Pentera

Last updated
Pentera
Industry Cybersecurity
Founded2015 (as Pcysys)
FounderDr. Arik Liberzon, Arik Faingold
Headquarters Boston, USA
Area served
Hamburg, Germany

London, England
Singapore
Dubai, UAE

Tel Aviv, Israel
Key people
Amitai Ratzon (CEO), Dr. Arik Liberzon (Co-founder and CTO), Ran Tamir (CPO), Aviv Cohen (CMO), Tzurit Golan (Chief People Officer), Morgan Jay (SVP Sales EMEA and APAC), Patrick Guay (SVP Sales Americas)
ProductsPentera Core, Pentera Surface, Credential Exposure Module, RansomwareReady Module, Security Validation Advisory services
Number of employees
350 (October 2023)
Website pentera.io

Pentera is a cybersecurity software company, specializing in automated security validation solutions. Originally founded as Pcysys in 2015, the company later rebranded as Pentera in 2021. The company is led by Amitai Ratzon (CEO) and Dr. Arik Liberzon (founder and CTO). Pentera has entities in the US, Germany, UK, Israel, Dubai, and Singapore. [1] [2] [3] [4]

Contents

Funding

To date, the company has raised $115 million in primary funding:

Product

Pentera develops security validation software designed to test cybersecurity controls, credentials, and vulnerabilities within organizations. The platform is designed to assist in identifying and prioritizing security flaws to increase an organization's resilience to cyberattacks. [12] [13] [14]

The Pentera software employs algorithms to test both internal and external network attack surfaces, as well as cloud-based systems. The platform is designed to perform automated emulation of ethical attack techniques such as remote code execution, password cracking, and data exfiltration. The platform does not require the installation of software agents on the network’s endpoints, making it compatible with most enterprise systems and security service providers. [15]

The Pentera platform consists of products and add-on modules:

Research

Pentera Labs is the company's research arm, which actively monitors threat intelligence feeds and identifies new vulnerabilities and attack techniques used by adversaries. Its publications are available for cyber defenders to identify, analyze, emulate, and mitigate new adversary tactics and techniques in the wild. [23]

These findings are synthesized and fed into the Pentera platform to continually enhance its security testing capabilities. Pentera labs also disclosed newly discovered "zero day" vulnerabilities and contributed to adversary tactics techniques and procedures (TTPs) to the MITRE ATT&CK matrix. [24] [3]

Sample Pentera Labs findings and community contribution:

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. During the second half of 2007, XSSed documented 11,253 site-specific cross-site vulnerabilities, compared to 2,134 "traditional" vulnerabilities documented by Symantec. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.

Fortinet is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

<span class="mw-page-title-main">Proofpoint, Inc.</span> American cybersecurity company

Proofpoint, Inc. is an American enterprise cybersecurity company based in Sunnyvale, California that provides software as a service and products for email security, identity threat defense, data loss prevention, electronic discovery, and email archiving.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

In computer software, the term parameter validation is the automated processing, in a module, to validate the spelling or accuracy of parameters passed to that module. The term has been in common use for over 30 years. Specific best practices have been developed, for decades, to improve the handling of such parameters.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.

Pivotal Software, Inc. was an American multinational software and services company based in San Francisco that provided cloud platform hosting and consulting services. Since November 2023, Pivotal has been part of Broadcom.

HackerOne is a company specializing in cybersecurity, specifically attack resistance management, which blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the digital attack surface. It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure. As of December 2022, HackerOne's network had paid over $230 million in bounties. HackerOne's customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.

Lastline, Inc. is an American cyber security company and breach detection platform provider based in Redwood City, California. The company offers network-based security breach detection and other security services that combat malware used by advanced persistent threat (APT) groups for businesses, government organizations and other security service providers. Lastline has offices in North America, Europe, and Asia.

SafeBreach is a cybersecurity company based in Sunnyvale, California and Tel Aviv, Israel. The company has developed a platform that simulates hacker breach methods, running continuous "war games" to identify breach scenarios across network systems. SafeBreach is a pioneer in the emerging category of breach and attack simulation. The company's platform provides a “hacker's view” of an enterprise’s security posture to predict attacks, validate security controls and improve SOC analyst response. SafeBreach is funded by Sequoia Capital, Hewlett-Packard pathfinder, Deutsche Telekom Capital Partners and others.

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

<span class="mw-page-title-main">John Jackson (hacker)</span> Security researcher

John Jackson also known as Mr. Hacking, is an American security researcher and founder of the white-hat hacking group Sakura Samurai.

