ProSight Active Security Monitoring Services and Ransomware ProtectionProgent's ProSight Active Security Monitoring services incorporate behavior-based detection technology to provide endpoint and server protection from modern malware attacks such as ransomware, which have demonstrated the ability to evade legacy, signature-based anti-virus defenses. ProSight ASM gives small and mid-sized organizations access to the same threat protection platform used by leading enterprises including Walmart, Netflix, Visa, Citi, NASDAQ, Salesforce and others. By delivering real-time threat prevention, detection, removal and recovery in one unified package, ProSight ASM cuts ownership costs, simplifies management, and speeds up recovery. The next-generation endpoint protection (NGEP) technology used by ProSight ASM was rated by Gartner Group as the most visionary Endpoint Protection Platform in the industry.

Progent's ProSight Active Security Monitoring services utilize a low-overhead agent installed on each protected endpoint and server to build a cohesive security grid that responds to threats at machine speed and allows coordinated and decisive incident response featuring:

  • Protection for Windows, Mac OS X and macOS, Linux, iOS and Android endpoints and servers
  • Support for Windows Hyper-V, VMware vSphere, and Citrix XenServer virtual environments
  • Deep system-level monitoring
  • Signature-less machine learning and intelligent automation
  • Behavioral analysis and detection of advanced attacks across all vectors
  • Full remediation with auto-removal of detected attacks
  • Single-click rollback from ransomware and other attacks
  • Automatic, network-wide immunization
  • Real-time visualization of the attack storyline for comprehensive forensics
  • Unified control via a single management console
  • HIPPA and PCI certification
Progent's GIAC-certified information assurance consultants and CISSP-certified cybersecurity and compliance experts have earned the security industry's top certifications including CISSP, CISA, GIAC, CISM and ISSAP. With 20 years of experience providing IT security and compliance solutions to organizations of all sizes, Progent has the skills required to help any business to deploy cutting-edge endpoint protection (EPP) technology effectively and affordably. By partnering with leading information security companies, Progent can offer the ProSight Active Security Monitoring package to small and mid-size businesses for enterprise-class threat protection on a small-business budget.

Progent offers ProSight Active Security Monitoring as a low-cost, flat-rate monthly service. A software-only EPP solution, ProSight ASM requires no special hardware or other costly upfront investment. ProSight ASM can provide protection for both on-premises and cloud-based resources. In the event that you suffer an attack, Progent is qualified to act as your red team to help you use ProSight ASM to contain and remove the threat, assess the damage, rollback your network to a healthy state, and understand the source and spread of the malware.

ProSight Active Security Monitoring and the Modern Threat Landscape
97% of data breaches could have been prevented by current security technology, but some successful attacks are inevitable. Sometimes the crooks win. ProSight Active Security Monitoring is designed around the premise that even with the best security technology, you may eventually suffer a breach. For this reason ProSight ASM not only provides malware blocking based on traditional static, signature-based prevention, but also dynamic detection of malware and exploits that have penetrated your network, fast isolation of infected devices, automatic removal of threats, near real-time immunization of all endpoints, single-click recovery (such as a rollback to a pre-ransomware state), and rich forensics to help you understand and eliminate your vulnerability.

By offering best-of-breed technology for before, during and after an attack, ProSight ASM delivers an end-to-end solution for addressing the realities of the modern security landscape and minimizing or eliminating financial, productivity and reputation loss in case of a breach.

Endpoints are the most vulnerable and most frequently targeted component of an information network. ProSight Active Security Monitoring services offer a single, integrated platform to manage the entire threat lifecycle including protection, detection, response and remediation. Threats addressed by ProSight ASM include:

  • File-based malware such as ransomware, trojans, worms, backdoors and payload-based attacks
  • File-less and memory-only malware with no disk-based indicators
  • Document-based exploits embedded in Office and Adobe files, and macros
  • Phishing and spear phishing emails (which account for over 90+ of successful data breaches)
  • Browser-based attacks rooted in drive-by downloads, Flash, Java, Javascript, VBS, IFraME.htmL5, and plug-ins
  • Live attacks based on scripts like PowerShell, Powersploit, WMI, and VBS
  • Credential-based attacks including credential-scraping, Mimikatz, and tokens
ProSight ASM's Behavior-based Threat Analysis
Traditional anti-virus tools use signature matching as their main defense. A unique file hash, or signature, is generated for each known threat, and potential threats are checked against a continually updated table of signatures. The flaw in this approach is that the speed and volume of new threats far outpace the anti-virus industry's ability to generate and distribute signatures. In contrast, modern behavior analysis looks at the activities of a potential threat and determines whether it behaves abnormally. For example, does it impact a large number of processes? Does it alter the registry? Does it install a keystroke logger? In essence, behavior analysis uses suspicious activities to create a kind of meta signature that can't be changed by a hacker simply by altering a few irrelevant bytes of code to escape detection.

