Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Flat-rate Managed Services for Information Assurance
Progent's value-priced ProSight series of outsourced network management services is designed to provide small and mid-size organizations with enterprise-class support and cutting-edge technology for all facets of information assurance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring: Next Generation Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection (EPP) solution that incorporates next generation behavior-based machine learning tools to defend endpoint devices and servers and VMs against modern malware assaults such as ransomware and email phishing, which routinely escape legacy signature-based anti-virus products. ProSight Active Security Monitoring safeguards on-premises and cloud-based resources and provides a single platform to manage the complete threat progression including protection, detection, mitigation, remediation, and post-attack forensics. Key capabilities include single-click rollback using Windows Volume Shadow Copy Service and automatic system-wide immunization against newly discovered attacks. Find out more about Progent's ProSight Active Security Monitoring (ASM) next-generation endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection: Unified Physical and Virtual Endpoint Protection
ProSight Enhanced Security Protection (ESP) services deliver economical multi-layer security for physical servers and VMs, desktops, mobile devices, and Exchange Server. ProSight ESP utilizes adaptive security and modern behavior analysis for continuously monitoring and responding to security assaults from all attack vectors. ProSight ESP offers two-way firewall protection, intrusion alerts, endpoint control, and web filtering through cutting-edge tools packaged within a single agent accessible from a single console. Progent's data protection and virtualization experts can help your business to plan and configure a ProSight ESP environment that meets your company's specific needs and that allows you achieve and demonstrate compliance with legal and industry information protection regulations. Progent will help you define and configure security policies that ProSight ESP will manage, and Progent will monitor your network and react to alarms that call for urgent action. Progent's consultants can also help you to set up and test a backup and disaster recovery solution like ProSight Data Protection Services (DPS) so you can get back in business rapidly from a potentially disastrous security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint security and Microsoft Exchange email filtering.
- ProSight Data Protection Services: Managed Cloud Backup and Recovery
ProSight Data Protection Services from Progent provide small and medium-sized businesses an affordable and fully managed service for secure backup/disaster recovery. Available at a fixed monthly rate, ProSight Data Protection Services automates your backup processes and allows fast restoration of vital files, applications and virtual machines that have become lost or corrupted due to hardware failures, software glitches, natural disasters, human error, or malware attacks such as ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, as well as Hyper-V and VMware virtual machine images. Important data can be backed up on the cloud, to a local device, or to both. Progent's backup and recovery consultants can deliver advanced expertise to configure ProSight DPS to be compliant with regulatory requirements such as HIPAA, FIRPA, PCI and Safe Harbor and, when needed, can help you to restore your business-critical information. Find out more about ProSight Data Protection Services Managed Cloud Backup.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email filtering and encryption platform that uses the services and infrastructure of top data security companies to deliver web-based management and world-class security for all your inbound and outbound email. The powerful architecture of Progent's Email Guard combines cloud-based filtering with an on-premises security gateway appliance to offer advanced protection against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. Email Guard's cloud filter acts as a preliminary barricade and blocks the vast majority of threats from making it to your network firewall. This reduces your exposure to inbound threats and conserves network bandwidth and storage space. Email Guard's on-premises security gateway appliance provides a further level of analysis for incoming email. For outgoing email, the on-premises security gateway provides anti-virus and anti-spam filtering, protection against data leaks, and email encryption. The on-premises gateway can also assist Microsoft Exchange Server to monitor and protect internal email traffic that stays inside your security perimeter. Learn more about Progent's ProSight Email Guard spam filtering, virus defense, content filtering and data leakage protection.
- ProSight WAN Watch: Infrastructure Management
Progentís ProSight WAN Watch is an infrastructure monitoring and management service that makes it easy and affordable for smaller organizations to map out, monitor, optimize and debug their networking hardware such as routers and switches, firewalls, and load balancers as well as servers, printers, endpoints and other networked devices. Incorporating cutting-edge Remote Monitoring and Management (RMM) technology, WAN Watch ensures that network maps are always updated, captures and displays the configuration of virtually all devices on your network, monitors performance, and sends notices when potential issues are discovered. By automating complex management activities, WAN Watch can knock hours off common tasks such as network mapping, expanding your network, finding devices that require critical software patches, or identifying the cause of performance bottlenecks. Learn more about ProSight WAN Watch network infrastructure management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring
ProSight LAN Watch is Progentís server and desktop remote monitoring service that incorporates advanced remote monitoring and management (RMM) techniques to keep your network operating at peak levels by tracking the health of vital assets that power your business network. When ProSight LAN Watch detects an issue, an alert is transmitted immediately to your designated IT management personnel and your Progent engineering consultant so that any potential problems can be addressed before they have a chance to disrupt productivity Learn more about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
With ProSight Virtual Hosting service, a small or mid-size business can have its key servers and apps hosted in a secure Tier III data center on a fast virtual host set up and maintained by Progent's network support experts. With the ProSight Virtual Hosting service model, the client owns the data, the operating system platforms, and the apps. Since the environment is virtualized, it can be moved easily to a different hosting solution without requiring a time-consuming and technically risky reinstallation process. With ProSight Virtual Hosting, you are not tied one hosting provider. Find out more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to create, maintain, find and protect data about your IT infrastructure, processes, business apps, and services. You can quickly find passwords or serial numbers and be alerted automatically about upcoming expirations of SSL certificates or warranties. By cleaning up and organizing your IT documentation, you can eliminate up to half of time thrown away looking for vital information about your IT network. ProSight IT Asset Management includes a common location for storing and sharing all documents required for managing your business network like standard operating procedures and self-service instructions. ProSight IT Asset Management also supports advanced automation for collecting and relating IT information. Whether youíre planning enhancements, doing regular maintenance, or responding to an emergency, ProSight IT Asset Management delivers the information you need as soon as you need it. Find out more about ProSight IT Asset Management service.
Progent's ProSight Network Audits are a fast and affordable way for small and medium-size businesses to obtain an objective evaluation of the health of their information system. Based on some of the leading remote monitoring and management (RMM) platforms available, and overseen by Progent's world-class group of IT experts, ProSight Network Audits show you how well the deployment of your core network devices conform to industry leading practices. The Basic and Advanced options for ProSight Network Audit services are available at a low, one-time cost and provide instant ROI such as a cleaner Active Directory system. Both also include one year of advanced remote network monitoring and management. Advantages can include easier network management, better compliance with information security requirements, more efficient utilization of network assets, quicker problem resolution, more reliable backup and recovery, and higher availability. See more information about ProSight Network Audits IT infrastructure review.
Progent's ProSight Ransomware Preparedness Report
Progent's ProSight Ransomware Preparedness Report service is a low-cost service based on a brief phone interview with a Progent backup/recovery consultant. The fact-finding interview is designed to help evaluate your organization's ability to block or recover quickly following an attack by a ransomware strain such as Ryuk, WannaCry, NotPetya, or Locky. Progent will consult with you personally to gather information concerning your current security profile and backup/recovery system, and Progent will then produce a custom Basic Security and Best Practices Report detailing how you can apply industry best practices to create a cost-effective security and backup/recovery system that meets your business requirements. For details, see The ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
If you're looking for security help, phone Progent at 800-993-9400 or visit Contact Progent.