January 7, 2018
I’m one of those managers who can’t sit in the office for more than a few days. I travel the world and constantly meet with customers, partners and investors. During 2018, I’ve met with over 100 prospects across three continents from all verticals- finance, insurance, telecommunication, retail, education, energy, healthcare – you name it.
I’d like to share their stories and key motivations for picking our software, PenTera by Pcysys.
The security team tested several BAS tools but chose Pcysys because of their realization that it’s as close as it gets to the real opposition. They preferred continuous, real-ethical hacking over the alternative which they viewed as a sterile lab exercise (with a cumbersome agent deployment project) knowing that hackers do not act in this way and that simulation games will not provide the ultimate result.
It is no secret that hedge funds and trading houses hold the highest standard of IT security, employing a large selection of the latest cybersecurity prevention, detection and response tools, and next-generation Anti Virus software. This hedge fund selected Pcysys because it wanted to ensure its security posture is kept 24/7/365 with zero gaps. PenTera is their means to continually stress test their entire security stack, with a click of a button.
This data-driven bank accrues over $1B in Assets Under Management, has tens of thousands of IPs and many data centers. Their main motivation for taking PenTera was their need to test their entire network and hold all parts of their system to the same standard, defying “the weakest link” concept.
With over 2 million subscribers to its buyer’s club, this retailer wanted to close the gap between policy and practice and protect its customer database from any possible intrusion. Its main motivation was to prioritize cybersecurity investments based on real threats and the potential negative business impact of a possible breach. Regularly running PenTera provides them with the prioritization of remediation and investment.
This national P&C Insurance security team believed they were spending too much money on consultants and not improving their security posture over time. Due to its substantial IT operations, the manual penetration tests for each segment were too few and far between. Their decision to select PenTera was driven by PenTera’s do it yourself nature and their need to continually improve without bleeding expenses.
This company’s experienced CISO needed to make sure his cybersecurity posture was where it should be, but could not get there with the existing vulnerability management software that was just creating more patching work without prioritizing remediation efforts with a threat-facing approach. PenTera allows him to focus on 10% of the vulnerabilities and human errors, accounting for 90% of “PenTera’s Ethical Hacker Achievements”, to allow for speedy remediation and resilience.
This hospital suffered from the WannaCry breach in 2017 and wanted to continually assess its cybersecurity defenses year long and ensure the reduction of its overall risk over time. Due to the size of its IT infrastructure, the hospital could not settle for annual penetration tests which did not succeed in protecting it from past breaches.
Reflecting back on an amazing 2018, I wanted to thank the customers which entrusted us with their business and embraced machine-based penetration testing as an integral part of their cybersecurity operations.
Aside for our customers, which are the heart of our business, I wish to thank our partners, distributors, and resellers, for supporting and believing in our vision. It has been a fantastic and challenging 2018 and we’re excited for what’s in store for 2019.
On behalf of the entire Pcysys team – researchers, pen-testers, developers, engineers, product managers, customer success & support professionals, marketers, sales professionals, and enthusiasts, I wish you all a successful 2019 – a breach-less year that is!
Ivanti Ground Zero On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting its Ivanti Connect Secure and Ivanti Policy Secure products in supported versions (9.x and 22.x). Successful exploitation can result in authentication bypass and command injection, leading to unauthenticated remote code execution and lateral movement inside the victim’s network. Then on […]
WebLogic is a popular enterprise middleware tool that orchestrates the interaction between backend systems and frontend clients. This makes it a valuable tool for attackers, who can exploit it to access and influence a wide range of organizational applications. In this blog post, we explore how to install a persistent backdoor on WebLogic Server. We […]
Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On […]