security perimeter. Learn more about Progent's ProSight Email Guard spam filtering, virus blocking, content filtering and data loss prevention.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and inexpensive for smaller organizations to map out, monitor, enhance and troubleshoot their connectivity hardware like switches, firewalls, and access points plus servers, printers, endpoints and other devices. Using cutting-edge RMM technology, ProSight WAN Watch ensures that infrastructure topology diagrams are always updated, copies and displays the configuration of almost all devices connected to your network, tracks performance, and generates notices when issues are discovered. By automating time-consuming management processes, WAN Watch can cut hours off ordinary chores such as making network diagrams, reconfiguring your network, finding devices that need critical updates, or resolving performance problems. Learn more details about ProSight WAN Watch infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Remote Monitoring
ProSight LAN Watch is Progentís server and desktop monitoring managed service that incorporates advanced remote monitoring and management technology to help keep your IT system operating efficiently by checking the state of critical computers that power your business network. When ProSight LAN Watch detects an issue, an alarm is sent automatically to your designated IT personnel and your assigned Progent consultant so any looming issues can be resolved before they can impact your network Find out more details about ProSight LAN Watch server and desktop monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With ProSight Virtual Hosting service, a small business can have its key servers and apps hosted in a protected Tier III data center on a high-performance virtual machine host configured and maintained by Progent's IT support experts. Under Progent's ProSight Virtual Hosting model, the client owns the data, the operating system software, and the applications. Because the environment is virtualized, it can be ported easily to an alternate hosting solution without requiring a lengthy and difficult configuration procedure. With ProSight Virtual Hosting, you are not locked into a single hosting service. Learn more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to capture, maintain, retrieve and safeguard data about your IT infrastructure, processes, business apps, and services. You can quickly locate passwords or serial numbers and be warned about upcoming expirations of SSLs or domains. By updating and managing your IT documentation, you can save as much as 50% of time spent trying to find vital information about your network. ProSight IT Asset Management includes a centralized location for storing and sharing all documents required for managing your business network like standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also offers advanced automation for collecting and relating IT information. Whether youíre planning enhancements, performing regular maintenance, or reacting to a crisis, ProSight IT Asset Management gets you the information you require as soon as you need it. Learn more about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits are a fast and low-cost way for small and medium-size organizations to obtain an unbiased evaluation of the health of their information system. Powered by some of the leading remote monitoring and management tools in the industry, and supervised by Progent's world-class group of IT experts, ProSight Network Audits help you see how well the deployment of your essential network assets conform to leading practices. The Basic and Advanced versions of ProSight Network Audit services are available at a budget-friendly, one-time cost and deliver instant benefits such as a cleaner Active Directory (AD) system. Both also come with a year of state-of-the-art remote network monitoring and management. Benefits can include lower-cost management, improved compliance with information security regulations, higher utilization of IT resources, faster problem resolution, more reliable backup and restore, and higher availability. Learn more information about ProSight Network Audits network infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report
Progent's ProSight Ransomware Preparedness Report service is a low-cost service built around a brief interview with a Progent backup/recovery expert. The interview is designed to evaluate your organization's ability to stop or recover quickly following an attack by a ransomware strain such as Ryuk, WannaCry, MongoLock, or Hermes. Progent will work with you directly to collect information about your current security profile and backup/recovery system, and Progent will then deliver a custom Basic Security and Best Practices Report describing how you can apply best practices to build a cost-effective AV and backup/recovery system that meets your company's requirements. For additional information, visit The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
If you want security consulting, telephone Progent at 800-993-9400 or visit Contact Progent.