Penetration testing (PEN testing) is a vital method for allowing organizations to determine how exposed their networks are to real world threats by showing how well corporate security processes, procedures and technologies hold up against announced or unannounced attacks by veteran security specialists using advanced hacking techniques. Progent can provide a one-time pentest or run scheduled or continual pentests delivered as a remotely managed service.
Progent's security experts can perform extensive in-depth penetration testing without the knowledge of internal IT staff. Such testing, known as stealth pentesting, uncovers whether existing security monitoring tools such as intrusion detection alerts and event log monitoring are correctly set up and actively monitored.
Penetration testing can encompass any or all of the following areas:
- Running a series of port scanning tools to identify open network access vectors and to characterize a customer's network environment and overall security level.
- Running a series of exploit identification tools that test all open access vectors against a large database of known vulnerabilities resulting from servers that are not up to date on security patches, out of date firmware/software, poorly configured servers and devices, and default or common installation passwords.
- Evaluation of wireless network security by attempting on-site access from publicly accessible locations including parking lots, hallways, bathrooms, and physically adjacent spaces or floors. Identification of security methods utilized by wireless infrastructure and running known exploit tools to gain access.
- Attempting to determine remote access capabilities of the network and perform exploit and brute force attack methods to gain access through remote access infrastructure.
- Performing remote office security evaluation and testing, and determine whether remote sites can be used as a vector into the corporate network through VPNs or other private network infrastructure.
- Performing brute force account and password attacks using a database of over 40 million possible passwords.
- For devices and servers that are successfully penetrated, Progent security experts will manually use assorted hacker techniques to extend such exploit vectors to gain an understanding of the full network environment and see how many internal systems can be accessed and compromised. This type of security testing can expose the full scope of the vulnerability of a network environment.
- Determining internal and external network addressing configuration through email beaconing techniques.
- Performing various Denial of Service (DoS) attacks, coordinated with internal senior management to determine whether it is possible to stop or reduce network throughput. Once proof of impact is reported, such testing can be immediately terminated to avoid impacting business productivity.
- Performing PBX remote access and voice mail security testing.
- Continuous autonomous PEN testing to map your internal/external attack surface and to identify ways that vulnerabilities, improper configurations, stolen credentials, missing patches, and unsound product defaults can be chained together by threat actors into the multi-vector attacks common to modern strains of ransomware. The NodeZero product from Horizon3.ai is an example of a next-generation penetration testing platform powered by AI technology that can be run continuously to assess, tune, repair, and confirm the security posture of networks of any size in order to provide a high level of protection against modern cyberthreats like ransomware.
Progent experts can use social engineering techniques and public information to attempt customized password penetration testing utilizing information such as employees' family member names, birthdates, home addresses, and phone numbers. Progent team members can often quickly uncover this information through Internet online search and public records. Progent can uncover employee names/email addresses through publicly accessible information on the Internet, from PBX voice mail directories, public records filings, marketing materials and press releases, web sites, and receptionist.
Progent will provide a complete report of methods used and vulnerabilities uncovered during stealth penetration testing, along with a detailed list of recommended remediation steps. Progent can then work with internal IT staff to perform an audit and evaluation of the actual security protection, configuration, tools, and processes and help your company develop a comprehensive security plan.
Expertise with Horizon3.ai's NodeZero PEN Testing Solutions
NodeZero from Horizon3.ai is a cutting-edge penetration test (pentest) product family that can deliver continuous, concurrent, programmable testing of your network to help you identify, prioritize, remediate, and confirm security vulnerabilities before malicious hackers can exploit them. Progent's pentest experts can help you to deploy NodeZero to perform comprehensive penetration tests of your perimeter and your internal network so you can determine your present security profile. Progent's NodeZero experts can also help you to harden your existing network security and can help you to plan and implement a cohesive cybersecurity strategy that simplifies management and provides maximum protection for on-prem, multi-cloud, and perimeter IT resources. To find out more details about Progent's vulnerability assessment services powered by on NodeZero's penetration test platform, see Consulting Services for NodeZero's Penetration Test Products.
ProSight Flat-rate Managed Services for Information Assurance
Progent's value-priced ProSight series of managed services is designed to provide small and mid-size businesses with enterprise-class support and state-of-the-art technology for all facets of information assurance. ProSight managed services offered by Progent include:
- ProSight Active Security Monitoring (ASM): Endpoint Protection and Ransomware Recovery
Progent's ProSight Active Security Monitoring (ASM) is an endpoint protection solution that utilizes SentinelOne's cutting edge behavior-based analysis technology to guard endpoints as well as servers and VMs against modern malware assaults such as ransomware and email phishing, which easily escape traditional signature-based anti-virus products. ProSight ASM safeguards local and cloud resources and provides a single platform to address the complete malware attack progression including protection, identification, mitigation, remediation, and forensics. Key capabilities include single-click rollback using Windows Volume Shadow Copy Service and automatic network-wide immunization against new attacks. Progent is a SentinelOne Partner, reseller, and integrator. Find out more about Progent's ProSight Active Security Monitoring next-generation endpoint protection and ransomware defense with SentinelOne technology.
