security penetration test

If you don't mind dealing with a sales call i'd advise to download the 30 trail of nexpose. Commercial vulnerability scanners have more scanning and reporting capabilities than the free one.  That'll make your job of "patching the holes" way easier too.

Quite a list in the link

zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.

nmap - Free security scanner for network exploration & security audits

Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7

LOIC - Open source network stress tool for Windows.

SlowLoris - DoS tool that uses low bandwidth on the attacking side

https://github.com/enaqx/awesome-pentest/blob/master/README.md#network-vulnerability-scanners

Do make sure you whitelist the scanner in the firewalls so that the scanner will be fruitful. In fact target also the default setting in each device like default admin account and unnecessary service like ftp, telnet, etc open. These are point for further penetration.

Thanks for the advice.   Maybe you could tell me if I am doing enough for security.  For remote users we use Cisco Any Connect an then have each user RDP to the server with a password.  Cisco also has a password of course.  For patch management we use Solar Winds MSP.    We also have Cisco Web Security for internet scanning and in about 10 days we will be switching over to a SonicWall (right now we use Cisco ASA for firewall)   Endpoint protection is Sophos Cloud.  And outlook 365 we use the online advanced threat protection.  Do you think this will suffice or am I missing a key element of security?

For remote users we use Cisco Any Connect an then have each user RDP to the server with a password.  

You would consider remote user to have 2FA to enhance the authenticity as password alone is consider weak. It is mandated at my side as policy but we also advocate user to using a strong password.

We also have Cisco Web Security for internet scanning and in about 10 days we will be switching over to a SonicWall (right now we use Cisco ASA for firewall)  

May want to check if the WAF can address Application DoS like slowloris. At the same in even of HTTPS traffic, the deep inspection may be lacking as there is no decryption at the perimeter. It will based more on endpoint scan of the received data.

Endpoint protection is Sophos Cloud.  And outlook 365 we use the online advanced threat protection.

you probably need to consider the data recovery and backup as well, specifically in event a malware like ransomware does get through, will data backup be readily to recover. Understand that Sophos InterceptX address the ransomware attack, and the ATP is good but probably you should check that SPF and DKIM is implemented. ATP is good in detecting the Pasby Hash attack or similar lateral movement to penetrate the other server by reusing weak password hash. can further ask how about the recovery aspect. Other candidate may include Carbonite.

I also have carbonite on every machine in the company.  And to asnwer a question above:  The only way to get to servers is through VPN.   I also got CGSS filtering with the SonicWall.  This will eventually replace Cisco Web Security as it is overlap.

I also got CGSS filtering with the SonicWall.  This will eventually replace Cisco Web Security as it is overlap.

Just wanted to make sure you didn't inadvertently create a gap of some sort.

And it's good that btan brought up this part, because I very much agree with it:

.. and the ATP is good but probably you should check that SPF and DKIM is implemented..

Sounds like you have a pretty good groundwork. So that, along with good policies and some of the suggestions on here, will definitely really have you in great shape.

Hopefully my reply has helped but apparently not.