Pentera Introduction

PAGE

1
Our Story
PAGE

2
Business and Tech Expertise at the Top
Amitai Ratzon CEO Arik Liberzon CTO
Amitai is an experienced Offensive cybersecurity expert, who served
CEO, specializing in 15 years at the IDF, leading an elite unit and
growing early-stage tech defending Israel’s most strategic assets.`
ventures from no revenue /
early revenue to tens of After leading hundreds of red team projects,
working with elite pen-testers, I came to realize
millions in ARR across that software, if built intelligently, could do a
regions and verticals. much better job at pen-testing than humans...

…soon enough, my IDF teammates started

joining me at Pentera, to compose one of the
finest cyber research teams in the world!

PAGE

5
Trusted worldwide
2015 >250 $190M
Founded Employees Funding

19 Cybersecurity & MSSP

16%
Finance

13%
Healthcare & Pharma

11%
Business & Consulting

9%
Verticals

45
Countries

>600
Customers
PAGE

6
Marquee Customers

PAGE

7
Marquee Customers

>600
Customers
PAGE

8
Customer voices Matter most
Automated Security Validation Platform
Pentera received 4.8/5.0 SCORE in Gartner Peer Insights 2021

The Next Generation
Vulnerability Scanner
This is a new kind of vulnerability scanner. It's
almost a human pentester working at
computer speed. It finds lots of vulnerabilities
faster than I could dream doing it myself.
Customer Review,
Gartner Peer Insights, Dec 2021
Pentera helped us shift from the focusing
on vulnerabilities to remediations
• The Ransomware Ready module opened our eyes to actual
weaknesses and risks we were not aware of
• Remediation priority help us reduce risk and validate that fix
made solved the problem
Customer Review,
Gartner Peer Insights, Dec 2021
Security validation that by far better
than all legacy breach simulation tools
Major focus area for us was to understand our attack surface -
both that inside and our external facing. we tested several
tools and the "all-in-one" solution Pentera had outmatched all
other point tools in the market today.
Customer Review,
Gartner Peer Insights, Dec 2021

PAGE

9
Serving All Verticals
Finance Healthcare Manufacturing Energy &Utilities

E-commerce Retail Insurance Agriculture & Food Education

Construction Cybersecurity/MSSP Aerospace & Defense Government & Municipality

Business & Consulting Telecommunications Transportation & Navigation Nonprofits

PAGE

10
The problem we solve
PAGE

11
Are You Confident of Your Organization’s
Cyber Exposure & Risk?

Security Monitoring External Perimeter Controls

SIEM/XDR/SOAR IDS/IPS/WAF

Endpoint & Network Controls Remote Access

EDR/NDR/XDR VPN

Endpoints & Domains &

Internal Networks External-facing Assets

PAGE

12
 Answering the Question
DO YOUR CYBER DEFENSES TRULY WORK TODAY
Against The Latest Threats?

EDR | NDR | EPP | SIEM | WAF | FW | SOAR | …

PAGE

13
Vulnerability-centric security is Failing
15,000+
New vulnerabilities discovered yearly

>5%
Have an exploit and were actively exploited by attackers
CVSS: 8.0

~1%
CVSS PRIORITY: 5.5

Number of security vulnerabilities actively exploited by Ransomware groups

PAGE

14
The Platform
One Platform for All Your Validation and Exposure Management Needs
PAGE

15
Pentera Platform
Total Security Validation – Customer Perspective

TOTAL
Internal Core Network ATTACK
SURFACE
COVERAGE
External Attack Surface One platform for all your
security validation
operations

PAGE

16
 Asset Vulnerability Ethical Advance Surgical
Discovery Assessment Attack Reporting Remediation
Outside-in Inside-out

Security Validation Advisory Credential Exposure Ransomware Ready APIs

PENTERA SURFACE PENTERA CORE

PENTERA PLATFORM
Autonomous | Safe by design | Agentless

ACCESS CLOUD NETWORK

Web Apps VPNs aws Azure Apple Windows Linux

PAGE

17
Research Driven Platform
Perpetually Evolving
• No simulation, ethical exploits
• Ongoing delivery of the latest top exploit and threats
• Coverage and understanding of the complete attack surface attack TTPs

