Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progentís security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employeesí family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Flat-rate Managed Services for Information Assurance
Progent's low-cost ProSight portfolio of network monitoring and management services is designed to provide small and mid-size businesses with enterprise-class support and cutting-edge technology for all aspects of information assurance and compliance. ProSight managed services available from Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that utilizes cutting edge behavior-based analysis technology to defend endpoints as well as physical and virtual servers against modern malware assaults such as ransomware and file-less exploits, which routinely get by legacy signature-matching anti-virus products. ProSight ASM safeguards on-premises and cloud-based resources and offers a single platform to automate the complete threat lifecycle including protection, detection, containment, cleanup, and post-attack forensics. Top features include one-click rollback with Windows Volume Shadow Copy Service and real-time system-wide immunization against new attacks. Read more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection: Unified Endpoint Protection
ProSight Enhanced Security Protection services offer affordable in-depth protection for physical servers and VMs, workstations, mobile devices, and Microsoft Exchange. ProSight ESP utilizes adaptive security and modern behavior analysis for round-the-clock monitoring and reacting to security assaults from all attack vectors. ProSight ESP provides firewall protection, penetration alerts, device management, and web filtering via leading-edge technologies incorporated within one agent managed from a single control. Progent's security and virtualization experts can assist your business to plan and configure a ProSight ESP deployment that meets your company's specific requirements and that allows you achieve and demonstrate compliance with government and industry information security regulations. Progent will assist you specify and configure policies that ProSight ESP will manage, and Progent will monitor your network and react to alerts that require urgent attention. Progent can also help you to set up and verify a backup and restore solution like ProSight Data Protection Services (DPS) so you can recover quickly from a potentially disastrous cyber attack like ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Exchange filtering.
- ProSight DPS: Managed Backup
ProSight Data Protection Services offer small and medium-sized businesses an affordable end-to-end service for reliable backup/disaster recovery. Available at a low monthly cost, ProSight DPS automates and monitors your backup processes and allows rapid recovery of critical files, apps and virtual machines that have become lost or damaged due to hardware failures, software glitches, disasters, human error, or malicious attacks like ransomware. ProSight Data Protection Services can help you back up, recover and restore files, folders, apps, system images, as well as Hyper-V and VMware images/. Important data can be protected on the cloud, to a local storage device, or to both. Progent's cloud backup consultants can deliver world-class expertise to configure ProSight DPS to comply with regulatory requirements such as HIPPA, FINRA, PCI and Safe Harbor and, when needed, can help you to restore your business-critical information. Read more about ProSight Data Protection Services Managed Cloud Backup.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security solution that uses the technology of top data security vendors to deliver web-based management and comprehensive security for your inbound and outbound email. The hybrid architecture of Email Guard integrates a Cloud Protection Layer with an on-premises gateway device to offer advanced defense against spam, viruses, Denial of Service (DoS) Attacks, DHAs, and other email-borne malware. Email Guard's Cloud Protection Layer serves as a first line of defense and blocks the vast majority of threats from reaching your network firewall. This decreases your exposure to inbound attacks and conserves system bandwidth and storage space. Email Guard's on-premises gateway device provides a deeper layer of inspection for inbound email. For outgoing email, the onsite security gateway provides AV and anti-spam filtering, protection against data leaks, and encryption. The local security gateway can also assist Exchange Server to monitor and safeguard internal email traffic that stays within your security perimeter. Learn more about Progent's ProSight Email Guard spam filtering, virus defense, email content filtering and data leakage protection.
- ProSight WAN Watch: Network Infrastructure Remote Monitoring and Management
Progentís ProSight WAN Watch is a network infrastructure monitoring and management service that makes it simple and affordable for small and mid-sized organizations to map out, track, reconfigure and debug their connectivity hardware like routers and switches, firewalls, and wireless controllers plus servers, printers, client computers and other devices. Incorporating state-of-the-art RMM technology, ProSight WAN Watch ensures that infrastructure topology diagrams are always current, captures and displays the configuration information of virtually all devices connected to your network, monitors performance, and generates notices when problems are detected. By automating complex management and troubleshooting activities, ProSight WAN Watch can knock hours off ordinary tasks like network mapping, reconfiguring your network, finding appliances that need important updates, or resolving performance problems. Find out more details about ProSight WAN Watch infrastructure management services.
- ProSight LAN Watch: Server and Desktop Monitoring
ProSight LAN Watch is Progentís server and desktop remote monitoring managed service that incorporates state-of-the-art remote monitoring and management technology to keep your IT system running efficiently by tracking the state of critical computers that power your information system. When ProSight LAN Watch uncovers a problem, an alert is sent immediately to your designated IT staff and your Progent engineering consultant so that any potential issues can be addressed before they have a chance to disrupt productivity Find out more details about ProSight LAN Watch server and desktop monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's Tier III Data Center
With ProSight Virtual Hosting service, a small organization can have its critical servers and applications hosted in a protected Tier III data center on a fast virtual machine host configured and managed by Progent's network support experts. With the ProSight Virtual Hosting model, the client owns the data, the OS software, and the apps. Since the system is virtualized, it can be ported immediately to a different hosting environment without requiring a time-consuming and technically risky configuration process. With ProSight Virtual Hosting, you are not tied a single hosting service. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, update, find and safeguard data related to your IT infrastructure, procedures, business apps, and services. You can quickly locate passwords or serial numbers and be warned about impending expirations of SSLs or domains. By cleaning up and managing your IT infrastructure documentation, you can eliminate as much as 50% of time wasted searching for vital information about your IT network. ProSight IT Asset Management features a centralized repository for storing and sharing all documents required for managing your network infrastructure such as standard operating procedures and self-service instructions. ProSight IT Asset Management also offers a high level of automation for gathering and associating IT information. Whether youíre making enhancements, performing regular maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the information you need when you need it. Find out more details about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits offer a fast and low-cost alternative for small and mid-size organizations to get an objective assessment of the health of their information system. Powered by a selection of the top remote monitoring and management tools in the industry, and supervised by Progent's certified group of IT professionals, ProSight Network Audits show you how well the configuration of your essential network assets conform to leading practices. Both the Basic and Advanced options for ProSight Network Audit services are offered at a low, one-time cost and provide immediate ROI like a more manageable Active Directory system. Both also come with a year of advanced remote network monitoring and management (RMM). Advantages can include easier management, improved compliance with government and industry security regulations, more efficient utilization of network resources, faster troubleshooting, more dependable backup and recovery, and increased uptime. See more information about ProSight Network Audits IT infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report Service
Progent's ProSight Ransomware Preparedness Report service is an affordable service built around a brief phone discussion with a Progent information assurance consultant. The fact-finding interview is designed to help assess your organization's ability either to stop or recover rapidly after an attack by a ransomware strain like Ryuk, WannaCry, NotPetya, or Hermes. Progent will work with you directly to collect information about your existing AV defense and backup/recovery platform, and Progent will then deliver a custom Basic Security and Best Practices Report document describing how you can follow best practices to create an efficient security and backup system that aligns with your company's needs. For more information, refer to The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
To learn more about Progent's security consulting expertise, phone Progent at 800-993-9400 or see Contact Progent.