- ProSight Enhanced Security Protection: Unified Endpoint Protection
ProSight Enhanced Security Protection (ESP) services deliver economical multi-layer security for physical servers and virtual machines, desktops, smartphones, and Exchange Server. ProSight ESP utilizes adaptive security and advanced machine learning for continuously monitoring and responding to cyber threats from all vectors. ProSight ESP delivers firewall protection, intrusion alarms, endpoint control, and web filtering via leading-edge tools packaged within a single agent accessible from a single console. Progent's data protection and virtualization experts can assist you to design and configure a ProSight ESP deployment that meets your company's specific requirements and that helps you achieve and demonstrate compliance with government and industry information security regulations. Progent will help you specify and configure policies that ProSight ESP will enforce, and Progent will monitor your IT environment and react to alarms that call for immediate action. Progent can also assist you to install and test a backup and restore solution such as ProSight Data Protection Services (DPS) so you can recover quickly from a destructive cyber attack like ransomware. Find out more about Progent's ProSight Enhanced Security Protection unified physical and virtual endpoint security and Microsoft Exchange email filtering.
- ProSight Data Protection Services: Managed Cloud Backup and Recovery
Progent has worked with advanced backup product companies to produce ProSight Data Protection Services, a selection of offerings that deliver backup-as-a-service. All ProSight DPS products automate and track your backup operations and allow non-disruptive backup and rapid restoration of important files/folders, applications, images, and Hyper-V and VMware virtual machines. ProSight DPS helps you recover from data loss caused by hardware failures, natural calamities, fire, cyber attacks like ransomware, human error, ill-intentioned employees, or application glitches. Managed backup services available in the ProSight DPS selection include ProSight DPS Altaro VM Backup, ProSight 365 Total Backup (formerly Altaro Office 365 Backup), ProSight DPS ECHO Backup based on Barracuda purpose-built hardware, and ProSight DPS MSP360 Hybrid Backup. Your Progent consultant can assist you to identify which of these managed services are best suited for your network.
- ProSight Email Guard: Inbound and Outbound Spam Filtering, Data Leakage Protection and Content Filtering
ProSight Email Guard is Progent's email filtering and encryption solution that incorporates the services and infrastructure of top information security vendors to deliver web-based management and comprehensive security for all your email traffic. The hybrid architecture of Progent's Email Guard integrates a Cloud Protection Layer with a local security gateway appliance to provide advanced defense against spam, viruses, Dos Attacks, Directory Harvest Attacks (DHAs), and other email-based malware. The Cloud Protection Layer serves as a first line of defense and keeps the vast majority of unwanted email from making it to your network firewall. This decreases your vulnerability to external threats and saves network bandwidth and storage. Email Guard's onsite gateway appliance adds a deeper level of inspection for inbound email. For outbound email, the onsite security gateway provides AV and anti-spam filtering, policy-based Data Loss Prevention, and email encryption. The on-premises gateway can also assist Microsoft Exchange Server to monitor and protect internal email traffic that originates and ends within your corporate firewall. Learn more about Progent's ProSight Email Guard spam filtering, virus blocking, content filtering and data loss prevention.
- ProSight WAN Watch: Infrastructure Remote Monitoring and Management
Progent's ProSight WAN Watch is a network infrastructure monitoring and management service that makes it easy and inexpensive for smaller businesses to map, track, optimize and troubleshoot their networking appliances such as routers, firewalls, and load balancers plus servers, printers, client computers and other networked devices. Using cutting-edge Remote Monitoring and Management technology, ProSight WAN Watch ensures that infrastructure topology maps are always updated, captures and manages the configuration information of almost all devices connected to your network, tracks performance, and generates notices when potential issues are discovered. By automating complex management activities, ProSight WAN Watch can knock hours off common tasks such as making network diagrams, expanding your network, finding appliances that require critical updates, or isolating performance problems. Learn more details about ProSight WAN Watch infrastructure management consulting.
- ProSight LAN Watch: Server and Desktop Remote Monitoring
ProSight LAN Watch is Progent's server and desktop monitoring service that uses state-of-the-art remote monitoring and management (RMM) techniques to help keep your IT system operating efficiently by tracking the health of vital computers that power your business network. When ProSight LAN Watch uncovers an issue, an alarm is transmitted automatically to your specified IT staff and your assigned Progent engineering consultant so that any looming issues can be resolved before they can disrupt productivity Learn more about ProSight LAN Watch server and desktop remote monitoring consulting.
