Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Low-Cost Managed Services for Information Assurance
Progent's affordable ProSight suite of managed services is intended to provide small and mid-size organizations with enterprise-class support and state-of-the-art technology for all facets of information assurance. Managed services available from Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that incorporates cutting edge behavior-based analysis tools to defend endpoint devices and servers and VMs against modern malware attacks like ransomware and email phishing, which routinely escape legacy signature-matching AV products. ProSight ASM safeguards local and cloud resources and offers a unified platform to address the complete malware attack progression including protection, identification, containment, cleanup, and forensics. Top capabilities include one-click rollback using Windows Volume Shadow Copy Service and real-time network-wide immunization against newly discovered attacks. Find out more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection: Unified Endpoint Protection
Progent's ProSight Enhanced Security Protection (ESP) services deliver ultra-affordable multi-layer protection for physical and virtual servers, workstations, mobile devices, and Microsoft Exchange. ProSight ESP utilizes adaptive security and advanced heuristics for round-the-clock monitoring and responding to security threats from all attack vectors. ProSight ESP delivers two-way firewall protection, intrusion alerts, endpoint control, and web filtering via leading-edge technologies incorporated within one agent managed from a unified control. Progent's security and virtualization consultants can help your business to design and configure a ProSight ESP environment that addresses your company's specific requirements and that helps you achieve and demonstrate compliance with legal and industry information protection standards. Progent will help you specify and implement security policies that ProSight ESP will enforce, and Progent will monitor your IT environment and respond to alarms that call for urgent action. Progent's consultants can also assist your company to install and test a backup and restore solution like ProSight Data Protection Services so you can recover rapidly from a potentially disastrous cyber attack like ransomware. Read more about Progent's ProSight Enhanced Security Protection unified endpoint security and Microsoft Exchange email filtering.
- ProSight Data Protection Services: Managed Cloud Backup and Recovery
ProSight Data Protection Services from Progent offer small and medium-sized businesses an affordable and fully managed solution for secure backup/disaster recovery. For a low monthly rate, ProSight DPS automates and monitors your backup activities and enables rapid recovery of vital data, apps and virtual machines that have become unavailable or corrupted due to component breakdowns, software bugs, disasters, human mistakes, or malicious attacks like ransomware. ProSight Data Protection Services can help you back up, recover and restore files, folders, applications, system images, as well as Hyper-V and VMware virtual machine images. Critical data can be backed up on the cloud, to a local storage device, or mirrored to both. Progent's cloud backup specialists can provide world-class support to set up ProSight DPS to be compliant with regulatory standards such as HIPPA, FINRA, and PCI and, when necessary, can help you to recover your business-critical data. Learn more about ProSight DPS Managed Cloud Backup.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security platform that uses the services and infrastructure of top information security companies to provide centralized management and comprehensive protection for all your email traffic. The hybrid architecture of Progent's Email Guard managed service integrates cloud-based filtering with a local security gateway device to provide complete defense against spam, viruses, Denial of Service (DoS) Attacks, DHAs, and other email-borne malware. Email Guard's Cloud Protection Layer acts as a preliminary barricade and keeps most unwanted email from making it to your network firewall. This decreases your vulnerability to external attacks and saves network bandwidth and storage. Email Guard's on-premises gateway appliance provides a further level of inspection for incoming email. For outgoing email, the onsite gateway provides anti-virus and anti-spam protection, protection against data leaks, and encryption. The onsite security gateway can also help Exchange Server to monitor and safeguard internal email traffic that stays inside your security perimeter. Find out more about Progent's ProSight Email Guard spam filtering, virus defense, content filtering and data loss prevention.
- ProSight WAN Watch: Infrastructure Management
Progentís ProSight WAN Watch is an infrastructure management service that makes it simple and inexpensive for small and mid-sized businesses to map out, track, reconfigure and debug their networking hardware such as switches, firewalls, and load balancers plus servers, client computers and other devices. Incorporating state-of-the-art Remote Monitoring and Management (RMM) technology, ProSight WAN Watch ensures that network maps are always updated, captures and displays the configuration of virtually all devices connected to your network, monitors performance, and sends notices when problems are discovered. By automating tedious network management processes, ProSight WAN Watch can knock hours off common tasks such as network mapping, reconfiguring your network, finding appliances that require important software patches, or identifying the cause of performance bottlenecks. Find out more about ProSight WAN Watch network infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop monitoring service that uses advanced remote monitoring and management (RMM) techniques to help keep your network running at peak levels by tracking the health of vital assets that drive your business network. When ProSight LAN Watch detects a problem, an alert is sent immediately to your designated IT management staff and your Progent engineering consultant so any potential problems can be addressed before they have a chance to impact productivity Learn more details about ProSight LAN Watch server and desktop remote monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size business can have its key servers and apps hosted in a protected Tier III data center on a high-performance virtual host set up and managed by Progent's network support experts. With the ProSight Virtual Hosting model, the customer retains ownership of the data, the OS platforms, and the apps. Because the environment is virtualized, it can be moved easily to a different hardware environment without a lengthy and technically risky reinstallation process. With ProSight Virtual Hosting, your business is not locked into a single hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, update, retrieve and safeguard data related to your network infrastructure, processes, business apps, and services. You can quickly find passwords or serial numbers and be warned automatically about upcoming expirations of SSL certificates ,domains or warranties. By updating and managing your network documentation, you can eliminate up to half of time wasted searching for critical information about your network. ProSight IT Asset Management features a centralized repository for storing and sharing all documents related to managing your network infrastructure such as recommended procedures and How-To's. ProSight IT Asset Management also offers advanced automation for gathering and relating IT data. Whether youíre making improvements, performing maintenance, or reacting to a crisis, ProSight IT Asset Management gets you the knowledge you require as soon as you need it. Find out more details about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits are a quick and affordable way for small and medium-size organizations to obtain an unbiased assessment of the overall health of their network. Powered by a selection of the leading remote monitoring and management platforms available, and overseen by Progent's world-class group of information technology experts, ProSight Network Audits show you how closely the configuration of your core network devices conform to industry leading practices. The Basic and Advanced versions of ProSight Network Audit services are offered at a low, one-time cost and deliver instant ROI like a more manageable Active Directory environment. Both versions also come with one year of advanced remote network monitoring and management. Advantages can include lower-cost management, better compliance with information security regulations, higher utilization of network resources, quicker problem resolution, more reliable backup and recovery, and increased uptime. See more about Progent's ProSight Network Audits network infrastructure assessment.
The ProSight Ransomware Preparedness Report
Progent's ProSight Ransomware Preparedness Report is an affordable service based on a phone discussion with a Progent backup/recovery consultant. The interview is designed to evaluate your organization's ability either to stop or recover quickly following an assault by a ransomware strain like Ryuk, WannaCry, NotPetya, or Hermes. Progent will work with you personally to gather information about your existing AV defense and backup system, and Progent will then produce a written Basic Security and Best Practices Report detailing how you can follow best practices to build an efficient AV and backup/recovery environment that meets your business requirements. For additional information, visit The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
For more information about Progent's computer security consulting, call Progent at 800-993-9400 or go to Contact Progent.