Stealth penetration testing (PEN testing) is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Fixed-price Managed Services for Information Assurance
Progent's value-priced ProSight line of managed services is designed to provide small and mid-size businesses with enterprise-class support and cutting-edge technology for all facets of information assurance and compliance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Next Generation Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates SentinelOne's cutting edge behavior machine learning tools to guard endpoint devices and physical and virtual servers against modern malware assaults such as ransomware and email phishing, which easily evade legacy signature-based anti-virus tools. ProSight ASM safeguards on-premises and cloud-based resources and offers a single platform to address the entire malware attack progression including protection, detection, containment, cleanup, and forensics. Key capabilities include one-click rollback using Windows Volume Shadow Copy Service (VSS) and automatic system-wide immunization against new threats. Progent is a SentinelOne Partner, dealer, and integrator. Learn more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware recovery with SentinelOne technology.
- ProSight Enhanced Security Protection: Unified Physical and Virtual Endpoint Security
ProSight Enhanced Security Protection (ESP) managed services deliver economical in-depth security for physical servers and virtual machines, desktops, smartphones, and Microsoft Exchange. ProSight ESP uses contextual security and advanced machine learning for continuously monitoring and reacting to security assaults from all attack vectors. ProSight ESP offers firewall protection, penetration alarms, endpoint management, and web filtering via leading-edge technologies packaged within one agent managed from a unified control. Progent's data protection and virtualization consultants can help your business to plan and configure a ProSight ESP deployment that addresses your organization's unique requirements and that allows you achieve and demonstrate compliance with government and industry data protection standards. Progent will assist you specify and configure security policies that ProSight ESP will manage, and Progent will monitor your network and react to alarms that call for urgent attention. Progent's consultants can also help you to install and verify a backup and restore solution like ProSight Data Protection Services (DPS) so you can recover rapidly from a destructive security attack like ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified endpoint security and Microsoft Exchange email filtering.
- ProSight DPS: Managed Backup
Progent has partnered with advanced backup technology companies to create ProSight Data Protection Services, a portfolio of offerings that provide backup-as-a-service. All ProSight DPS services manage and track your data backup operations and allow non-disruptive backup and rapid recovery of critical files/folders, applications, system images, and Hyper-V and VMware virtual machines. ProSight DPS lets you recover from data loss resulting from equipment breakdown, natural calamities, fire, malware such as ransomware, user mistakes, ill-intentioned employees, or application bugs. Managed services available in the ProSight DPS portfolio include ProSight Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro Office 365 Backup), ProSight DPS ECHO Backup using Barracuda purpose-built hardware, and ProSight MSP360 Hybrid Backup. Your Progent expert can help you to determine which of these managed backup services are most appropriate for your IT environment.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security platform that incorporates the services and infrastructure of top information security vendors to deliver web-based management and comprehensive security for your email traffic. The powerful structure of Progent's Email Guard combines cloud-based filtering with a local gateway device to provide advanced protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks (DHAs), and other email-borne threats. The Cloud Protection Layer serves as a first line of defense and keeps most unwanted email from making it to your network firewall. This reduces your vulnerability to inbound threats and saves network bandwidth and storage. Email Guard's on-premises security gateway device adds a further layer of analysis for inbound email. For outbound email, the local security gateway offers AV and anti-spam filtering, protection against data leaks, and email encryption. The local security gateway can also help Microsoft Exchange Server to track and safeguard internal email that stays inside your corporate firewall. Find out more about Progent's ProSight Email Guard spam filtering, virus blocking, content filtering and data loss protection.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
Progent's ProSight WAN Watch is an infrastructure management service that makes it simple and inexpensive for smaller businesses to map out, track, reconfigure and troubleshoot their connectivity appliances like switches, firewalls, and access points plus servers, printers, endpoints and other networked devices. Using cutting-edge Remote Monitoring and Management (RMM) technology, ProSight WAN Watch makes sure that infrastructure topology maps are kept current, copies and manages the configuration information of virtually all devices on your network, monitors performance, and generates notices when issues are detected. By automating tedious network management activities, WAN Watch can cut hours off ordinary tasks such as network mapping, expanding your network, locating appliances that require important updates, or resolving performance problems. Learn more about ProSight WAN Watch network infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Monitoring
