Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Fixed-price Managed Services for Information Assurance
Progent's affordable ProSight line of network management outsourcing services is intended to provide small and mid-size businesses with enterprise-class support and cutting-edge technology for all aspects of information assurance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring: Next Generation Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection service that incorporates cutting edge behavior analysis technology to guard endpoints and servers and VMs against modern malware attacks such as ransomware and email phishing, which easily get by legacy signature-matching anti-virus tools. ProSight Active Security Monitoring safeguards on-premises and cloud-based resources and offers a unified platform to address the entire malware attack lifecycle including blocking, detection, containment, cleanup, and post-attack forensics. Key capabilities include single-click rollback using Windows Volume Shadow Copy Service and real-time system-wide immunization against new attacks. Find out more about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Protection
Progent's ProSight Enhanced Security Protection services offer ultra-affordable in-depth security for physical servers and virtual machines, desktops, smartphones, and Exchange Server. ProSight ESP uses adaptive security and modern behavior analysis for continuously monitoring and responding to security assaults from all attack vectors. ProSight ESP delivers firewall protection, intrusion alarms, endpoint control, and web filtering via cutting-edge tools incorporated within one agent accessible from a unified console. Progent's security and virtualization experts can assist you to design and configure a ProSight ESP deployment that addresses your organization's specific needs and that helps you prove compliance with legal and industry data protection regulations. Progent will help you define and configure security policies that ProSight ESP will manage, and Progent will monitor your network and respond to alarms that require immediate attention. Progent's consultants can also help your company to set up and test a backup and restore system like ProSight Data Protection Services (DPS) so you can get back in business rapidly from a destructive cyber attack like ransomware. Learn more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint protection and Exchange email filtering.
- ProSight Data Protection Services: Managed Cloud Backup and Recovery
ProSight Data Protection Services from Progent offer small and mid-sized businesses a low cost end-to-end service for reliable backup/disaster recovery (BDR). For a fixed monthly rate, ProSight DPS automates your backup processes and allows rapid restoration of vital data, applications and VMs that have become unavailable or corrupted as a result of component breakdowns, software bugs, disasters, human error, or malicious attacks such as ransomware. ProSight Data Protection Services can help you back up, retrieve and restore files, folders, applications, system images, as well as Microsoft Hyper-V and VMware virtual machine images. Important data can be protected on the cloud, to an on-promises device, or mirrored to both. Progent's cloud backup consultants can provide advanced expertise to set up ProSight DPS to comply with regulatory requirements like HIPAA, FINRA, and PCI and, when needed, can help you to restore your business-critical data. Learn more about ProSight DPS Managed Cloud Backup.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Email Encryption
ProSight Email Guard is Progent's email filtering and encryption platform that uses the services and infrastructure of leading information security vendors to provide centralized management and comprehensive protection for all your inbound and outbound email. The hybrid structure of Email Guard combines a Cloud Protection Layer with a local security gateway appliance to offer advanced protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. The Cloud Protection Layer acts as a preliminary barricade and blocks the vast majority of threats from making it to your network firewall. This decreases your exposure to external threats and conserves network bandwidth and storage space. Email Guard's on-premises gateway device provides a further level of inspection for inbound email. For outbound email, the onsite gateway provides anti-virus and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The on-premises gateway can also help Microsoft Exchange Server to monitor and protect internal email that originates and ends inside your security perimeter. Learn more about Progent's ProSight Email Guard spam filtering, virus blocking, email content filtering and data leakage prevention.
- ProSight WAN Watch: Infrastructure Management
Progent’s ProSight WAN Watch is an infrastructure management service that makes it easy and inexpensive for smaller organizations to map, track, enhance and troubleshoot their networking appliances such as switches, firewalls, and access points plus servers, printers, client computers and other networked devices. Incorporating cutting-edge Remote Monitoring and Management (RMM) technology, ProSight WAN Watch makes sure that infrastructure topology diagrams are kept current, captures and displays the configuration of almost all devices connected to your network, monitors performance, and generates notices when problems are detected. By automating time-consuming management and troubleshooting activities, WAN Watch can cut hours off common chores such as network mapping, reconfiguring your network, finding devices that need critical updates, or resolving performance issues. Find out more details about ProSight WAN Watch infrastructure monitoring and management consulting.
- ProSight LAN Watch: Server and Desktop Monitoring and Management
ProSight LAN Watch is Progent’s server and desktop monitoring managed service that uses advanced remote monitoring and management technology to keep your network operating at peak levels by checking the state of vital computers that drive your business network. When ProSight LAN Watch detects a problem, an alert is transmitted automatically to your designated IT personnel and your assigned Progent engineering consultant so that any potential problems can be resolved before they have a chance to impact your network Learn more details about ProSight LAN Watch server and desktop remote monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With ProSight Virtual Hosting service, a small business can have its key servers and applications hosted in a protected Tier III data center on a high-performance virtual machine host configured and managed by Progent's IT support professionals. With the ProSight Virtual Hosting model, the customer retains ownership of the data, the operating system platforms, and the applications. Since the system is virtualized, it can be moved easily to a different hardware solution without a lengthy and difficult configuration procedure. With ProSight Virtual Hosting, your business is not tied one hosting service. Learn more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, update, find and safeguard data about your IT infrastructure, procedures, business apps, and services. You can instantly locate passwords or serial numbers and be warned about impending expirations of SSL certificates or warranties. By cleaning up and organizing your IT documentation, you can eliminate as much as half of time wasted trying to find vital information about your network. ProSight IT Asset Management features a centralized repository for holding and sharing all documents required for managing your network infrastructure like standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also supports a high level of automation for collecting and associating IT information. Whether you’re making enhancements, doing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the information you require the instant you need it. Find out more details about ProSight IT Asset Management service.
Progent's ProSight Network Audits are a fast and low-cost way for small and medium-size businesses to obtain an unbiased evaluation of the health of their IT system. Based on a selection of the leading remote monitoring and management (RMM) platforms in the industry, and supervised by Progent's world-class group of information technology professionals, ProSight Network Audits help you see how well the deployment of your essential network assets conform to best practices. The Basic and Advanced versions of ProSight Network Audit services are available at a low, one-time cost and deliver immediate benefits like a more manageable Active Directory system. Both also include a year of cutting-edge remote network monitoring and management. Advantages can include lower-cost network management, better compliance with government and industry security standards, higher utilization of network resources, faster problem resolution, more reliable backup and recovery, and higher availability. See more information about Progent's ProSight Network Audits network infrastructure assessment.
The ProSight Ransomware Preparedness Report Service
Progent's ProSight Ransomware Preparedness Report is an affordable service centered on a brief interview with a Progent backup/recovery expert. The interview is intended to help assess your organization's preparedness to block or recover quickly following an assault by a ransomware variant such as Ryuk, WannaCry, NotPetya, or Locky. Progent will work with you directly to collect information about your existing antivirus tools and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report describing how you can apply best practices to build a cost-effective security and backup/recovery environment that aligns with your company's needs. For additional information, refer to The ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
If you're looking for network security help, phone Progent at 800-993-9400 or visit Contact Progent.