Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progent’s security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees’ family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Low-Cost Managed Services for Information Assurance
Progent's affordable ProSight family of network monitoring and management services is intended to provide small and mid-size organizations with enterprise-class support and state-of-the-art technology for all facets of information assurance and compliance. ProSight managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Next Generation Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring is an endpoint protection (EPP) service that incorporates next generation behavior machine learning tools to guard endpoints and physical and virtual servers against modern malware attacks such as ransomware and email phishing, which routinely escape traditional signature-based AV products. ProSight ASM protects on-premises and cloud resources and provides a single platform to address the entire threat lifecycle including protection, infiltration detection, mitigation, cleanup, and forensics. Top capabilities include single-click rollback with Windows VSS and real-time system-wide immunization against new threats. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware recovery.
- ProSight Enhanced Security Protection: Unified Physical and Virtual Endpoint Protection
ProSight Enhanced Security Protection services deliver ultra-affordable multi-layer security for physical and virtual servers, workstations, mobile devices, and Microsoft Exchange. ProSight ESP utilizes adaptive security and advanced machine learning for continuously monitoring and reacting to security threats from all attack vectors. ProSight ESP provides firewall protection, intrusion alarms, endpoint control, and web filtering via cutting-edge technologies incorporated within a single agent accessible from a unified control. Progent's data protection and virtualization consultants can assist you to design and implement a ProSight ESP environment that addresses your company's specific needs and that helps you achieve and demonstrate compliance with legal and industry data security standards. Progent will help you specify and implement policies that ProSight ESP will manage, and Progent will monitor your network and react to alarms that require immediate action. Progent can also assist you to set up and verify a backup and disaster recovery solution like ProSight Data Protection Services (DPS) so you can recover quickly from a potentially disastrous cyber attack such as ransomware. Find out more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint security and Exchange filtering.
- ProSight DPS: Managed Backup
ProSight Data Protection Services from Progent offer small and mid-sized businesses a low cost end-to-end solution for secure backup/disaster recovery (BDR). Available at a low monthly rate, ProSight DPS automates your backup processes and allows rapid recovery of critical data, applications and VMs that have become unavailable or damaged as a result of hardware breakdowns, software glitches, disasters, human mistakes, or malware attacks like ransomware. ProSight DPS can help you back up, recover and restore files, folders, apps, system images/, as well as Microsoft Hyper-V and VMware images/. Critical data can be protected on the cloud, to an on-promises storage device, or to both. Progent's cloud backup specialists can provide world-class expertise to configure ProSight Data Protection Services to comply with regulatory requirements like HIPPA, FINRA, and PCI and, when necessary, can assist you to recover your business-critical information. Find out more about ProSight Data Protection Services Managed Cloud Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security solution that incorporates the technology of leading information security companies to deliver centralized management and world-class security for your inbound and outbound email. The hybrid architecture of Email Guard combines a Cloud Protection Layer with a local gateway device to offer advanced defense against spam, viruses, Denial of Service (DoS) Attacks, Directory Harvest Attacks, and other email-borne threats. Email Guard's cloud filter serves as a first line of defense and keeps the vast majority of unwanted email from reaching your security perimeter. This reduces your exposure to external attacks and conserves network bandwidth and storage space. Email Guard's on-premises gateway device provides a further level of analysis for inbound email. For outgoing email, the on-premises security gateway provides anti-virus and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The on-premises security gateway can also assist Exchange Server to track and safeguard internal email that originates and ends inside your security perimeter. Learn more about Progent's ProSight Email Guard spam filtering, virus blocking, content filtering and data leakage prevention.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
ProSight WAN Watch is a network infrastructure management service that makes it simple and affordable for small and mid-sized businesses to map out, monitor, optimize and debug their connectivity hardware such as routers and switches, firewalls, and access points plus servers, client computers and other devices. Using cutting-edge RMM technology, WAN Watch ensures that infrastructure topology diagrams are always updated, captures and manages the configuration of almost all devices on your network, tracks performance, and generates alerts when potential issues are detected. By automating complex management activities, WAN Watch can cut hours off ordinary tasks like making network diagrams, expanding your network, locating devices that need critical software patches, or identifying the cause of performance issues. Learn more details about ProSight WAN Watch network infrastructure monitoring and management consulting.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progent’s server and desktop remote monitoring service that incorporates state-of-the-art remote monitoring and management techniques to keep your IT system operating at peak levels by checking the state of vital assets that power your information system. When ProSight LAN Watch uncovers an issue, an alarm is sent automatically to your designated IT management staff and your Progent engineering consultant so any looming problems can be resolved before they have a chance to disrupt your network Find out more details about ProSight LAN Watch server and desktop monitoring services.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small or mid-size organization can have its critical servers and apps hosted in a protected fault tolerant data center on a fast virtual machine host set up and maintained by Progent's IT support professionals. With the ProSight Virtual Hosting model, the customer retains ownership of the data, the operating system software, and the applications. Because the system is virtualized, it can be ported immediately to a different hardware environment without requiring a time-consuming and technically risky reinstallation process. With ProSight Virtual Hosting, you are not tied a single hosting service. Learn more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Documentation Management
Progent's ProSight IT Asset Management service is an IT infrastructure documentation management service that allows you to capture, maintain, find and safeguard information about your network infrastructure, procedures, applications, and services. You can quickly find passwords or serial numbers and be alerted about upcoming expirations of SSLs or domains. By updating and organizing your network documentation, you can eliminate as much as half of time spent trying to find critical information about your IT network. ProSight IT Asset Management includes a common location for holding and sharing all documents required for managing your network infrastructure such as recommended procedures and self-service instructions. ProSight IT Asset Management also supports a high level of automation for collecting and relating IT information. Whether you’re making enhancements, doing maintenance, or responding to an emergency, ProSight IT Asset Management delivers the knowledge you require when you need it. Learn more about Progent's ProSight IT Asset Management service.
Progent's ProSight Network Audits are a fast and affordable way for small and mid-size organizations to get an objective assessment of the overall health of their IT system. Powered by a selection of the leading remote monitoring and management tools available, and overseen by Progent's world-class team of information technology experts, ProSight Network Audits show you how closely the deployment of your core network devices conform to leading practices. Both the Basic and Advanced versions of ProSight Network Audit services are available at a low, one-time cost and provide immediate benefits such as a more manageable Active Directory system. Both also come with a year of cutting-edge remote network monitoring and management (RMM). Advantages can include simpler network management, improved compliance with information security requirements, higher utilization of IT resources, faster problem resolution, more dependable backup and restore, and increased uptime. Read more information about ProSight Network Audits network infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report Service
Progent's ProSight Ransomware Preparedness Report is a low-cost service based on a brief phone discussion with a Progent backup/recovery expert. The interview is designed to help evaluate your company's preparedness either to stop or recover rapidly after an assault by a ransomware strain like Ryuk, WannaCry, MongoLock, or Hermes. Progent will consult with you directly to gather information concerning your existing antivirus tools and backup system, and Progent will then produce a custom Basic Security and Best Practices Report detailing how you can apply industry best practices to deploy an efficient AV and backup system that meets your company's requirements. For additional information, refer to Progent's ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
For more information about Progent's network security help, telephone Progent at 800-993-9400 or refer to Contact Progent.