Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progentís security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employeesí family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Flat-rate Managed Services for Information Assurance
Progent's affordable ProSight line of network management outsourcing services is intended to provide small and mid-size businesses with enterprise-class support and state-of-the-art technology for all facets of information assurance. ProSight managed services available from Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring: Endpoint Protection and Ransomware Recovery
ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) service that incorporates cutting edge behavior machine learning technology to defend endpoints and servers and VMs against modern malware attacks such as ransomware and email phishing, which easily get by legacy signature-matching anti-virus tools. ProSight ASM safeguards local and cloud resources and provides a unified platform to automate the entire threat lifecycle including protection, identification, containment, cleanup, and forensics. Top features include single-click rollback using Windows VSS and real-time system-wide immunization against new threats. Find out more about Progent's ProSight Active Security Monitoring (ASM) endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection (ESP): Unified Endpoint Security
Progent's ProSight Enhanced Security Protection (ESP) managed services deliver ultra-affordable in-depth protection for physical servers and virtual machines, desktops, smartphones, and Microsoft Exchange. ProSight ESP uses contextual security and modern behavior analysis for round-the-clock monitoring and reacting to security assaults from all attack vectors. ProSight ESP provides two-way firewall protection, intrusion alerts, endpoint control, and web filtering via leading-edge technologies incorporated within a single agent accessible from a unified control. Progent's security and virtualization experts can assist your business to plan and configure a ProSight ESP deployment that addresses your organization's specific needs and that allows you achieve and demonstrate compliance with government and industry information security regulations. Progent will help you define and implement policies that ProSight ESP will manage, and Progent will monitor your IT environment and react to alarms that require immediate action. Progent's consultants can also assist your company to set up and test a backup and disaster recovery solution like ProSight Data Protection Services so you can recover quickly from a destructive security attack like ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Microsoft Exchange email filtering.
- ProSight Data Protection Services: Managed Cloud Backup
ProSight Data Protection Services offer small and mid-sized organizations a low cost end-to-end service for reliable backup/disaster recovery. For a low monthly cost, ProSight DPS automates and monitors your backup processes and allows rapid restoration of vital files, apps and VMs that have become unavailable or damaged as a result of hardware failures, software glitches, disasters, human error, or malicious attacks like ransomware. ProSight Data Protection Services can help you protect, retrieve and restore files, folders, applications, system images, plus Hyper-V and VMware images/. Critical data can be backed up on the cloud, to an on-promises device, or mirrored to both. Progent's backup and recovery consultants can provide advanced support to configure ProSight Data Protection Services to be compliant with government and industry regulatory standards like HIPPA, FIRPA, and PCI and, whenever necessary, can help you to recover your business-critical data. Learn more about ProSight Data Protection Services Managed Cloud Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Email Encryption
ProSight Email Guard is Progent's email filtering and encryption platform that incorporates the services and infrastructure of leading data security vendors to provide centralized control and world-class protection for your inbound and outbound email. The powerful architecture of Email Guard managed service combines a Cloud Protection Layer with a local security gateway device to offer complete defense against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. Email Guard's Cloud Protection Layer acts as a first line of defense and keeps most unwanted email from reaching your security perimeter. This reduces your vulnerability to external threats and saves system bandwidth and storage. Email Guard's onsite security gateway appliance provides a deeper layer of inspection for inbound email. For outbound email, the onsite gateway provides anti-virus and anti-spam filtering, protection against data leaks, and email encryption. The on-premises security gateway can also help Exchange Server to monitor and safeguard internal email that stays within your security perimeter. Learn more about Progent's ProSight Email Guard spam filtering, virus blocking, email content filtering and data loss protection.
- ProSight WAN Watch: Infrastructure Management
Progentís ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and inexpensive for smaller businesses to diagram, track, enhance and troubleshoot their networking hardware such as routers and switches, firewalls, and load balancers plus servers, endpoints and other networked devices. Using cutting-edge RMM technology, ProSight WAN Watch makes sure that network maps are kept updated, captures and manages the configuration information of almost all devices connected to your network, tracks performance, and sends alerts when problems are detected. By automating complex network management activities, WAN Watch can knock hours off ordinary tasks such as network mapping, reconfiguring your network, finding devices that need critical software patches, or isolating performance problems. Find out more about ProSight WAN Watch network infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Monitoring
ProSight LAN Watch is Progentís server and desktop remote monitoring service that uses state-of-the-art remote monitoring and management technology to help keep your IT system operating at peak levels by checking the health of vital assets that power your business network. When ProSight LAN Watch uncovers a problem, an alarm is transmitted immediately to your designated IT management personnel and your Progent engineering consultant so all potential issues can be addressed before they can disrupt productivity Find out more about ProSight LAN Watch server and desktop monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's Tier III Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size organization can have its critical servers and apps hosted in a secure Tier III data center on a high-performance virtual machine host set up and managed by Progent's IT support experts. Under the ProSight Virtual Hosting service model, the client owns the data, the operating system platforms, and the apps. Because the system is virtualized, it can be ported immediately to an alternate hosting solution without requiring a time-consuming and difficult configuration procedure. With ProSight Virtual Hosting, you are not locked into one hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to capture, update, retrieve and safeguard data about your network infrastructure, procedures, applications, and services. You can instantly find passwords or IP addresses and be warned about upcoming expirations of SSLs ,domains or warranties. By updating and organizing your IT documentation, you can save as much as half of time wasted trying to find vital information about your network. ProSight IT Asset Management includes a centralized location for holding and sharing all documents required for managing your network infrastructure like recommended procedures and How-To's. ProSight IT Asset Management also offers a high level of automation for collecting and relating IT data. Whether youíre planning improvements, doing regular maintenance, or responding to an emergency, ProSight IT Asset Management delivers the knowledge you require the instant you need it. Learn more about ProSight IT Asset Management service.
Progent's ProSight Network Audits offer a quick and affordable alternative for small and mid-size businesses to obtain an unbiased assessment of the overall health of their IT system. Powered by a selection of the top remote monitoring and management (RMM) platforms in the industry, and supervised by Progent's certified team of IT experts, ProSight Network Audits help you see how well the deployment of your essential infrastructure devices conform to industry leading practices. The Basic and Advanced versions of ProSight Network Audit services are offered at a budget-friendly, one-time cost and deliver instant benefits like a cleaner Active Directory (AD) environment. Both also come with a year of advanced remote network monitoring and management (RMM). Benefits can include simpler management, improved compliance with information security requirements, more efficient utilization of network resources, faster problem resolution, more reliable backup and restore, and higher availability. See more information about Progent's ProSight Network Audits IT infrastructure review.
Progent's ProSight Ransomware Preparedness Report Service
Progent's ProSight Ransomware Preparedness Report service is a low-cost service built around a phone interview with a Progent backup/recovery expert. The interview is intended to help assess your company's ability either to block or recover rapidly following an assault by a ransomware strain such as Ryuk, WannaCry, NotPetya, or Locky. Progent will work with you directly to gather information concerning your existing security profile and backup/recovery platform, and Progent will then deliver a written Basic Security and Best Practices Report detailing how you can follow industry best practices to build a cost-effective AV and backup/recovery system that meets your company's requirements. For more information, refer to The ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
For more information about Progent's computer security consulting, phone Progent at 800-993-9400 or refer to Contact Progent.