Snyk is a cybersecurity company specializing in cloud computing. It was founded in 2015 out of London and Tel Aviv with headquarters in Boston.

References

  1. Desk, Insights (2022-02-11). "Pentera Launches The Industry's First Unified Testing Platform". ITsecurity Demand. Retrieved 2023-11-27.
  2. Martin, Noga. "Pcysys rebrands as Pentera, unveils automated attack module". www.israelhayom.com. Retrieved 2023-12-20.
  3. 1 2 "Pentera ups ante in penetration testing | Computer Weekly". ComputerWeekly.com. Retrieved 2023-11-27.
  4. "Netpoleon partners with Pentera for APAC". www.arnnet.com.au. Retrieved 2023-11-27.
  5. 1 2 Ravet, Hagar (2019-11-13). "Cybersecurity Startup Pcysys Raises $10 Million". CTECH - www.calcalistech.com. Retrieved 2023-11-27.
  6. 1 2 "Pcysys raises $25 million for automated cybersecurity testing". VentureBeat. 2020-09-09. Retrieved 2023-11-27.
  7. "Pentera: מגינים על העולם, נשארים בישראל". TheMarker. Retrieved 2023-11-27.
  8. "Israeli cybersecurity co Pcysys raises $25m". Globes. 2020-09-09. Retrieved 2023-11-27.
  9. "Penetration testing startup Pcysys raises $25M to develop its technology". SiliconANGLE. 2020-09-09. Retrieved 2023-11-27.
  10. Hu, Krystal (2022-01-11). "Israeli security startup Pentera raises $150 mln in funding round, eyes IPO". Reuters. Retrieved 2023-11-27.
  11. Orbach, Meir (2022-01-11). "Pentera becomes Israel's latest cybersecurity unicorn with $150 million Series C". CTECH - www.calcalistech.com. Retrieved 2023-11-27.
  12. "Pentera Redefines Cybersecurity Market with Unified Testing Platform – AI-TechPark". 2022-01-24. Retrieved 2023-11-27.
  13. Bureau, ITsec (2022-01-24). "Pentera redefines the cybersecurity validation market with the industry's first unified testing platform for insider and outsider threats". ITSecurityWire. Retrieved 2023-11-27.
  14. "Arik Liberzon, Pentera: "we must ensure that security is proactive and preventative and not simply responsive"". cybernews.com. 2023-11-15. Retrieved 2023-11-27.
  15. "Pentera Redefines Cybersecurity Market with Unified Testing Platform - AI-TechPark". 2022-01-24. Retrieved 2023-12-20.
  16. Bureau, ITsec (2022-01-24). "Pentera redefines the cybersecurity validation market with the industry's first unified testing platform for insider and outsider threats". ITSecurityWire. Retrieved 2023-12-20.
  17. Desk, Insights (2022-02-11). "Pentera Launches The Industry's First Unified Testing Platform". ITsecurity Demand. Retrieved 2023-12-20.
  18. "Pentera ups ante in penetration testing | Computer Weekly". ComputerWeekly.com. Retrieved 2023-12-20.
  19. Noga, Martin. "Pcysys rebrands as Pentera, unveils automated attack module". www.israelhayom.com. Retrieved 2023-12-20.
  20. "Fast Company Names Pentera In Top 10 Most Innovative Security Companies for 2023". Yahoo Finance. 2023-03-13. Retrieved 2023-12-20.
  21. "Arik Liberzon, Pentera: "we must ensure that security is proactive and preventative and not simply responsive"". Cybernews.
  22. Kovacs, Eduard (12 August 2022). "Black Hat USA 2022 – Announcements Summary".
  23. Noga, Martin (2021-06-16). "Pcysys rebrands as Pentera, unveils automated attack module". www.israelhayom.com. Retrieved 2023-11-27.
  24. Shemer, Simona (2022-06-12). "Israeli Cybersecurity Firm Pentera Launches Cyber Research Arm". NoCamels. Retrieved 2023-11-27.
  25. Kovacs, Eduard (2022-03-29). "VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations". SecurityWeek. Retrieved 2023-11-27.
  26. "New PsExec spinoff lets hackers bypass network security defenses". BleepingComputer. Retrieved 2023-11-27.
  27. "Who Stole My Cookies? XSS Vulnerability in Azure | CSA". Cloud Security Alliance. Retrieved 2023-12-26.