Stealth penetration testing (PEN testing) is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques. Progent can provide one-time penetration testing or continual PEN testing delivered as a remotely managed service.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT staff. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access.
- Attempt to determine remote access capabilities of the network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords.
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques.
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing.
- Continuous autonomous PEN testing to map your internal/external attack surface and to identify ways that vulnerabilities, improper configurations, stolen credentials, missing patches, and unsound product defaults can be chained together by threat actors into the multi-vector attacks common to modern strains of ransomware.
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Fixed-price Managed Services for Information Assurance
Progent's value-priced ProSight line of network monitoring and management services is intended to provide small and mid-size organizations with enterprise-class support and cutting-edge technology for all facets of information assurance and compliance. ProSight managed services available from Progent include:
- ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection solution that utilizes SentinelOne's cutting edge behavior-based analysis technology to guard endpoint devices and physical and virtual servers against modern malware attacks like ransomware and file-less exploits, which easily evade legacy signature-based AV tools. ProSight ASM protects on-premises and cloud-based resources and provides a single platform to address the complete malware attack lifecycle including filtering, detection, mitigation, remediation, and forensics. Top features include one-click rollback with Windows Volume Shadow Copy Service (VSS) and real-time system-wide immunization against new attacks. Progent is a SentinelOne Partner, dealer, and integrator. Find out more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery with SentinelOne technology.
- ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Security
Progent's ProSight Enhanced Security Protection (ESP) services offer affordable in-depth security for physical and virtual servers, desktops, mobile devices, and Microsoft Exchange. ProSight ESP utilizes contextual security and advanced machine learning for continuously monitoring and responding to security assaults from all vectors. ProSight ESP offers two-way firewall protection, intrusion alarms, device management, and web filtering via leading-edge technologies packaged within a single agent managed from a unified control. Progent's data protection and virtualization consultants can help you to design and implement a ProSight ESP deployment that addresses your company's unique needs and that helps you demonstrate compliance with government and industry data security standards. Progent will assist you define and implement policies that ProSight ESP will enforce, and Progent will monitor your IT environment and react to alarms that require immediate action. Progent's consultants can also assist you to install and test a backup and disaster recovery solution such as ProSight Data Protection Services so you can recover rapidly from a destructive security attack such as ransomware. Learn more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint security and Exchange email filtering.
- ProSight Data Protection Services: Managed Cloud Backup
Progent has worked with advanced backup/restore technology vendors to create ProSight Data Protection Services (DPS), a portfolio of subscription-based management offerings that deliver backup-as-a-service. All ProSight DPS services automate and monitor your backup processes and allow transparent backup and rapid restoration of critical files/folders, apps, system images, plus virtual machines. ProSight DPS lets you avoid data loss caused by hardware failures, natural calamities, fire, malware like ransomware, human mistakes, malicious insiders, or software bugs. Managed services available in the ProSight DPS portfolio include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro Office 365 Backup), ProSight ECHO Backup based on Barracuda purpose-built storage, and ProSight DPS MSP360 Hybrid Backup. Your Progent service representative can help you to determine which of these fully managed backup services are best suited for your IT environment.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security solution that uses the technology of top data security vendors to provide centralized management and comprehensive protection for all your inbound and outbound email. The hybrid structure of Progent's Email Guard managed service integrates cloud-based filtering with a local gateway device to offer complete protection against spam, viruses, Dos Attacks, DHAs, and other email-based malware. Email Guard's Cloud Protection Layer acts as a first line of defense and keeps most threats from making it to your network firewall. This decreases your exposure to inbound attacks and conserves system bandwidth and storage. Email Guard's on-premises gateway appliance provides a deeper level of inspection for incoming email. For outgoing email, the local gateway offers AV and anti-spam protection, protection against data leaks, and email encryption. The onsite gateway can also help Exchange Server to track and safeguard internal email that stays inside your security perimeter. Find out more about Progent's ProSight Email Guard spam filtering, virus defense, email content filtering and data loss prevention.
