Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent’s security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees’ family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Flat-rate Managed Services for Information Assurance
Progent's value-priced ProSight line of managed services is intended to provide small and mid-size organizations with enterprise-class support and state-of-the-art technology for all facets of information assurance and compliance. Managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Next Generation Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring is an endpoint protection (EPP) service that incorporates next generation behavior-based machine learning technology to guard endpoint devices and physical and virtual servers against modern malware attacks like ransomware and file-less exploits, which easily escape legacy signature-matching anti-virus tools. ProSight ASM protects local and cloud-based resources and offers a unified platform to manage the complete threat progression including filtering, detection, containment, remediation, and post-attack forensics. Top features include one-click rollback using Windows Volume Shadow Copy Service (VSS) and automatic network-wide immunization against newly discovered attacks. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection (ESP): Unified Physical and Virtual Endpoint Security
Progent's ProSight Enhanced Security Protection managed services offer ultra-affordable multi-layer security for physical servers and virtual machines, desktops, mobile devices, and Exchange Server. ProSight ESP uses contextual security and advanced heuristics for round-the-clock monitoring and responding to security assaults from all vectors. ProSight ESP provides firewall protection, intrusion alarms, endpoint management, and web filtering via leading-edge tools packaged within a single agent accessible from a single console. Progent's security and virtualization experts can assist you to plan and configure a ProSight ESP environment that addresses your organization's specific needs and that helps you achieve and demonstrate compliance with government and industry data security regulations. Progent will assist you define and configure security policies that ProSight ESP will enforce, and Progent will monitor your network and respond to alerts that require urgent action. Progent can also assist your company to set up and verify a backup and disaster recovery solution like ProSight Data Protection Services (DPS) so you can get back in business quickly from a potentially disastrous security attack such as ransomware. Read more about Progent's ProSight Enhanced Security Protection (ESP) unified physical and virtual endpoint protection and Microsoft Exchange email filtering.
- ProSight DPS: Managed Backup and Recovery
ProSight Data Protection Services provide small and medium-sized organizations an affordable end-to-end service for secure backup/disaster recovery (BDR). For a low monthly price, ProSight Data Protection Services automates your backup activities and allows rapid restoration of critical data, apps and VMs that have become lost or corrupted due to hardware breakdowns, software bugs, disasters, human mistakes, or malicious attacks like ransomware. ProSight DPS can help you back up, recover and restore files, folders, apps, system images/, plus Hyper-V and VMware virtual machine images/. Important data can be backed up on the cloud, to a local device, or to both. Progent's BDR specialists can provide advanced expertise to configure ProSight Data Protection Services to to comply with regulatory requirements such as HIPPA, FIRPA, PCI and Safe Harbor and, whenever needed, can assist you to restore your critical information. Read more about ProSight DPS Managed Cloud Backup.
- ProSight Email Guard: Spam Filtering, Data Leakage Protection and Email Encryption
ProSight Email Guard is Progent's email filtering and encryption platform that uses the technology of leading data security vendors to deliver web-based control and comprehensive protection for your email traffic. The hybrid structure of Email Guard integrates cloud-based filtering with an on-premises security gateway device to offer advanced defense against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks, and other email-borne malware. Email Guard's Cloud Protection Layer serves as a preliminary barricade and keeps the vast majority of unwanted email from reaching your security perimeter. This decreases your exposure to external threats and saves system bandwidth and storage. Email Guard's onsite gateway device adds a deeper layer of inspection for inbound email. For outbound email, the on-premises security gateway provides AV and anti-spam protection, DLP, and encryption. The local gateway can also help Microsoft Exchange Server to track and protect internal email that stays within your security perimeter. Find out more about Progent's ProSight Email Guard spam filtering, virus defense, content filtering and data leakage protection.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and inexpensive for smaller organizations to map, monitor, reconfigure and debug their connectivity appliances like switches, firewalls, and access points as well as servers, printers, endpoints and other devices. Incorporating cutting-edge Remote Monitoring and Management (RMM) technology, ProSight WAN Watch makes sure that network maps are always current, captures and manages the configuration information of almost all devices on your network, tracks performance, and generates alerts when potential issues are detected. By automating time-consuming management activities, ProSight WAN Watch can cut hours off ordinary chores like making network diagrams, expanding your network, locating appliances that need important updates, or isolating performance issues. Learn more details about ProSight WAN Watch infrastructure monitoring and management services.
- ProSight LAN Watch: Server and Desktop Monitoring
ProSight LAN Watch is Progent’s server and desktop remote monitoring service that incorporates advanced remote monitoring and management techniques to help keep your IT system running at peak levels by tracking the state of critical computers that power your information system. When ProSight LAN Watch detects an issue, an alert is sent immediately to your specified IT management staff and your assigned Progent engineering consultant so all looming problems can be resolved before they can impact productivity Learn more about ProSight LAN Watch server and desktop monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size business can have its key servers and applications hosted in a secure fault tolerant data center on a fast virtual machine host configured and maintained by Progent's network support professionals. Under the ProSight Virtual Hosting service model, the client retains ownership of the data, the operating system platforms, and the apps. Since the environment is virtualized, it can be ported immediately to an alternate hardware solution without a time-consuming and difficult configuration procedure. With ProSight Virtual Hosting, your business is not locked into a single hosting provider. Learn more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
Progent's ProSight IT Asset Management service is a cloud-based IT documentation management service that allows you to create, update, find and protect data related to your IT infrastructure, procedures, applications, and services. You can instantly locate passwords or IP addresses and be alerted about upcoming expirations of SSL certificates ,domains or warranties. By updating and managing your IT infrastructure documentation, you can eliminate up to 50% of time wasted looking for vital information about your IT network. ProSight IT Asset Management features a centralized location for holding and sharing all documents required for managing your network infrastructure like standard operating procedures (SOPs) and self-service instructions. ProSight IT Asset Management also offers advanced automation for gathering and associating IT data. Whether you’re planning improvements, doing maintenance, or responding to a crisis, ProSight IT Asset Management gets you the knowledge you need the instant you need it. Learn more about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits offer a quick and low-cost alternative for small and mid-size businesses to get an objective evaluation of the health of their information system. Powered by a selection of the top remote monitoring and management (RMM) platforms available, and overseen by Progent's certified group of information technology professionals, ProSight Network Audits help you see how closely the configuration of your core network assets adhere to leading practices. The Basic and Advanced options for ProSight Network Audit services are available at a budget-friendly, one-time cost and provide immediate benefits like a more manageable Active Directory system. Both versions also come with one year of advanced remote network monitoring and management (RMM). Advantages can include easier network management, better compliance with data security regulations, more efficient utilization of network assets, quicker problem resolution, more dependable backup and recovery, and higher availability. See more about Progent's ProSight Network Audits network infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report Service
The ProSight Ransomware Preparedness Report service is a low-cost service based on a brief phone discussion with a Progent backup/recovery consultant. The fact-finding interview is intended to help evaluate your company's ability to stop or recover rapidly following an attack by a ransomware variant like Ryuk, WannaCry, MongoLock, or Locky. Progent will work with you personally to gather information about your existing AV defense and backup/recovery platform, and Progent will then produce a written Basic Security and Best Practices Report detailing how you can follow industry best practices to deploy a cost-effective security and backup/recovery environment that aligns with your company's requirements. For additional information, visit The ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
If you need network security consulting expertise, phone Progent at 800-993-9400 or refer to Contact Progent.