Automated Pen Testing as a Service

as a Service

Stratejm has strategically aligned with Pcysys, provider of the PenTera, an automated penetration-testing platform that mimics the hacker’s attack – automating the discovery of vulnerabilities and performing ethical exploits, while ensuring an undisrupted network operation.

PenTera, changes the rules of the game by delivering the power of 1,000 pen-testers, eliminating the need to hire pen-testing firms to conduct costly, intrusive pen-test exercises that ultimately do not generate a comprehensive vulnerability picture. After automatically scanning and enumerating an organization’s entire network and applying a variety of proprietary pen-testing techniques, Pcysys generates an automatic attack summary report that visually illustrates the “attack story” from the hacker’s perspective, pointing to the security practices that require improvement and the vulnerabilities that need to be remediated.

PenTera’s key features include:

Business disruption alerts:

When a sequence of vulnerabilities and human errors could lead to a business application exploitation, the company is alerted with prioritized remedies to defend against this “game over” scenario.

Multi-vector attacks:

With the power of algorithmic pen-testing, the platform can supersede a human pen-tester’s capacity a thousand times over. It can validate large networks simultaneously, repeatedly going through all the pen-testing stages of discovery, vulnerability analysis, and exploitation.

Exploitation checkpoints:

For mission-critical systems, a company’s security officer can assume discrete control for higher-order exploitative stages. This capability serves in validating defenses against the most advanced attacks, yet selectively control the intrusiveness level practiced during pen-testing.

Targeted scenarios:

In addition to Blackbox pen-tests, the platform allows for pen-testing specific critical assets. This feature allows focusing on specific network segments and applications, as well as validate previously discovered and fixed vulnerabilities.

"

“Becoming the risk validation standard software comes with great responsibility,” said Vice President of Products, Ran Tamir. “Our research team is working daily to model more hacker practices and techniques into the product. It’s a cyber arms race and we are determined to have our customers win and remain resilient.”

Benefits of Automation:

  • Automated security validation and remediation reduces your attack surface and helps you meet regulatory requirements such as GDPR Article 32, 1(d) and NIST 800-115.
  • Being continuous by nature, PenTera enables you to keep your security posture at a consistently high level detecting new vulnerabilities in a timely manner.
  • With machine-based penetration testing, you can assure that your penetration tests are not prone to human errors and cover all of the defined test scope.
  • Automated penetration testing will enable you to verify that your security policies are implemented thoroughly and point to outliers and exceptions in security measure instrumentation.
  • Automated penetration testing enables you to better prioritize cybersecurity investments and remediation efforts based on your potential business impact.

Stratejm will use a combination of automation and manual exercises based on the requirements.

Typical Deliverables for any Pentest engagement include:

  • Executive Summary: A jargon and buzz-word free true executive-level summary.
  • Summary of Findings and Recommendations: Describes the environment and high-level findings and root causes. We make recommendations based on potential risk to your organization.
  • Risk Analysis Matrix: Details high-risk findings with recommendations for curative actions.
  • Remediation Priority Matrix: Prioritizes high-risk finding remediation based on severity of risk to business process, not just technology.
  • Summary of Methods: Contains details specific to the engagement methodology.
  • Detailed Findings and Recommendations: Documents the details of any findings, as well as recommendations for remediation. Evidence of controls and information sufficient to replicate the findings is included. Recommendations are based on these root causes and prioritized for a risk-based remediation with an estimation of relative work effort. Any strong controls in place that have been identified are described, as well as their impact to the security of the organization. Descriptions of techniques used, and the causes of success or failure are detailed, as appropriate.
  • Attachments: Provides details and specific examples, including screen shots, technical details, code excerpts and other relevant observations. This section also contains documents or data that are relevant but do not fit in other categories.