I’m one of those managers who can’t sit in the office for more than a few days. I travel the world and constantly meet with customers, partners and investors. During 2018, I’ve met with over 100 prospects across three continents from all verticals- finance, insurance, telecommunication, retail, education, energy, healthcare – you name it.
I’d like to share their stories and key motivations for picking our software, PenTera by Pcysys.
#1 – A Pan-European Bank with a Trillion Dollar in Assets – The security team tested several BAS tools but chose Pcysys because of their realization that it’s as close as it gets to the real opposition. They preferred continuous, real-ethical hacking over the alternative which they viewed as a sterile lab exercise (with a cumbersome agent deployment project) knowing that hackers do not act in this way and that simulation games will not provide the ultimate result.
#2 – A Tier-1 Hedge Fund, East Coast, USA – It is no secret that hedge funds and trading houses hold the highest standard of IT security, employing a large selection of the latest cybersecurity prevention, detection and response tools, and next-generation Anti Virus software. This hedge fund selected Pcysys because it wanted to ensure its security posture is kept 24/7/365 with zero gaps. PenTera is their means to continually stress test their entire security stack, with a click of a button.
#3 – A Big Bank, West Coast, USA – This data-driven bank accrues over $1B in Assets Under Management, has tens of thousands of IPs and many data centers. Their main motivation for taking PenTera was their need to test their entire network and hold all parts of their system to the same standard, defying “the weakest link” concept.
#4 – A National European Retailer – With over 2 million subscribers to its buyer’s club, this retailer wanted to close the gap between policy and practice and protect its customer database from any possible intrusion. Its main motivation was to prioritize cybersecurity investments based on real threats and the potential negative business impact of a possible breach. Regularly running PenTera provides them with the prioritization of remediation and investment.
#5 – A Big Insurance Company – This national P&C Insurance security team believed they were spending too much money on consultants and not improving their security posture over time. Due to its substantial IT operations, the manual penetration tests for each segment were too few and far between. Their decision to select PenTera was driven by PenTera’s do it yourself nature and their need to continually improve without bleeding expenses.
#6 – A Medical Imaging company, North East, USA – This company’s experienced CISO needed to make sure his cybersecurity posture was where it should be, but could not get there with the existing vulnerability management software that was just creating more patching work without prioritizing remediation efforts with a threat-facing approach. PenTera allows him to focus on 10% of the vulnerabilities and human errors, accounting for 90% of “PenTera’s Ethical Hacker Achievements”, to allow for speedy remediation and resilience.
#7 – A National Hospital, UK – This hospital suffered from the WannaCry breach in 2017 and wanted to continually assess its cybersecurity defenses year long and ensure the reduction of its overall risk over time. Due to the size of its IT infrastructure, the hospital could not settle for annual penetration tests which did not succeed in protecting it from past breaches.
Reflecting back on an amazing 2018, I wanted to thank the customers which entrusted us with their business and embraced machine-based penetration testing as an integral part of their cybersecurity operations.
Aside for our customers, which are the heart of our business, I wish to thank our partners, distributors, and resellers, for supporting and believing in our vision. It has been a fantastic and challenging 2018 and we’re excited for what’s in store for 2019.
On behalf of the entire Pcysys team – researchers, pen-testers, developers, engineers, product managers, customer success & support professionals, marketers, sales professionals, and enthusiasts, I wish you all a successful 2019 – a breach-less year that is!
Why Gartner is Calling External Attack Surface Management (EASM) a Critical Functionality
External Attack Surface Management (EASM) tools are not new, but only this year has Gartner named this category as a top trend to keep an eye on in 2022. So, why does the top research & consulting firm think its time has come? The main reason is the relentless expansion of the digital footprint of...
The Good, Bad and Compromisable Aspects of Linux eBPF
2022 discoveries of new privilege escalation techniques Reading this blog will allow you to understand the eBPF mechanism and how a fairly small bug can lead to the compromise of the entire system. Executive summary Modern hacking techniques often use legitimate operating system tools for bad purposes. Such is the potential case with the common...
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter
New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Organizations should evaluate risk and apply vCenter client patches immediately. Executive Summary Pentera Labs’ Senior Security Researcher, Yuval Lazar, discovered an Information Disclosure vulnerability impacting more than 500,000 appliances running default vCenter Server deployments. This finding is...