Prevention: Before the Attack
With nation-state intelligence agencies joining the ranks of professional and amateur hackers, new malware is being developed far faster than the ability of anti-virus providers to write new signatures. The limitations of signature-matching endpoint protection has been recognized since around 2012 and its inadequacy is now an accepted tenet of IT security.

ProSight ASM Endpoint Protection Services

Malware production has increased beyond the capacity of traditional signature-based AV technology to block it

ProSight ASM utilizes low-overhead cloud intelligence and reputation services from multiple vendors to filter known malware. Deep file inspection plus dynamic blacklisting and whitelisting help make ProSight ASM a significant improvement over legacy anti-virus platforms, but prevention is only the first line of defense. Advanced exploits, file-less malware and script-based attacks can sneak past signature-matching barriers. For example, so-called "packers" compress code to disguise malware data so it canít be read by security researchers or malware blocking programs.

Detection and Response: During the Attack
The second phase of endpoint protection involves dealing with malware while it is executing. ProSight ASM uses next-generation endpoint protection (NGEP) technology to detect malicious behavior from any malware that gets through the automated blacklisting process. Even in the case of advanced file-less malware such as application and memory-based attacks, the malicious code must perform certain recognizable activities (e.g., creating an executable file without permission) if it is to compromise data. ProSight ASM's lightweight agent watches all activity in each protected endpoint and uses state-of-the-art behavioral threat analysis and full execution context to identify new attacks at inception. When an attack is discovered, ProSight ASM immediately disconnects the affected device from the network to contain the threat. Because the ProSight ASM agent is autonomous, devices stay protected even when they are not connected to the Internet.

Remediation: After the Attack
Once an attack is contained, ProSight ASM begins policy-based mitigation. When you use ProSight ASM in conjunction with Windows Volume Shadow Copy Service, modifications to data made by the malware attack can be rolled back automatically with a single click. ProSight ASM also logs whatever system-level files and settings were changed by the attack and what were remediated. Whenever ProSight ASM detects a new malicious binary, the threat is flagged and all protected agents on the network are immediately immunized against the attack. In addition, the ProSight ASM management console provides in-depth forensics, which include a clear visualization of the attack's progress through the network from inception to termination. This real-time audit trail of what happened during the attack exposes weaknesses that need to be addressed in your security strategy and answers questions like: How did the attack enter our network? Which employee or guest opened the malware file? What did the malware change on our network?

ProSight ASM Attack Storyline

ProSight ASM's management console provides a real-time view of threats from inception to termination

Download the ProSight Active Security Monitoring Datasheet
To download a PDF datasheet describing the key features of ProSight Active Security Monitoring, click:
Progent's ProSight Active Security Monitoring Services Datasheet. (PDF - 89 KB)

Other ProSight Managed Services Available from Progent
In addition to ProSight Active Security Monitoring, Progent's ProSight suite of network management services includes other budget-friendly, flat-rate managed services that address key aspects of your IT network including backup and disaster recovery, network infrastructure monitoring and management, and email content filtering. By partnering with some of the industry's most innovative technology vendors, Progent can offer small and mid-size organizations the benefits of the same advanced technology used by the world's largest enterprises. Managed services offered by Progent include:

  • ProSight Enhanced Security Protection: Endpoint Security and Microsoft Exchange Filtering
    Progent's ProSight Enhanced Security Protection services deliver economical in-depth security for physical servers and VMs, desktops, smartphones, and Exchange Server. ProSight ESP utilizes contextual security and advanced machine learning for round-the-clock monitoring and responding to cyber assaults from all attack vectors. ProSight ESP provides firewall protection, intrusion alerts, device management, and web filtering via cutting-edge technologies packaged within one agent managed from a unified control. Progent's security and virtualization consultants can help your business to plan and configure a ProSight ESP deployment that meets your company's specific requirements and that allows you prove compliance with government and industry information security standards. Progent will assist you specify and configure security policies that ProSight ESP will manage, and Progent will monitor your network and respond to alarms that require immediate attention. Progent's consultants can also assist you to set up and test a backup and disaster recovery solution like ProSight Data Protection Services (DPS) so you can recover quickly from a destructive cyber attack like ransomware. Find out more about Progent's ProSight Enhanced Security Protection unified endpoint protection and Microsoft Exchange filtering.

