Jump to content

Pentera

From Wikipedia, the free encyclopedia
Pentera
IndustryCybersecurity
Founded2015 (as Pcysys)
FounderDr. Arik Liberzon, Arik Faingold
HeadquartersBoston, USA
Area served
Hamburg, Germany

London, England
Singapore
Dubai, UAE

Tel Aviv, Israel
Key people
Amitai Ratzon (CEO), Dr. Arik Liberzon (Co-founder and CTO), Ran Tamir (CPO), Aviv Cohen (CMO), Tzurit Golan (Chief People Officer), Morgan Jay (CRO)
ProductsPentera Core, Pentera Surface, Credential Exposure Module, RansomwareReady Module, Security Validation Advisory services
Number of employees
350 (October 2023)
Websitepentera.io

Pentera is an American cybersecurity software company, specializing in automated security validation solutions. Originally founded as Pcysys in 2015, the company later rebranded as Pentera in 2021. The company is led by Amitai Ratzon (CEO) and Dr. Arik Liberzon (founder and CTO). Pentera has entities in the US, Germany, UK, Israel, Dubai, and Singapore.[1][2][3][4]

Funding

[edit]

To date, the company has raised $115 million in primary funding:

  • Seed funding — Since its incorporation and by 2018, the company raised the total amount of $5 million.[5][6]
  • Series A — In November 2019, $10 million were raised from AWZ Ventures and Blackstone Group.[5]
  • Series B – In September 2020, $25 million[7] were raised from Insight Partners, AWZ Ventures, and Blackstone Group.[6][8][9]
  • Series C – In January 2022, Pentera became a unicorn raising $150 million, out of which $75 million in primary, from K1 Investment Management, Evolution Equity Partners, and Insight Partners. This funding round brought Pentera's valuation to $1 billion.[10][11]

Product

[edit]

Pentera develops security validation software designed to test cybersecurity controls, credentials, and vulnerabilities within organizations. The platform is designed to assist in identifying and prioritizing security flaws to increase an organization's resilience to cyberattacks.[12][13][14]

The Pentera software employs algorithms to test across the entire IT environment, including the internal and external network attack surfaces, on-premises and cloud-based. The platform is designed to perform automated emulation of ethical attack techniques such as remote code execution, password cracking, and data exfiltration. The platform does not require the installation of software agents on the network’s endpoints, making it compatible with most enterprise systems and security service providers.[15]

The Pentera platform consists of products and add-on modules:

  • Pentera Core Product — maps, tests and validates the security control of the organization’s internal network.[16][17]
  • Pentera Surface Product — maps, tests and validates the security control of the organization’s external network.[18]
  • Pentera Cloud Product — maps, tests and validates the security controls of the organization’s cloud environments.[19]
  • Pentera RansomwareReady Module — validates the organization’s defenses against the latest known ransomware attacks.[20][21]
  • Pentera Credentials Exposure Module — leverages data of real-world leaked credentials sources to identify threats to organizational internal and external attack surfaces.[22][23]

Research

[edit]

Pentera Lab is the company's research arm, which actively monitors threat intelligence feeds and identifies new vulnerabilities and attack techniques used by adversaries. Its publications are available for cyber defenders to identify, analyze, emulate, and mitigate new adversary tactics and techniques in the wild.[24]

These findings are synthesized and fed into the Pentera platform to continually enhance its security testing capabilities. Pentera lab also disclosed newly discovered "zero day" vulnerabilities and contributed to adversary tactics techniques and procedures (TTPs) to the MITRE ATT&CK matrix.[25][3]

Sample Pentera Lab findings and community contribution:

  • Zero-Day Vulnerabilities – In March 2022, the Pentera Labs team discovered two zero-day vulnerabilities, CVE-2022-22948 and CVE-2021-22015. They exposed weakness in VMware vCenter managed environments in over 500,000 organizations globally. The vulnerabilities were reported to VMware by Senior Security Researcher Yuval Lazar which resulted in a corrective VMware patch.[26]
  • "135 is the new 445" – In September 2022, the Pentera Lab team developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using the less monitored port, Windows TCP port 135.[27]
  • "Who Stole My Cookies? XSS Vulnerability in Microsoft Azure Functions" – In January 2023, the Pentera Lab team found a web XSS vulnerability on Microsoft Azure Functions, which was patched by Microsoft after their report.[28]

