Platform to be unveiled publically at Infosec London on June 5th
Pcysys, provider of the machine-based penetration testing platform, announced today that Pcysys version 1.5, addresses newly in-force GDPR requirements. GDPR Article 32, 1(d) requires organizations to regularly test, assess and evaluate their security effectiveness and controls.
Existing methods for security validation such as human pen-testing are often performed only once a year.
These methods fail to address the GDPR continuous assessment requirement in a cost-effective way, as they provide primarily a point-in-time assessment. In the arms race of CISOs vs. Hackers, many corporates cannot afford an in-house red team. Others lack the knowledge and tools to predict and defend against sophisticated hackers in a continuous way.
This is where Pcysys meets an unattended need with software.
“We are at the verge of the industrial revolution of cyber risk validation” said Founder and CTO of Pcysys, Arik Liberzon.
“Intelligent software that mimics the hackers actions is gaining momentum worldwide and solving economically a dire need to validate cyber risk against the real threat and prioritize the remediation efforts.”
The European Central Bank (ECB) recently published the European Framework for Threat Intelligence-based Ethical Red Teaming coined as “TIBER-EU”. The framework aims to unify the methodologies of pen-tests which mimic the tactics and techniques of real hackers who target financial institutions. “We are in agreement with the TIBER-EU framework that threat-based risk validation is the preferred path towards the enhancement of corporate cyber resilience” said CEO of Pcysys, Amitai Ratzon. “Our growing network of partners and service providers can now act on this methodology by leveraging our technology to deliver penetration tests safely over critical live production systems.”
Why Gartner is Calling External Attack Surface Management (EASM) a Critical Functionality
External Attack Surface Management (EASM) tools are not new, but only this year has Gartner named this category as a top trend to keep an eye on in 2022. So, why does the top research & consulting firm think its time has come? The main reason is the relentless expansion of the digital footprint of...
The Good, Bad and Compromisable Aspects of Linux eBPF
2022 discoveries of new privilege escalation techniques Reading this blog will allow you to understand the eBPF mechanism and how a fairly small bug can lead to the compromise of the entire system. Executive summary Modern hacking techniques often use legitimate operating system tools for bad purposes. Such is the potential case with the common...
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter
New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Organizations should evaluate risk and apply vCenter client patches immediately. Executive Summary Pentera Labs’ Senior Security Researcher, Yuval Lazar, discovered an Information Disclosure vulnerability impacting more than 500,000 appliances running default vCenter Server deployments. This finding is...