  • ProSight Data Protection Services: Managed Backup and Disaster Recovery
    ProSight Data Protection Services from Progent provide small and mid-sized businesses a low cost and fully managed service for secure backup/disaster recovery. Available at a low monthly cost, ProSight Data Protection Services automates and monitors your backup processes and allows rapid recovery of critical files, apps and VMs that have become lost or corrupted due to component failures, software bugs, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, retrieve and restore files, folders, applications, system images, as well as Microsoft Hyper-V and VMware virtual machine images. Important data can be protected on the cloud, to a local device, or mirrored to both. Progent's cloud backup consultants can provide world-class expertise to set up ProSight Data Protection Services to be compliant with regulatory standards such as HIPPA, FINRA, and PCI and, when necessary, can help you to recover your critical information. Find out more about ProSight Data Protection Services Managed Cloud Backup.

  • ProSight Email Guard: Inbound and Outbound Spam Filtering and Data Leakage Protection
    ProSight Email Guard is Progent's spam filtering service that incorporates the technology of leading information security companies to provide centralized control and comprehensive protection for all your email traffic. The hybrid architecture of Progent's Email Guard managed service integrates cloud-based filtering with an on-premises gateway device to provide advanced defense against spam, viruses, Denial of Service Attacks, Directory Harvest Attacks, and other email-borne threats. Email Guard's cloud filter serves as a preliminary barricade and keeps the vast majority of threats from making it to your network firewall. This decreases your exposure to inbound threats and conserves network bandwidth and storage. Email Guard's onsite security gateway device provides a further layer of inspection for inbound email. For outbound email, the on-premises security gateway offers AV and anti-spam filtering, DLP, and email encryption. The local security gateway can also assist Microsoft Exchange Server to track and protect internal email that originates and ends within your corporate firewall. For more details, visit Email Guard spam filtering and data leakage protection.

  • ProSight WAN Watch: Infrastructure Management
    ProSight WAN Watch is a network infrastructure management service that makes it easy and inexpensive for small and mid-sized businesses to map out, monitor, enhance and troubleshoot their networking hardware like switches, firewalls, and access points as well as servers, printers, client computers and other devices. Incorporating cutting-edge Remote Monitoring and Management (RMM) technology, ProSight WAN Watch makes sure that network diagrams are always updated, copies and displays the configuration information of virtually all devices on your network, tracks performance, and generates alerts when issues are discovered. By automating tedious network management activities, WAN Watch can knock hours off ordinary chores like network mapping, reconfiguring your network, finding appliances that need critical software patches, or resolving performance problems. Find out more about ProSight WAN Watch infrastructure monitoring and management services.

  • ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
    ProSight LAN Watch is Progentís server and desktop monitoring managed service that uses state-of-the-art remote monitoring and management (RMM) techniques to help keep your IT system running efficiently by checking the state of critical computers that drive your business network. When ProSight LAN Watch detects a problem, an alert is sent automatically to your specified IT personnel and your Progent engineering consultant so that all looming problems can be resolved before they can impact productivity. Learn more about ProSight LAN Watch server and desktop remote monitoring services.

  • ProSight Virtual Hosting: Hosted VMs at Progent's Tier III Data Center
    With Progent's ProSight Virtual Hosting service, a small organization can have its critical servers and apps hosted in a protected Tier III data center on a fast virtual host configured and managed by Progent's IT support professionals. Under the ProSight Virtual Hosting service model, the customer retains ownership of the data, the operating system software, and the apps. Since the environment is virtualized, it can be moved immediately to a different hosting solution without requiring a lengthy and technically risky reinstallation process. With ProSight Virtual Hosting, your business is not locked into one hosting provider. Find out more details about ProSight Virtual Hosting services.

