Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progentís security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employeesí family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Flat-rate Managed Services for Information Assurance
Progent's value-priced ProSight line of outsourced network management services is intended to provide small and mid-size organizations with enterprise-class support and state-of-the-art technology for all aspects of information assurance and compliance. ProSight managed services available from Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Next Generation Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring is an endpoint protection service that incorporates cutting edge behavior machine learning tools to guard endpoint devices and physical and virtual servers against modern malware attacks such as ransomware and email phishing, which routinely evade traditional signature-matching AV products. ProSight Active Security Monitoring protects local and cloud resources and offers a unified platform to manage the entire threat lifecycle including blocking, detection, containment, remediation, and forensics. Key features include one-click rollback with Windows Volume Shadow Copy Service (VSS) and real-time system-wide immunization against newly discovered threats. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection: Unified Endpoint Security
Progent's ProSight Enhanced Security Protection (ESP) services offer economical in-depth protection for physical and virtual servers, desktops, smartphones, and Microsoft Exchange. ProSight ESP uses contextual security and modern behavior analysis for continuously monitoring and responding to security assaults from all vectors. ProSight ESP provides two-way firewall protection, intrusion alerts, device control, and web filtering through cutting-edge tools incorporated within one agent accessible from a single console. Progent's security and virtualization consultants can assist you to design and configure a ProSight ESP deployment that addresses your organization's unique requirements and that helps you demonstrate compliance with legal and industry information security regulations. Progent will assist you specify and implement security policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alerts that call for immediate action. Progent can also help you to set up and verify a backup and disaster recovery system such as ProSight Data Protection Services so you can recover quickly from a destructive cyber attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Exchange email filtering.
- ProSight DPS: Managed Backup
ProSight Data Protection Services from Progent provide small and mid-sized organizations a low cost and fully managed service for secure backup/disaster recovery (BDR). For a fixed monthly price, ProSight Data Protection Services automates and monitors your backup activities and enables fast recovery of critical files, applications and VMs that have become unavailable or corrupted due to hardware breakdowns, software glitches, natural disasters, human error, or malware attacks like ransomware. ProSight DPS can help you back up, recover and restore files, folders, apps, system images, as well as Hyper-V and VMware virtual machine images. Critical data can be backed up on the cloud, to an on-promises storage device, or to both. Progent's backup and recovery consultants can provide advanced expertise to set up ProSight Data Protection Services to comply with regulatory standards such as HIPPA, FIRPA, PCI and Safe Harbor and, whenever needed, can assist you to restore your business-critical data. Learn more about ProSight Data Protection Services Managed Cloud Backup and Recovery.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Email Encryption
ProSight Email Guard is Progent's email security solution that incorporates the technology of leading data security companies to provide web-based management and world-class protection for all your email traffic. The powerful structure of Email Guard managed service integrates cloud-based filtering with an on-premises security gateway appliance to provide advanced protection against spam, viruses, Dos Attacks, Directory Harvest Attacks, and other email-based malware. Email Guard's Cloud Protection Layer acts as a first line of defense and keeps the vast majority of unwanted email from making it to your security perimeter. This reduces your vulnerability to external threats and saves network bandwidth and storage. Email Guard's onsite security gateway device provides a further layer of inspection for inbound email. For outgoing email, the onsite gateway offers AV and anti-spam protection, DLP, and encryption. The on-premises security gateway can also help Microsoft Exchange Server to track and safeguard internal email that originates and ends inside your corporate firewall. Find out more about Progent's ProSight Email Guard spam filtering, virus defense, email content filtering and data leakage prevention.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
ProSight WAN Watch is a network infrastructure management service that makes it simple and inexpensive for smaller organizations to map out, track, optimize and debug their connectivity hardware like routers, firewalls, and wireless controllers as well as servers, printers, client computers and other networked devices. Using cutting-edge RMM technology, ProSight WAN Watch makes sure that infrastructure topology maps are kept updated, captures and manages the configuration of almost all devices connected to your network, monitors performance, and generates notices when potential issues are discovered. By automating complex management and troubleshooting activities, ProSight WAN Watch can knock hours off ordinary chores like network mapping, expanding your network, locating devices that need important software patches, or resolving performance problems. Learn more details about ProSight WAN Watch infrastructure management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop monitoring managed service that incorporates state-of-the-art remote monitoring and management (RMM) techniques to help keep your IT system running at peak levels by checking the health of critical assets that drive your business network. When ProSight LAN Watch uncovers an issue, an alert is sent automatically to your specified IT personnel and your assigned Progent consultant so that any looming problems can be addressed before they have a chance to disrupt productivity Learn more about ProSight LAN Watch server and desktop remote monitoring services.
- ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size business can have its critical servers and apps hosted in a secure Tier III data center on a fast virtual host set up and maintained by Progent's IT support professionals. With the ProSight Virtual Hosting service model, the client retains ownership of the data, the OS software, and the applications. Because the environment is virtualized, it can be ported easily to an alternate hosting environment without requiring a time-consuming and difficult configuration procedure. With ProSight Virtual Hosting, your business is not tied a single hosting provider. Find out more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to capture, maintain, retrieve and protect data related to your IT infrastructure, processes, business apps, and services. You can instantly locate passwords or serial numbers and be warned about upcoming expirations of SSLs or domains. By updating and managing your network documentation, you can eliminate up to half of time wasted trying to find vital information about your network. ProSight IT Asset Management includes a centralized location for storing and collaborating on all documents required for managing your network infrastructure such as standard operating procedures and How-To's. ProSight IT Asset Management also offers a high level of automation for gathering and associating IT data. Whether youíre making improvements, doing regular maintenance, or responding to a crisis, ProSight IT Asset Management delivers the data you need when you need it. Learn more about ProSight IT Asset Management service.
Progent's ProSight Network Audits offer a quick and affordable way for small and medium-size organizations to get an objective evaluation of the overall health of their network. Powered by a selection of the leading remote monitoring and management (RMM) tools in the industry, and overseen by Progent's world-class team of IT experts, ProSight Network Audits show you how closely the configuration of your core infrastructure assets conform to leading practices. Both the Basic and Advanced options for ProSight Network Audit services are available at a budget-friendly, one-time cost and provide immediate benefits like a more manageable Active Directory (AD) environment. Both versions also come with a year of advanced remote network monitoring and management. Advantages can include simpler management, better compliance with data security standards, more efficient utilization of IT assets, quicker problem resolution, more dependable backup and recovery, and increased uptime. Learn more about Progent's ProSight Network Audits network infrastructure review.
The ProSight Ransomware Preparedness Report Service
The ProSight Ransomware Preparedness Report is a low-cost service built around a brief discussion with a Progent information assurance consultant. The interview is intended to help assess your company's ability either to stop or recover quickly following an attack by a ransomware variant like Ryuk, WannaCry, NotPetya, or Hermes. Progent will work with you directly to gather information concerning your current antivirus tools and backup/recovery system, and Progent will then produce a custom Basic Security and Best Practices Report document describing how you can follow industry best practices to build an efficient security and backup/recovery system that meets your company's requirements. For more information, refer to The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
To learn more about Progent's security help, telephone Progent at 800-993-9400 or see Contact Progent.