Stealth penetration testing is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against authorized but unannounced attacks by veteran security specialists using advanced hacking techniques.
Progentís security experts can perform extensive in-depth penetration testing without the knowledge of internal IT resources. Such testing uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
For larger companies, Progent can perform anonymous physical security penetration testing, including attempts to gain unauthorized/unchecked access to physical premises by pretending to be authorized personnel, with proof of success from copying of confidential information and accessing internal network resources behind all perimeter firewalls.
- Running a series of port scanning tools to identify open network access vectors and to identify and characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access
- Attempt to determine remote access capabilities of network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Perform remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determination of internal and external network addressing configuration through email beaconing techniques
- Performing various Denial of Service attacks, coordinated with internal senior management to determine whether it is possible to stop or hinder network productivity. Once proof of impact is reported, such testing can be immediately ceased to avoid impact to actual business productivity.
- Perform PBX remote access and voice mail security testing
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employeesí family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
ProSight Low-Cost Managed Services for Information Assurance
Progent's low-cost ProSight portfolio of outsourced network management services is designed to provide small and mid-size businesses with enterprise-class support and cutting-edge technology for all facets of information assurance. Managed services offered by Progent include:
ProSight Network Audits
- ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Defense
ProSight Active Security Monitoring (ASM) is an endpoint protection solution that utilizes next generation behavior-based analysis technology to defend endpoints and servers and VMs against modern malware assaults such as ransomware and file-less exploits, which routinely escape traditional signature-matching anti-virus tools. ProSight ASM safeguards on-premises and cloud resources and provides a single platform to address the entire threat lifecycle including protection, identification, containment, cleanup, and forensics. Key capabilities include single-click rollback with Windows Volume Shadow Copy Service (VSS) and real-time network-wide immunization against new threats. Learn more about Progent's ProSight Active Security Monitoring endpoint protection and ransomware defense.
- ProSight Enhanced Security Protection: Unified Endpoint Protection
Progent's ProSight Enhanced Security Protection (ESP) services deliver affordable in-depth security for physical servers and VMs, desktops, smartphones, and Exchange email. ProSight ESP utilizes adaptive security and modern behavior analysis for continuously monitoring and reacting to security assaults from all attack vectors. ProSight ESP delivers two-way firewall protection, intrusion alarms, device management, and web filtering through leading-edge technologies packaged within a single agent accessible from a unified console. Progent's security and virtualization experts can help your business to design and implement a ProSight ESP deployment that meets your company's unique needs and that helps you prove compliance with government and industry information security standards. Progent will help you specify and implement policies that ProSight ESP will manage, and Progent will monitor your IT environment and respond to alerts that call for urgent attention. Progent can also assist you to set up and test a backup and restore system such as ProSight Data Protection Services (DPS) so you can recover quickly from a potentially disastrous security attack like ransomware. Learn more about Progent's ProSight Enhanced Security Protection (ESP) unified endpoint protection and Exchange filtering.
- ProSight Data Protection Services: Managed Backup and Recovery
ProSight Data Protection Services offer small and medium-sized organizations an affordable end-to-end service for secure backup/disaster recovery. For a low monthly cost, ProSight Data Protection Services automates and monitors your backup activities and allows fast recovery of vital files, applications and virtual machines that have become lost or damaged due to component breakdowns, software bugs, disasters, human error, or malicious attacks like ransomware. ProSight Data Protection Services can help you back up, retrieve and restore files, folders, apps, system images/, plus Hyper-V and VMware images/. Critical data can be backed up on the cloud, to a local device, or to both. Progent's BDR specialists can deliver advanced support to set up ProSight DPS to to comply with regulatory requirements like HIPPA, FINRA, and PCI and, when necessary, can assist you to restore your critical information. Learn more about ProSight DPS Managed Cloud Backup and Recovery.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email security platform that incorporates the technology of leading data security vendors to deliver web-based management and world-class security for your email traffic. The hybrid architecture of Progent's Email Guard managed service combines cloud-based filtering with a local security gateway appliance to offer complete protection against spam, viruses, Dos Attacks, DHAs, and other email-based malware. The cloud filter serves as a first line of defense and keeps most unwanted email from making it to your security perimeter. This reduces your vulnerability to inbound attacks and saves system bandwidth and storage space. Email Guard's onsite gateway device adds a further level of analysis for incoming email. For outbound email, the on-premises gateway offers anti-virus and anti-spam protection, protection against data leaks, and email encryption. The local security gateway can also help Microsoft Exchange Server to monitor and protect internal email that originates and ends inside your corporate firewall. Find out more about Progent's ProSight Email Guard spam filtering, virus defense, content filtering and data loss prevention.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
Progentís ProSight WAN Watch is an infrastructure monitoring and management service that makes it simple and inexpensive for smaller organizations to map, track, reconfigure and debug their connectivity appliances like switches, firewalls, and wireless controllers plus servers, client computers and other devices. Using cutting-edge RMM technology, WAN Watch ensures that network diagrams are always updated, captures and displays the configuration of almost all devices on your network, monitors performance, and generates alerts when issues are detected. By automating time-consuming management and troubleshooting processes, ProSight WAN Watch can cut hours off ordinary chores like making network diagrams, expanding your network, finding devices that require critical software patches, or isolating performance issues. Find out more details about ProSight WAN Watch infrastructure management services.