  • ProSight IT Asset Management: Network Documentation Management
    ProSight IT Asset Management service is an IT infrastructure documentation management service that makes it easy to create, maintain, retrieve and safeguard information related to your network infrastructure, procedures, business apps, and services. You can quickly locate passwords or IP addresses and be alerted about upcoming expirations of SSLs or domains. By cleaning up and organizing your network documentation, you can eliminate up to half of time spent searching for vital information about your network. ProSight IT Asset Management features a common location for storing and sharing all documents related to managing your business network like recommended procedures and self-service instructions. ProSight IT Asset Management also offers a high level of automation for collecting and relating IT information. Whether youíre planning enhancements, doing maintenance, or reacting to an emergency, ProSight IT Asset Management gets you the information you require the instant you need it. Find out more about Progent's ProSight IT Asset Management service.
Download Progent's 10 Benefits of Managed IT Services White Paper
To download a white paper describing why managed services are quickly takingthe place of the old break/fix model of network support outsourcing for small and mid-size businesses, click:
10 Benefits of Managed IT Services. (PDF - 710 KB)

ProSight Network Audits
Progent's ProSight Network Audits are a fast and low-cost alternative for small and medium-size organizations to obtain an unbiased evaluation of the health of their IT system. Powered by a selection of the top remote monitoring and management (RMM) tools available, and supervised by Progent's world-class group of IT experts, ProSight Network Audits help you see how well the deployment of your essential infrastructure assets conform to leading practices. The Basic and Advanced options for ProSight Network Audit services are available at a low, one-time cost and deliver instant benefits like a cleaner Active Directory (AD) environment. Both also include one year of cutting-edge remote network monitoring and management. Advantages can include simpler network management, better compliance with government and industry security requirements, higher utilization of network resources, quicker troubleshooting, more dependable backup and restore, and less downtime. See more about ProSight Network Audits IT infrastructure assessment.

The ProSight Ransomware Preparedness Report
The ProSight Ransomware Preparedness Report service is a low-cost service based on a phone discussion with a Progent information assurance expert. The fact-finding interview is intended to help evaluate your company's preparedness either to block ransomware or recover rapidly following an attack by a ransomware variant like Ryuk, WannaCry, NotPetya, or Locky. Progent will consult with you personally to gather information concerning your existing security profile and backup/recovery system, and Progent will then deliver a custom Basic Security and Best Practices Report detailing how you can follow best practices to build a cost-effective AV and backup environment that minimizes your vulnerability to ransomware and meets your business requirements. For details, see Progent's ProSight Ransomware Preparedness Report.

The Progent Advantage
Progent's team of more than 100 consulting professionals includes certified experts in every aspect of information technology related to small and mid-size businesses. With this breadth of expertise, Progent can be your one-stop source for integrating a comprehensive security solution that delivers immediate business value. In addition to the endpoint protection provided by ProSight Active Security Monitoring, Progent offers other managed services and specially-priced service packages designed to help small and mid-size businesses to deploy, validate, and manage networks that feature enterprise-class information assurance and low total cost of ownership (TCO).

Besides the ProSight suite of ongoing network management services, Progent offers specially priced one-time service bundles to help organizations of any size to achieve and demonstrate compliance with regulatory and industry security standards. These value-priced services include security vulnerability assessment and stealth penetration testing. Progent also offers expert disaster recovery planning consulting and business continuity planning consulting to help ensure you can return to operations quickly in case of a catastrophic failure due to a natural disaster, fire, cyber attack, human error, equipment breakdown, or any other foreseeable disruptive event.

Progent has expertise in all the endpoints, servers and virtual machines that can be protected by ProSight Active Security Monitoring and offers services that include Windows 10 integration, Linux support, Mac OS X and macOS consulting, iPhone and iPad configuration, Android integration, Windows Server 2019 migration consulting, Hyper-V virtualization support, and VMware vSphere consulting. For single-click or manual rollback capability, Progent's Windows Server consultants can help you set up Windows Volume Shadow Copy Service (VSS). Progent can also provide online and onsite access to certified Cisco CCIE consultants to help you plan, protect or troubleshoot your network infrastructure. If your network incorporates cloud resources, Progent offers the guidance of Microsoft Azure consultants and Amazon AWS experts.

Contact Progent about ProSight Active Security Monitoring Services
To find out more about how Progent can help you set up an affordable, fully managed endpoint security solution with ProSight Active Security Monitoring, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: