Pentera Explained

Pentera is a cybersecurity software company, specializing in automated security validation solutions. Originally founded as Pcysys in 2015, the company later rebranded as Pentera in 2021. The company is led by Amitai Ratzon (CEO) and Dr. Arik Liberzon (founder and CTO). Pentera has entities in the US, Germany, UK, Israel, Dubai, and Singapore.^{[1] [2] [3] [4]}

Funding

To date, the company has raised $115 million in primary funding:

• Seed funding — Since its incorporation and by 2018, the company raised the total amount of $5 million.^{[5] [6]}
• Series A — In November 2019, $10 million were raised from AWZ Ventures and Blackstone Group.
• Series B – In September 2020, $25 million^[7] were raised from Insight Partners, AWZ Ventures, and Blackstone Group.^{[8] [9]}
• Series C – In January 2022, Pentera became a unicorn raising $150 million, out of which $75 million in primary, from K1 Investment Management, Evolution Equity Partners, and Insight Partners. This funding round brought Pentera's valuation to $1 billion.^{[10] [11]}

Product

Pentera develops security validation software designed to test cybersecurity controls, credentials, and vulnerabilities within organizations. The platform is designed to assist in identifying and prioritizing security flaws to increase an organization's resilience to cyberattacks.^{[12] [13] [14]}

The Pentera software employs algorithms to test both internal and external network attack surfaces, as well as cloud-based systems. The platform is designed to perform automated emulation of ethical attack techniques such as remote code execution, password cracking, and data exfiltration. The platform does not require the installation of software agents on the network’s endpoints, making it compatible with most enterprise systems and security service providers.^[15]

The Pentera platform consists of products and add-on modules:

• Pentera Core Product — maps, tests and validates the security control of the organization’s internal network.^{[16] [17]}
• Pentera Surface Product — maps, tests and validates the security control of the organization’s external network.^[18]
• Pentera RansomwareReady Module — validates the organization’s defenses against the latest known ransomware attacks.^{[19] [20]}
• Pentera Credentials Exposure Module — leverages data of real-world leaked credentials sources to identify threats to organizational internal and external attack surfaces.^{[21] [22]}

Research

Pentera Labs is the company's research arm, which actively monitors threat intelligence feeds and identifies new vulnerabilities and attack techniques used by adversaries. Its publications are available for cyber defenders to identify, analyze, emulate, and mitigate new adversary tactics and techniques in the wild.^[23]

These findings are synthesized and fed into the Pentera platform to continually enhance its security testing capabilities. Pentera labs also disclosed newly discovered "zero day" vulnerabilities and contributed to adversary tactics techniques and procedures (TTPs) to the MITRE ATT&CK matrix.^[24]

Sample Pentera Labs findings and community contribution:

• Zero-Day Vulnerabilities – In March 2022, the Pentera Labs team discovered two zero-day vulnerabilities, CVE-2022-22948 and CVE-2021-22015. They exposed weakness in VMware vCenter managed environments in over 500,000 organizations globally. The vulnerabilities were reported to VMware by Senior Security Researcher Yuval Lazar which resulted in a corrective VMware patch.^[25]
• "135 is the new 445" – In September 2022, the Pentera Labs team developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using the less monitored port, Windows TCP port 135.^[26]
• "Who Stole My Cookies? XSS Vulnerability in Microsoft Azure Functions" – In January 2023, the Pentera Labs team found a web XSS vulnerability on Microsoft Azure Functions, which was patched by Microsoft after their report.^[27]

References

1. Web site: Desk . Insights . 2022-02-11 . Pentera Launches The Industry’s First Unified Testing Platform . 2023-11-27 . ITsecurity Demand . en-US.
2. Web site: Martin . Noga . Pcysys rebrands as Pentera, unveils automated attack module . 2023-12-20 . www.israelhayom.com.
3. Web site: Pentera ups ante in penetration testing Computer Weekly . 2023-11-27 . ComputerWeekly.com . en.
4. Web site: Netpoleon partners with Pentera for APAC . 2023-11-27 . www.arnnet.com.au.
5. Web site: Ravet . Hagar . 2019-11-13 . Cybersecurity Startup Pcysys Raises $10 Million . 2023-11-27 . CTECH - www.calcalistech.com.
6. Web site: 2020-09-09 . Pcysys raises $25 million for automated cybersecurity testing . 2023-11-27 . VentureBeat . en-US.
7. News: Pentera: מגינים על העולם, נשארים בישראל . TheMarker . 2023-11-27.
8. News: 2020-09-09 . Israeli cybersecurity co Pcysys raises $25m . en . Globes . 2023-11-27.
9. Web site: 2020-09-09 . Penetration testing startup Pcysys raises $25M to develop its technology . 2023-11-27 . SiliconANGLE . en-US.
10. News: Hu . Krystal . 2022-01-11 . Israeli security startup Pentera raises $150 mln in funding round, eyes IPO . en . Reuters . 2023-11-27.
11. Web site: Orbach . Meir . 2022-01-11 . Pentera becomes Israel’s latest cybersecurity unicorn with $150 million Series C . 2023-11-27 . CTECH - www.calcalistech.com.
12. Web site: 2022-01-24 . Pentera Redefines Cybersecurity Market with Unified Testing Platform – AI-TechPark . 2023-11-27 . en-US.
13. Web site: Bureau . ITsec . 2022-01-24 . Pentera redefines the cybersecurity validation market with the industry's first unified testing platform for insider and outsider threats . 2023-11-27 . ITSecurityWire . en-US.
14. Web site: 2023-11-15 . Arik Liberzon, Pentera: "we must ensure that security is proactive and preventative and not simply responsive" . 2023-11-27 . cybernews.com.
15. Web site: 2022-01-24 . Pentera Redefines Cybersecurity Market with Unified Testing Platform - AI-TechPark . 2023-12-20 . en-US.
16. Web site: Bureau . ITsec . 2022-01-24 . Pentera redefines the cybersecurity validation market with the industry's first unified testing platform for insider and outsider threats . 2023-12-20 . ITSecurityWire . en-US.
17. Web site: Desk . Insights . 2022-02-11 . Pentera Launches The Industry’s First Unified Testing Platform . 2023-12-20 . ITsecurity Demand . en-US.
18. Web site: Pentera ups ante in penetration testing Computer Weekly . 2023-12-20 . ComputerWeekly.com . en.
19. Web site: Noga . Martin . Pcysys rebrands as Pentera, unveils automated attack module . 2023-12-20 . www.israelhayom.com.
20. Web site: 2023-03-13 . Fast Company Names Pentera In Top 10 Most Innovative Security Companies for 2023 . 2023-12-20 . Yahoo Finance . en-US.
21. Web site: Arik Liberzon, Pentera: “we must ensure that security is proactive and preventative and not simply responsive” . Cybernews.
22. Web site: Kovacs . Eduard . 12 August 2022 . Black Hat USA 2022 – Announcements Summary .
23. Web site: Noga . Martin . 2021-06-16 . Pcysys rebrands as Pentera, unveils automated attack module . 2023-11-27 . www.israelhayom.com.
24. Web site: Shemer . Simona . 2022-06-12 . Israeli Cybersecurity Firm Pentera Launches Cyber Research Arm . 2023-11-27 . NoCamels . en-US.
25. Web site: Kovacs . Eduard . 2022-03-29 . VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations . 2023-11-27 . SecurityWeek . en-US.
26. Web site: New PsExec spinoff lets hackers bypass network security defenses . 2023-11-27 . BleepingComputer . en-us.
27. Web site: Who Stole My Cookies? XSS Vulnerability in Azure CSA . 2023-12-26 . Cloud Security Alliance.