PAGE

18
Pentera Attack-Validation Cycle

AGENTLESS
REAL
SAFE
AUTONOMOUS
COMPREHENSIVE

PAGE

19
End-To-End
Security
Validation
Vulnerability Exploitation

OWASP Top 10
Asset Launch Data
discovery ransomware exfiltration
Lateral Data Command
movement encryption & control
Remote Access

OUTSIDE-IN INSIDE-OUT

PAGE

20
Pentera Portfolio
PAGE

21
Pentera Core
Continuous validation of the organization’s exploitable
infrastructure using automated pen-testing procedures

• Test vulnerability exploitability in production

• Remediation prioritization based on business impact
• Various testing scenarios emulating real attacker’s perspective
• Aligned with MITRE ATT&CK framework
• Instant reporting for executives and detailed attack vector visibility
• Subscription to Pentera Labs
• Safe by design
• Agentless

PENTERA CORE

PAGE

22
Pentera Surface
Continuous validation of the organization’s exploitable external attack
surface using automated pen-testing procedures

• Visibility to the organization’s

external-facing security posture
through ongoing asset discovery
• Attractive targets module
reflecting the attacker’s
perspective
• Autonomously exploit mapped
assets
• Aligned to OWASP Top 10
• Find & validate Leaked
Credentials PENTERA
• Subscription to Pentera Labs SURFACE
• Safe by design
• SaaS deployment
PAGE

23
RansomwareReady Emulation Launch
attack

Continuous validation of the organization’s ATT&CK | T1047

security posture against ransomware strains

using automated pen-testing procedures Process
injection

ATT&CK | T1105

• End-to-end ransomware attack operation Execute

payload
• Emulation of real ransomware campaigns (e.g. Maze, Revil, Conti) ATT&CK | T1496

• Validation of security control effectiveness across different Encrypt

layers: network, endpoints, users, data. ATT&CK | T1083

• Complete alignment to the MITRE ATT&CK TTPs and IOCs

Exfiltrate
• Safe by design data
ATT&CK | T1490

C&C
(Real IOC)

ATT&CK | T1005

PAGE

24
Credential Exposure Module
Threat Intelligence
(Based on leaked credentials data
sources)

PENTERA SURFACE PENTERA CORE

jackson@pentera.labs
F00tB@l
Domains
Clear Web
Asset Credentials Active Directory Credentials
Discovery Validation Password Strength Validation

UserName@company.io url.com
Passw0rd#56 rootbe.io/resource
Deep Web
wikishmiki.io
url.com
rootbe.io BINGO! BINGO!
wikishmiki.io

DarkyName1@dark.com
Aa123456
DarkNet

PAGE

25
MITRE ATT&CK™ Compliant
Validation Attacks Mapped to the MITRE ATT&CK framework

PAGE

26
Instant & actionable Report

PAGE

27
Summary
PAGE

28
One Solution For All Your Attack Surface

CLOUD

WWW CORPORATE WWW

PAGE

29
Discover Validate Prioritize & Remediate
Asset Discovery Autonomous Root vulnerability

Vulnerability Assessment Agentless Improve Readiness

Hacker’s Perspective Real Surgical Remediation

PAGE

30
Next Steps
PAGE

31
1-Day Proof of Value (PoV)
Agreement on PoV Quote, PoV PoV day
PoV Guide Questionnaire Scoping Call • Kick off
2 weeks before 1 week before • Summary
PoV starts PoV starts

Pentera Surface 3 weeks lead time (domain owenship, asset & domains volumens)

PoV fundamentals:
• Save and controlled
• Pentera Core: No learning phase: no artificial intelligence requiring cloud data matching
• Pentera Core: On-prem approach – all information stays

PAGE

32
Fast Production Onboarding Process
WEEK ONE WEEK TWO WEEK THREE WEEK FOUR WEEK WEEK WEEK WEEK
Configure 1st Run Pentera Schedule a stealthy Run a noisy attack FIVE SIX SEVEN EIGHT
Advanced PT scan overnight (1 day/24 attack (far right on (far left on
independently on 20 hours) and configure Stealthiness Slider) Stealthiness Slider)
hosts for 8 hours the task to NOT on 20 IPs, for on the same 20 IPs.
(workday), including Require Approval for Monday morning at
DC, 10 workstations, all exploits. 08:00 AM, for a
8-9 servers. duration of 8 hours

Principles
• Result oriented
• Increase PT over time
• Knowledge transfer
• Get connected (CustomerOps, R&D, etc.)
PAGE

33
Thank You.