Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Low-Cost Managed Services for Information Assurance
Progent's value-priced ProSight line of managed services is designed to provide small and mid-size businesses with enterprise-class support and cutting-edge technology for all facets of information assurance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that utilizes cutting edge behavior-based machine learning technology to defend endpoint devices and physical and virtual servers against modern malware assaults like ransomware and file-less exploits, which routinely get by traditional signature-based AV products. ProSight Active Security Monitoring protects local and cloud-based resources and offers a single platform to manage the complete malware attack lifecycle including blocking, identification, containment, cleanup, and forensics. Top capabilities include single-click rollback using Windows VSS and automatic network-wide immunization against newly discovered attacks. Read more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection: Unified Physical and Virtual Endpoint Security
Progent's ProSight Enhanced Security Protection (ESP) services offer economical in-depth security for physical servers and virtual machines, desktops, mobile devices, and Exchange Server. ProSight ESP utilizes adaptive security and modern behavior analysis for round-the-clock monitoring and reacting to security threats from all attack vectors. ProSight ESP offers two-way firewall protection, intrusion alarms, device control, and web filtering via leading-edge tools incorporated within one agent accessible from a unified console. Progent's data protection and virtualization experts can assist you to design and configure a ProSight ESP deployment that meets your company's specific needs and that allows you achieve and demonstrate compliance with government and industry information security standards. Progent will help you specify and configure policies that ProSight ESP will manage, and Progent will monitor your IT environment and respond to alarms that call for urgent attention. Progent's consultants can also help your company to install and test a backup and restore solution such as ProSight Data Protection Services so you can get back in business quickly from a destructive security attack such as ransomware. Learn more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Microsoft Exchange filtering.
- ProSight Data Protection Services: Managed Cloud Backup
ProSight Data Protection Services offer small and mid-sized organizations a low cost and fully managed solution for secure backup/disaster recovery. Available at a low monthly price, ProSight Data Protection Services automates your backup activities and enables fast recovery of vital files, apps and virtual machines that have become unavailable or corrupted due to component breakdowns, software bugs, natural disasters, human mistakes, or malware attacks such as ransomware. ProSight Data Protection Services can help you back up, recover and restore files, folders, apps, system images, as well as Microsoft Hyper-V and VMware virtual machine images. Important data can be protected on the cloud, to an on-promises device, or to both. Progent's BDR consultants can deliver advanced support to set up ProSight Data Protection Services to be compliant with government and industry regulatory standards such as HIPAA, FINRA, PCI and Safe Harbor and, when necessary, can help you to restore your business-critical data. Learn more about ProSight DPS Managed Backup and Recovery.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Email Encryption
ProSight Email Guard is Progent's email security platform that uses the services and infrastructure of top information security vendors to deliver web-based management and world-class protection for all your inbound and outbound email. The hybrid structure of Progent's Email Guard combines a Cloud Protection Layer with a local gateway device to offer advanced protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks (DHAs), and other email-borne threats. Email Guard's Cloud Protection Layer acts as a first line of defense and keeps the vast majority of unwanted email from making it to your security perimeter. This reduces your vulnerability to inbound threats and conserves system bandwidth and storage space. Email Guard's onsite gateway device provides a deeper level of inspection for inbound email. For outbound email, the local gateway provides anti-virus and anti-spam protection, policy-based Data Loss Prevention, and encryption. The local gateway can also assist Microsoft Exchange Server to track and safeguard internal email that stays inside your corporate firewall. Learn more about Progent's ProSight Email Guard spam filtering, virus defense, email content filtering and data loss protection.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
Progentís ProSight WAN Watch is a network infrastructure management service that makes it simple and inexpensive for smaller businesses to map out, monitor, enhance and debug their networking hardware such as switches, firewalls, and load balancers plus servers, printers, endpoints and other networked devices. Incorporating state-of-the-art RMM technology, ProSight WAN Watch ensures that infrastructure topology diagrams are always current, captures and displays the configuration information of virtually all devices connected to your network, monitors performance, and sends notices when problems are detected. By automating complex network management activities, WAN Watch can knock hours off common chores such as making network diagrams, expanding your network, finding devices that need important updates, or isolating performance issues. Find out more details about ProSight WAN Watch infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop remote monitoring managed service that incorporates advanced remote monitoring and management (RMM) technology to keep your network running at peak levels by checking the health of vital computers that power your information system. When ProSight LAN Watch uncovers an issue, an alert is sent immediately to your designated IT staff and your Progent consultant so any looming problems can be addressed before they have a chance to impact your network Learn more about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size organization can have its key servers and applications hosted in a secure Tier III data center on a high-performance virtual host set up and maintained by Progent's network support experts. With Progent's ProSight Virtual Hosting service model, the client owns the data, the operating system software, and the apps. Because the environment is virtualized, it can be ported immediately to an alternate hosting environment without requiring a lengthy and difficult reinstallation procedure. With ProSight Virtual Hosting, your business is not locked into a single hosting service. Learn more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to create, update, retrieve and safeguard data related to your IT infrastructure, processes, applications, and services. You can instantly locate passwords or serial numbers and be warned automatically about upcoming expirations of SSL certificates or warranties. By cleaning up and managing your network documentation, you can save up to 50% of time wasted looking for critical information about your network. ProSight IT Asset Management includes a common location for holding and collaborating on all documents related to managing your network infrastructure such as standard operating procedures and How-To's. ProSight IT Asset Management also supports a high level of automation for gathering and relating IT data. Whether youíre making enhancements, performing maintenance, or responding to a crisis, ProSight IT Asset Management delivers the information you require the instant you need it. Learn more about ProSight IT Asset Management service.
Progent's ProSight Network Audits offer a quick and affordable way for small and medium-size organizations to obtain an unbiased evaluation of the health of their IT system. Based on a selection of the top remote monitoring and management platforms in the industry, and overseen by Progent's world-class team of IT professionals, ProSight Network Audits help you see how well the configuration of your essential infrastructure devices conform to best practices. Both the Basic and Advanced options for ProSight Network Audit services are available at a budget-friendly, one-time cost and deliver instant benefits like a cleaner Active Directory system. Both also come with a year of cutting-edge remote network monitoring and management (RMM). Advantages can include lower-cost network management, improved compliance with information security requirements, higher utilization of IT assets, faster troubleshooting, more reliable backup and recovery, and higher availability. Read more information about ProSight Network Audits network infrastructure review.
The ProSight Ransomware Preparedness Report Service
The ProSight Ransomware Preparedness Report service is a low-cost service built around a phone discussion with a Progent information assurance consultant. The fact-finding interview is designed to help assess your organization's ability to stop or recover rapidly following an assault by a ransomware strain like Ryuk, WannaCry, MongoLock, or Locky. Progent will work with you personally to gather information about your existing security profile and backup platform, and Progent will then produce a custom Basic Security and Best Practices Report document describing how you can follow best practices to deploy an efficient security and backup/recovery system that aligns with your business requirements. For more information, refer to Progent's ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
For network security expertise, telephone Progent at 800-993-9400 or visit Contact Progent.