- ProSight WAN Watch: Network Infrastructure Management
Progent's ProSight WAN Watch is an infrastructure management service that makes it easy and inexpensive for small and mid-sized businesses to diagram, track, optimize and troubleshoot their networking appliances like routers, firewalls, and wireless controllers as well as servers, printers, endpoints and other networked devices. Incorporating cutting-edge RMM technology, ProSight WAN Watch makes sure that network diagrams are kept current, captures and displays the configuration information of virtually all devices connected to your network, monitors performance, and sends alerts when potential issues are discovered. By automating complex management and troubleshooting activities, ProSight WAN Watch can knock hours off common chores such as network mapping, expanding your network, locating devices that need critical updates, or resolving performance issues. Learn more details about ProSight WAN Watch infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Monitoring and Management
ProSight LAN Watch is Progent's server and desktop monitoring managed service that incorporates state-of-the-art remote monitoring and management (RMM) techniques to keep your IT system running at peak levels by tracking the health of vital computers that power your business network. When ProSight LAN Watch detects an issue, an alert is sent automatically to your designated IT management personnel and your Progent engineering consultant so any potential issues can be addressed before they have a chance to disrupt productivity Learn more details about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small organization can have its critical servers and applications hosted in a secure fault tolerant data center on a fast virtual host configured and managed by Progent's IT support experts. Under the ProSight Virtual Hosting service model, the client owns the data, the OS software, and the apps. Because the environment is virtualized, it can be ported immediately to a different hosting solution without requiring a time-consuming and difficult reinstallation procedure. With ProSight Virtual Hosting, you are not locked into one hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, maintain, retrieve and protect information about your network infrastructure, procedures, business apps, and services. You can quickly find passwords or serial numbers and be alerted automatically about upcoming expirations of SSLs ,domains or warranties. By updating and managing your IT documentation, you can save as much as half of time thrown away trying to find vital information about your IT network. ProSight IT Asset Management includes a common repository for holding and sharing all documents related to managing your network infrastructure such as recommended procedures and How-To's. ProSight IT Asset Management also supports advanced automation for gathering and associating IT information. Whether you're making improvements, performing regular maintenance, or responding to a crisis, ProSight IT Asset Management delivers the knowledge you need the instant you need it. Find out more details about Progent's ProSight IT Asset Management service.
- Progent's Patch Management: Software/Firmware Update Management Services
Progent's support services for patch management provide organizations of all sizes a versatile and affordable solution for assessing, validating, scheduling, implementing, and tracking software and firmware updates to your dynamic IT network. In addition to optimizing the security and functionality of your IT network, Progent's patch management services free up time for your IT staff to concentrate on more strategic initiatives and activities that derive maximum business value from your network. Learn more about Progent's software/firmware update management services.
- ProSight Duo Multi-Factor Authentication: Access Security, Endpoint Remediation, and Secure Single Sign-on (SSO)
Progent's Duo MFA managed services utilize Cisco's Duo cloud technology to protect against password theft through the use of two-factor authentication (2FA). Duo supports one-tap identity verification on iOS, Android, and other personal devices. Using 2FA, whenever you sign into a secured application and enter your password you are requested to verify your identity via a device that only you have and that is accessed using a separate network channel. A wide selection of out-of-band devices can be used as this added means of authentication including an iPhone or Android or watch, a hardware/software token, a landline telephone, etc. You can designate multiple verification devices. For more information about ProSight Duo two-factor identity authentication services, refer to Duo MFA two-factor authentication (2FA) services.
ProSight Network Audits
Progent's ProSight Network Audits are a fast and affordable way for small and medium-size businesses to get an unbiased evaluation of the overall health of their information system. Based on a selection of the top remote monitoring and management (RMM) tools available, and overseen by Progent's world-class group of IT professionals, ProSight Network Audits help you see how well the deployment of your core network assets adhere to best practices. The Basic and Advanced versions of ProSight Network Audit services are offered at a budget-friendly, one-time cost and provide immediate ROI such as a cleaner Active Directory (AD) environment. Both versions also come with a year of cutting-edge remote network monitoring and management. Advantages can include easier management, improved compliance with government and industry security regulations, higher utilization of network resources, quicker problem resolution, more reliable backup and recovery, and increased uptime. Learn more about Progent's ProSight Network Audits network infrastructure review.
Progent's ProSight Ransomware Preparedness Report
The ProSight Ransomware Preparedness Report service is a low-cost service built around a brief phone discussion with a Progent information assurance consultant. The interview is designed to evaluate your organization's ability to stop or recover rapidly after an attack by a ransomware strain like Ryuk, WannaCry, NotPetya, or Hermes. Progent will consult with you personally to gather information concerning your existing security profile and backup/recovery platform, and Progent will then deliver a custom Basic Security and Best Practices Report detailing how you can follow best practices to create an efficient AV and backup/recovery environment that meets your company's needs. For additional information, visit The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
If you're trying to find network security engineering help, call Progent at 800-993-9400 or go to Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to help you to complete the urgent first step in responding to a ransomware attack by putting out the fire. Progent's remote ransomware expert can help businesses to locate and isolate infected devices and guard clean resources from being penetrated. If your network has been penetrated by any strain of ransomware, act fast. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, visit Progent's Ransomware 24x7 Hot Line.