- ProSight LAN Watch: Server and Desktop Remote Monitoring and Management
ProSight LAN Watch is Progentís server and desktop monitoring managed service that incorporates advanced remote monitoring and management (RMM) techniques to help keep your network running at peak levels by checking the health of vital computers that power your business network. When ProSight LAN Watch detects a problem, an alarm is transmitted immediately to your designated IT personnel and your Progent engineering consultant so that all looming problems can be resolved before they have a chance to disrupt your network Learn more about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted VMs at Progent's World-class Data Center
With Progent's ProSight Virtual Hosting service, a small business can have its key servers and applications hosted in a protected fault tolerant data center on a fast virtual host configured and managed by Progent's network support professionals. With the ProSight Virtual Hosting model, the client retains ownership of the data, the OS software, and the applications. Because the system is virtualized, it can be moved easily to a different hardware solution without requiring a lengthy and difficult reinstallation process. With ProSight Virtual Hosting, you are not tied a single hosting service. Learn more details about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to capture, maintain, find and protect data about your network infrastructure, procedures, applications, and services. You can instantly locate passwords or serial numbers and be warned about impending expirations of SSLs or warranties. By cleaning up and organizing your IT documentation, you can save as much as 50% of time spent searching for critical information about your network. ProSight IT Asset Management features a centralized repository for storing and sharing all documents required for managing your business network like standard operating procedures (SOPs) and How-To's. ProSight IT Asset Management also supports a high level of automation for collecting and associating IT information. Whether youíre planning enhancements, performing maintenance, or reacting to an emergency, ProSight IT Asset Management delivers the knowledge you need when you need it. Find out more about ProSight IT Asset Management service.
Progent's ProSight Network Audits are a quick and affordable alternative for small and medium-size organizations to get an objective evaluation of the overall health of their network. Powered by some of the leading remote monitoring and management (RMM) tools available, and overseen by Progent's world-class group of IT professionals, ProSight Network Audits help you see how closely the configuration of your core network assets adhere to industry leading practices. The Basic and Advanced options for ProSight Network Audit services are offered at a low, one-time cost and provide immediate ROI such as a cleaner Active Directory environment. Both versions also include a year of cutting-edge remote network monitoring and management. Advantages can include simpler network management, improved compliance with information security requirements, higher utilization of IT assets, quicker problem resolution, more dependable backup and recovery, and increased uptime. Read more information about Progent's ProSight Network Audits network infrastructure assessment.
The ProSight Ransomware Preparedness Report Service
The ProSight Ransomware Preparedness Report is a low-cost service built around a brief phone discussion with a Progent information assurance expert. The fact-finding interview is intended to help evaluate your organization's preparedness either to block or recover quickly after an attack by a ransomware strain such as Ryuk, WannaCry, NotPetya, or Locky. Progent will work with you directly to collect information concerning your current security profile and backup platform, and Progent will then deliver a written Basic Security and Best Practices Report describing how you can follow best practices to build a cost-effective AV and backup/recovery environment that meets your business requirements. For details, see Progent's ProSight Ransomware Preparedness Report Service.
Contact Progent for Penetration Testing Consulting
If you want network security expertise, call Progent at 800-993-9400 or visit Contact Progent.