References

[edit]
  1. ^ "Pentera Launches The Industry's First Unified Testing Platform". ITsecurity Demand. 2022-02-11. Retrieved 2023-11-27.
  2. ^ Martin, Noga. "Pcysys rebrands as Pentera, unveils automated attack module". www.israelhayom.com. Retrieved 2023-12-20.
  3. ^ a b "Pentera ups ante in penetration testing | Computer Weekly". ComputerWeekly.com. Retrieved 2023-11-27.
  4. ^ "Netpoleon partners with Pentera for APAC". www.arnnet.com.au. Retrieved 2023-11-27.
  5. ^ a b Ravet, Hagar (2019-11-13). "Cybersecurity Startup Pcysys Raises $10 Million". CTECH - www.calcalistech.com. Retrieved 2023-11-27.
  6. ^ a b "Pcysys raises $25 million for automated cybersecurity testing". VentureBeat. 2020-09-09. Retrieved 2023-11-27.
  7. ^ "Pentera: מגינים על העולם, נשארים בישראל". TheMarker. Retrieved 2023-11-27.
  8. ^ "Israeli cybersecurity co Pcysys raises $25m". Globes. 2020-09-09. Retrieved 2023-11-27.
  9. ^ "Penetration testing startup Pcysys raises $25M to develop its technology". SiliconANGLE. 2020-09-09. Retrieved 2023-11-27.
  10. ^ Hu, Krystal (2022-01-11). "Israeli security startup Pentera raises $150 mln in funding round, eyes IPO". Reuters. Retrieved 2023-11-27.
  11. ^ Orbach, Meir (2022-01-11). "Pentera becomes Israel's latest cybersecurity unicorn with $150 million Series C". CTECH - www.calcalistech.com. Retrieved 2023-11-27.
  12. ^ "Pentera Redefines Cybersecurity Market with Unified Testing Platform – AI-TechPark". 2022-01-24. Retrieved 2023-11-27.
  13. ^ "Pentera redefines the cybersecurity validation market with the industry's first unified testing platform for insider and outsider threats". ITSecurityWire. 2022-01-24. Retrieved 2023-11-27.
  14. ^ "Arik Liberzon, Pentera: "we must ensure that security is proactive and preventative and not simply responsive"". cybernews.com. 2023-11-15. Retrieved 2023-11-27.
  15. ^ "Pentera Redefines Cybersecurity Market with Unified Testing Platform - AI-TechPark". 2022-01-24. Retrieved 2023-12-20.
  16. ^ "Pentera redefines the cybersecurity validation market with the industry's first unified testing platform for insider and outsider threats". ITSecurityWire. 2022-01-24. Retrieved 2023-12-20.
  17. ^ "Pentera Launches The Industry's First Unified Testing Platform". ITsecurity Demand. 2022-02-11. Retrieved 2023-12-20.
  18. ^ "Pentera ups ante in penetration testing | Computer Weekly". ComputerWeekly.com. Retrieved 2023-12-20.
  19. ^ "Pentera Cloud empowers security teams to reduce exposure to cloud-native attacks". Help Net Security. 2024-03-06. Retrieved 2024-08-28.
  20. ^ Noga, Martin. "Pcysys rebrands as Pentera, unveils automated attack module". www.israelhayom.com. Retrieved 2023-12-20.
  21. ^ "Fast Company Names Pentera In Top 10 Most Innovative Security Companies for 2023". Yahoo Finance. 2023-03-13. Retrieved 2023-12-20.
  22. ^ "Arik Liberzon, Pentera: "we must ensure that security is proactive and preventative and not simply responsive"". Cybernews.
  23. ^ Kovacs, Eduard (12 August 2022). "Black Hat USA 2022 – Announcements Summary".
  24. ^ Noga, Martin (2021-06-16). "Pcysys rebrands as Pentera, unveils automated attack module". www.israelhayom.com. Retrieved 2023-11-27.
  25. ^ Shemer, Simona (2022-06-12). "Israeli Cybersecurity Firm Pentera Launches Cyber Research Arm". NoCamels. Retrieved 2023-11-27.
  26. ^ Kovacs, Eduard (2022-03-29). "VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations". SecurityWeek. Retrieved 2023-11-27.
  27. ^ "New PsExec spinoff lets hackers bypass network security defenses". BleepingComputer. Retrieved 2023-11-27.
  28. ^ "Who Stole My Cookies? XSS Vulnerability in Azure | CSA". Cloud Security Alliance. Retrieved 2023-12-26.