Progent's Security Assessment Packages for Enterprise Networks
Progent offers three levels of set-price security assessment packages designed to provide larger enterprises an objective and thorough evaluation of their network security vulnerability. The assessments are performed by Progentís world-class team of certified security engineers using test procedures ranging from relatively friendly to aggressive. All three levels of security assessment include automated scans of services and ports from outside and inside your network firewall, manual analysis of web applications, manual checking of network configurations by a Cisco-certified CCIE engineer, interpretation of scan results by seasoned network security consultants, creation of a concise high-level summary and presentation of an interactive outbrief for your executives, plus a comprehensive technical report and extensive live outbrief for your IT staff. Progent's security engineers are available to help your IT staff with remediation support, and these services, if requested, are billed at Progent's standard consulting rates.
For Progent's standard security assessment packages, Progent's security engineers collect all information about your environment remotely and require temporary access to a computer inside your firewall for hosting a virtual machine from which to conduct internal testing. Progent also presents live, interactive outbriefs online rather than in person. Progent has found that by performing security assessments remotely rather than on site, the client saves money, experiences less disruption, gets faster results, and still receives a comprehensive and actionable security vulnerability evaluation. In situation that require onsite support, Progent can for an added fee provide a team of security engineers to perform testing and outbriefs at your location anywhere in the United States.
Deliverables of Progent's Security Assessment Packages
All levels of Progentís security vulnerability assessment services include deliverables in the form of written reports and interactive verbal presentations. These deliverables are designed to be informative and actionable so that corporate executives have a greater understanding of network security issues and in-house technical staff have a clear roadmap for mitigating any security vulnerabilities uncovered by Progent's assessment tests.
Level 1 Package
- Executive Report:
This summary document includes a statement of accomplishments, a security score card, a list of top outstanding issues, plus high-level guidance and recommendations for mitigation. The Executive Report is brief and is targeted to a technically unsophisticated audience interested mainly in the business implications of Progent's security findings.
- Executive Outbrief:
This verbal presentation provides an overview of your companyís security posture and allows executives to interact with the senior engineer from Progentís security team responsible for managing the project. This is an opportunity for executives to drill down into the security issues associated with their network, clarify any questions they have about the observations and recommendations contained in Progent's Executive Report, and obtain a broader perspective of today's worldwide security environment.
- Technical Report:
This comprehensive security assessment document includes the rules of engagement, goals, testing methodology, findings, recommendations, risks, suggestions about how to move forward, and relevant raw data collected by Progent. This report is intended for technical personnel who can manage the remediation activity proposed by Progent, and the assessment document provides sufficient detail to allow competent network engineers to implement the recommended fixes without further assistance from Progent. Progent's network consultants are available to help with mitigation work at Progent's standard consulting rates.
- Technical Outbrief:
This in-depth technical presentation explains Progentís findings and recommendations to your IT staff. This presentation can last for up to two hours and allows your technical personnel to ask questions and discuss with Progent's security engineers the advantages or pitfalls of various mitigation alternatives and techniques.
With the Level 1 Security Assessment package, Progentís engineers look for security vulnerabilities and improperly configured software. Enumeration is accomplished by running external and internal scans of open ports and services. Progent also utilize both open and commercial tools to test web applications for common vulnerabilities such as blind SQL injection, XSS, command injection, unsafe CGIs, etc. Progent also performs a basic manual review of the web application.
Level 2 Package
The Level 2 package includes all Level 1 activity plus verification, exploitation, limited pivoting for expansion, and examination of trusted processes and relationships that may expose attack vectors. Progent also performs web application verification and exploitation, plus a more thorough manual review of web application logic.
Level 3 Package
The Level 3 package is the most aggressive and includes everything in Levels 1 and 2 plus phishing attacks, malicious email, social engineering, MITM attacks, leveraging compromised devices and pillaging them for sensitive data, and physical testing of controls where appropriate. Progent also tests the web application at every user level and extensively reviews web application logic. This service does not include an examination of web application source code.
Major Benefits of Progent's Security Assessment Packages for Enterprise Networks
Progent's Security Assessment Packages offer enterprises the advantages associated with a third-party consulting firm with world-class experience and know-how in evaluating the security and mitigating the vulnerabilities of large, sophisticated information networks and web applications. Key characteristics of Progent's security evaluation services include:
Download the Enterprise Security Assessment Datasheet
- Objective: Progentís security team offers you an unbiased and professional look at your security vulnerabilities
- Certified: Progentís security engineers have been awarded the top security certifications in the industry including Cisco CCIE, CISA, CISM, GIAC, and ISSAP
- Actionable: Progentís analyses and recommendations give you a solid blueprint for better protecting your network assets
- Effective: Knowledge of todayís security environment and the latest hacking techniques allows Progent's seasoned security consultants to perform thorough testing and make sensible recommendations
- Budget Friendly: Progent's Security Assessment Packages are competitively priced and, because they are offered at a set fee, contain no surprises and are easy to budget for. If you utilize Progent to assist with remediation work, Progent's knowledge of your specific network environment will reduce the time required to implement and verify fixes, allowing you to keep IT service costs to a minimum.
To download a single-page printable datasheet describing Progent's three set-price Security Assessment service packages for enterprises, click:
Enterprise Security Assessment Packages
Additional Network Security Auditing Services Available from Progent
Progent offers a selection of additional security evaluation and enhancement services intended to test your network for security risks, validate your compliance with governmental or industry security requirements, and remediate potential weaknesses in your network protection:
Contact Progent for Network Security Auditing
- Small Business Security Inventory Evaluation Packages
Progent offers two Security Inventory evaluation packages for small businesses, the External Network Security Inventory and the Internal Network Security Inventory, which assess different aspects of network security vulnerability and which you can use separately or together. Both packages offer features designed to meet the needs of small businesses who want to take a more proactive role in making their networks safe from malicious assaults but who donít have the time or the budget to manage an exhaustive enterprise-class network security audit.
- Unannounced Penetration Testing
Progent can perform in-depth network penetration exercises without warning internal network managers. Unannounced Penetration Testing uncovers whether in-place network security monitoring mechanisms such as penetration detection alerts and event log monitoring are properly set up and consistently monitored. Progent security engineers can utilize various hacker techniques to extend attack vectors to gain an understanding of the full network and determine how many internal systems can be connected to and compromised. This method of vulnerability testing can expose the entire scope of the security gaps of an information system.
- Security Evaluation Consulting Services
Progent's expert network security audit and compliance consulting support services can help your business to evaluate your processes and governance policies and assess your network environment to allow your company to design the maximum level of security into your IT system. Progent's certified security consultants can also manually check your web applications for security weaknesses and can conduct corporate-wide security audits to verify your company's adherence to key security standards including HIPAA, PCI, and ISO.
If you need additional information about Progent's computer security inventory offerings, call Progent at 800-993-9400 or see Contact Progent.