ProSight LAN Watch is Progent's server and desktop monitoring managed service that uses advanced remote monitoring and management techniques to keep your IT system operating efficiently by checking the health of critical assets that drive your information system. When ProSight LAN Watch detects an issue, an alert is sent automatically to your designated IT management staff and your Progent engineering consultant so that all looming problems can be addressed before they have a chance to impact productivity Learn more about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small business can have its key servers and apps hosted in a secure fault tolerant data center on a high-performance virtual host configured and managed by Progent's IT support experts. With Progent's ProSight Virtual Hosting service model, the client owns the data, the OS platforms, and the applications. Because the environment is virtualized, it can be moved easily to an alternate hosting solution without requiring a time-consuming and difficult configuration procedure. With ProSight Virtual Hosting, you are not tied one hosting provider. Learn more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to capture, update, retrieve and protect information related to your IT infrastructure, processes, applications, and services. You can quickly find passwords or serial numbers and be warned automatically about impending expirations of SSLs or warranties. By cleaning up and managing your IT infrastructure documentation, you can save up to half of time spent looking for critical information about your IT network. ProSight IT Asset Management includes a centralized location for storing and collaborating on all documents required for managing your network infrastructure like standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also offers a high level of automation for collecting and relating IT information. Whether you're planning improvements, performing regular maintenance, or reacting to an emergency, ProSight IT Asset Management gets you the information you require as soon as you need it. Learn more about Progent's ProSight IT Asset Management service.
- Patch Management: Patch Management Services
Progent's support services for patch management provide organizations of any size a versatile and cost-effective solution for evaluating, testing, scheduling, implementing, and documenting software and firmware updates to your dynamic IT system. In addition to optimizing the protection and reliability of your computer environment, Progent's software/firmware update management services allow your in-house IT staff to concentrate on more strategic projects and tasks that deliver the highest business value from your network. Find out more about Progent's patch management services.
- ProSight Duo Two-Factor Authentication: ID Confirmation, Endpoint Policy Enforcement, and Protected Single Sign-on (SSO)
Progent's Duo MFA managed services incorporate Cisco's Duo technology to defend against password theft by using two-factor authentication. Duo enables one-tap identity verification on iOS, Android, and other personal devices. With Duo 2FA, whenever you sign into a secured application and give your password you are asked to verify your identity on a device that only you possess and that is accessed using a separate network channel. A wide range of devices can be used for this added form of authentication such as an iPhone or Android or watch, a hardware token, a landline phone, etc. You may designate several validation devices. For details about ProSight Duo two-factor identity validation services, go to Cisco Duo MFA two-factor authentication services.
Progent's ProSight Network Audits are a quick and low-cost alternative for small and medium-size businesses to get an unbiased assessment of the overall health of their network. Based on some of the leading remote monitoring and management tools in the industry, and supervised by Progent's world-class team of IT professionals, ProSight Network Audits show you how well the deployment of your essential infrastructure assets adhere to industry best practices. Both the Basic and Advanced versions of ProSight Network Audit services are offered at a low, one-time cost and deliver instant benefits like a cleaner Active Directory environment. Both also include one year of cutting-edge remote network monitoring and management (RMM). Advantages can include easier network management, improved compliance with government and industry security regulations, higher utilization of IT resources, faster problem resolution, more dependable backup and recovery, and higher availability. Read more information about ProSight Network Audits network infrastructure assessment.
The ProSight Ransomware Preparedness Report Service
The ProSight Ransomware Preparedness Report is a low-cost service built around a brief phone discussion with a Progent backup/recovery consultant. The fact-finding interview is intended to evaluate your company's preparedness either to stop or recover rapidly after an assault by a ransomware variant such as Ryuk, WannaCry, NotPetya, or Locky. Progent will work with you directly to collect information about your current cybersecurity posture and backup/recovery platform, and Progent will then deliver a written Basic Security and Best Practices Report detailing how you can follow industry best practices to deploy a cost-effective AV and backup/recovery environment that aligns with your company's needs. For more information, see The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
If you need network security consulting, telephone Progent at 800-993-9400 or visit Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to assist organizations to take the time-critical first step in responding to a ransomware attack by stopping the bleeding. Progent's remote ransomware expert can assist you to locate and quarantine breached devices and protect undamaged resources from being compromised. If your network has been penetrated by any strain of ransomware, act fast. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, visit Progent's Ransomware 24x7 Hot Line.