Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progentís security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employeesí family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Flat-rate Managed Services for Information Assurance
Progent's value-priced ProSight series of outsourced network management services is intended to provide small and mid-size businesses with enterprise-class support and state-of-the-art technology for all aspects of information assurance and compliance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Recovery
ProSight Active Security Monitoring (ASM) is an endpoint protection solution that incorporates cutting edge behavior-based analysis tools to guard endpoint devices as well as physical and virtual servers against modern malware attacks such as ransomware and email phishing, which routinely evade traditional signature-matching AV tools. ProSight ASM safeguards local and cloud resources and offers a unified platform to address the entire threat lifecycle including protection, detection, mitigation, cleanup, and post-attack forensics. Key capabilities include single-click rollback with Windows VSS and automatic network-wide immunization against new threats. Find out more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection (ESP): Unified Endpoint Protection
ProSight Enhanced Security Protection services offer affordable in-depth protection for physical servers and virtual machines, workstations, smartphones, and Exchange Server. ProSight ESP utilizes contextual security and advanced heuristics for round-the-clock monitoring and reacting to cyber threats from all vectors. ProSight ESP provides firewall protection, penetration alerts, endpoint control, and web filtering via leading-edge tools incorporated within a single agent accessible from a single console. Progent's data protection and virtualization experts can help your business to design and configure a ProSight ESP environment that meets your organization's specific requirements and that allows you demonstrate compliance with government and industry data security standards. Progent will help you specify and configure security policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alerts that require immediate action. Progent can also help you to install and test a backup and restore system such as ProSight Data Protection Services (DPS) so you can get back in business quickly from a destructive cyber attack like ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Exchange email filtering.
- ProSight DPS: Managed Backup
ProSight Data Protection Services offer small and mid-sized businesses an affordable and fully managed service for secure backup/disaster recovery. Available at a low monthly rate, ProSight DPS automates and monitors your backup activities and enables fast recovery of vital files, applications and virtual machines that have become lost or damaged as a result of hardware failures, software bugs, disasters, human error, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, plus Hyper-V and VMware virtual machine images. Important data can be protected on the cloud, to a local device, or to both. Progent's cloud backup specialists can deliver world-class expertise to configure ProSight DPS to be compliant with government and industry regulatory requirements like HIPPA, FIRPA, PCI and Safe Harbor and, when needed, can assist you to recover your critical information. Learn more about ProSight Data Protection Services Managed Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security platform that uses the services and infrastructure of leading data security vendors to deliver web-based control and comprehensive security for your email traffic. The hybrid architecture of Progent's Email Guard combines cloud-based filtering with a local gateway appliance to provide advanced protection against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks, and other email-based threats. The Cloud Protection Layer acts as a first line of defense and keeps the vast majority of unwanted email from making it to your security perimeter. This reduces your vulnerability to inbound threats and conserves system bandwidth and storage. Email Guard's on-premises security gateway appliance adds a further layer of analysis for inbound email. For outbound email, the onsite gateway offers AV and anti-spam filtering, DLP, and email encryption. The onsite gateway can also help Microsoft Exchange Server to track and protect internal email that originates and ends inside your security perimeter. Find out more about Progent's ProSight Email Guard spam filtering, virus blocking, email content filtering and data loss prevention.
- ProSight WAN Watch: Infrastructure Management
Progentís ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and inexpensive for small and mid-sized organizations to diagram, monitor, optimize and troubleshoot their connectivity hardware like switches, firewalls, and wireless controllers as well as servers, printers, endpoints and other devices. Incorporating state-of-the-art Remote Monitoring and Management technology, WAN Watch ensures that infrastructure topology maps are kept current, captures and manages the configuration of virtually all devices on your network, tracks performance, and sends alerts when potential issues are discovered. By automating time-consuming network management processes, ProSight WAN Watch can knock hours off ordinary tasks such as network mapping, reconfiguring your network, locating appliances that require important updates, or identifying the cause of performance problems. Find out more about ProSight WAN Watch network infrastructure monitoring and management consulting.
- ProSight LAN Watch: Server and Desktop Monitoring and Management
ProSight LAN Watch is Progentís server and desktop remote monitoring service that uses state-of-the-art remote monitoring and management techniques to help keep your IT system running efficiently by tracking the health of vital assets that power your information system. When ProSight LAN Watch detects a problem, an alarm is sent immediately to your specified IT staff and your Progent engineering consultant so that all looming problems can be addressed before they have a chance to disrupt your network Learn more details about ProSight LAN Watch server and desktop monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's Tier III Data Center
With ProSight Virtual Hosting service, a small organization can have its critical servers and applications hosted in a secure fault tolerant data center on a fast virtual machine host configured and maintained by Progent's network support experts. Under Progent's ProSight Virtual Hosting model, the customer retains ownership of the data, the OS software, and the applications. Because the system is virtualized, it can be moved easily to a different hosting environment without requiring a lengthy and technically risky configuration procedure. With ProSight Virtual Hosting, your business is not locked into a single hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to create, update, find and safeguard data related to your network infrastructure, processes, business apps, and services. You can quickly find passwords or IP addresses and be warned about upcoming expirations of SSL certificates ,domains or warranties. By cleaning up and organizing your IT infrastructure documentation, you can eliminate as much as half of time wasted searching for vital information about your network. ProSight IT Asset Management features a centralized location for holding and sharing all documents related to managing your network infrastructure like standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also supports advanced automation for collecting and associating IT data. Whether youíre planning enhancements, doing regular maintenance, or responding to an emergency, ProSight IT Asset Management delivers the knowledge you require the instant you need it. Learn more about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits offer a fast and affordable way for small and mid-size businesses to get an unbiased evaluation of the overall health of their information system. Based on a selection of the top remote monitoring and management platforms in the industry, and supervised by Progent's certified group of information technology experts, ProSight Network Audits show you how well the configuration of your essential network devices conform to industry leading practices. The Basic and Advanced options for ProSight Network Audit services are offered at a low, one-time cost and deliver instant benefits such as a more manageable Active Directory (AD) system. Both versions also come with a year of state-of-the-art remote network monitoring and management (RMM). Advantages can include lower-cost network management, better compliance with information security regulations, more efficient utilization of IT resources, quicker problem resolution, more dependable backup and recovery, and less downtime. Learn more information about ProSight Network Audits IT infrastructure review.
The ProSight Ransomware Preparedness Report Service
Progent's ProSight Ransomware Preparedness Report is a low-cost service built around a brief interview with a Progent information assurance expert. The fact-finding interview is intended to assess your organization's ability either to block or recover quickly after an assault by a ransomware variant like Ryuk, WannaCry, NotPetya, or Hermes. Progent will consult with you directly to collect information about your existing AV defense and backup/recovery platform, and Progent will then deliver a written Basic Security and Best Practices Report document describing how you can apply best practices to build an efficient AV and backup environment that aligns with your company's requirements. For details, see The ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
If you need computer security support services, call Progent at 800-993-9400 or go to Contact Progent.