- ProSight Virtual Hosting: Hosted Virtual Machines at Progent's Tier III Data Center
With ProSight Virtual Hosting service, a small or mid-size organization can have its critical servers and applications hosted in a protected fault tolerant data center on a fast virtual host configured and maintained by Progent's IT support experts. Under Progent's ProSight Virtual Hosting service model, the customer owns the data, the operating system platforms, and the applications. Because the system is virtualized, it can be moved immediately to an alternate hosting solution without a lengthy and technically risky configuration procedure. With ProSight Virtual Hosting, you are not tied a single hosting provider. Find out more about ProSight Virtual Hosting services.
- ProSight IT Asset Management: Network Infrastructure Documentation Management
ProSight IT Asset Management service is a cloud-based IT documentation management service that makes it easy to capture, maintain, retrieve and safeguard data related to your network infrastructure, procedures, applications, and services. You can quickly find passwords or serial numbers and be warned automatically about impending expirations of SSL certificates ,domains or warranties. By updating and organizing your IT documentation, you can save up to 50% of time wasted looking for vital information about your network. ProSight IT Asset Management features a centralized location for storing and sharing all documents required for managing your network infrastructure like standard operating procedures and self-service instructions. ProSight IT Asset Management also offers a high level of automation for gathering and associating IT information. Whether you're planning improvements, performing maintenance, or reacting to a crisis, ProSight IT Asset Management gets you the information you need the instant you need it. Learn more about ProSight IT Asset Management service.
- Progent's Patch Management: Software/Firmware Update Management Services
Progent's managed services for patch management provide businesses of all sizes a versatile and affordable alternative for evaluating, testing, scheduling, applying, and tracking software and firmware updates to your dynamic IT network. Besides maximizing the protection and reliability of your computer network, Progent's software/firmware update management services allow your in-house IT team to concentrate on line-of-business projects and tasks that derive the highest business value from your information network. Learn more about Progent's software/firmware update management support services.
- ProSight Duo Two-Factor Authentication: ID Confirmation, Endpoint Policy Enforcement, and Protected Single Sign-on (SSO)
Progent's Duo authentication managed services utilize Cisco's Duo technology to defend against compromised passwords by using two-factor authentication (2FA). Duo supports single-tap identity confirmation with Apple iOS, Google Android, and other personal devices. Using 2FA, whenever you sign into a protected application and give your password you are asked to verify your identity on a unit that only you possess and that uses a separate network channel. A wide selection of devices can be used as this second form of authentication including a smartphone or watch, a hardware token, a landline phone, etc. You may register multiple verification devices. For details about ProSight Duo two-factor identity authentication services, refer to Duo MFA two-factor authentication services for access security.
ProSight Network Audits
Progent's ProSight Network Audits are a quick and affordable alternative for small and medium-size businesses to obtain an objective assessment of the health of their information system. Based on some of the leading remote monitoring and management (RMM) platforms in the industry, and overseen by Progent's world-class group of IT experts, ProSight Network Audits help you see how closely the deployment of your core infrastructure devices adhere to best practices. The Basic and Advanced options for ProSight Network Audit services are offered at a low, one-time cost and provide immediate benefits like a more manageable Active Directory system. Both also come with a year of cutting-edge remote network monitoring and management (RMM). Benefits can include easier network management, improved compliance with information security requirements, higher utilization of network resources, quicker troubleshooting, more reliable backup and recovery, and higher availability. Learn more about Progent's ProSight Network Audits IT infrastructure assessment.
Progent's ProSight Ransomware Preparedness Report
Progent's ProSight Ransomware Preparedness Report service is an affordable service built around a brief phone discussion with a Progent backup/recovery consultant. The fact-finding interview is designed to evaluate your organization's ability either to stop or recover rapidly after an attack by a ransomware variant like Ryuk, WannaCry, NotPetya, or Locky. Progent will work with you directly to collect information about your existing security profile and backup platform, and Progent will then deliver a written Basic Security and Best Practices Report document describing how you can follow industry best practices to deploy an efficient AV and backup/recovery system that aligns with your company's needs. For details, visit Progent's ProSight Ransomware Preparedness Report.
Contact Progent for Penetration Testing Consulting
For computer security engineering help, telephone Progent at 800-993-9400 or go to Contact Progent.
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to help organizations to complete the urgent first step in responding to a ransomware assault by stopping the bleeding. Progent's online ransomware engineer can help you to identify and quarantine breached servers and endpoints and protect clean assets from being penetrated. If your system has been breached by any strain of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, visit Progent's Ransomware 24x7 Hot Line.