Pentera offers platform for automated testing of resilience against ransomware attacks

By emulating the latest ransomware strains, the platform exposes vulnerabilities that can be exploited to reach critical assets and disrupt business, the company says

Pentera offers platform for automated testing of resilience against ransomware attacks

Photo: Bigstock

Automated security validation company Pentera unveiled last week its updated platform that it said carries out automated penetration testing of networks by emulating the world’s most destructive ransomware strains, providing security teams with visibility of the most severe vulnerabilities that adversaries and ransomware could exploit to compromise critical assets and disrupt business operations.

According to the Israeli company, the platform disrupts traditional approaches to vulnerability management by showing CISOs exactly how attackers and ransomware threats will exploit their network and infrastructure. Pentera is the only platform that safely automates real adversary tactics and techniques inside of the network, which fast tracks a CISO's ability to identify and prioritize the critical weaknesses across security programs that create systemic risk and that adversaries exploit to shut down business operations, the company said.  

"Vulnerability-centric programs and simulations fail because they don’t show CISOs where they’re most exposed based on how adversaries think and act once they’re in a network.  You can patch and chase vulnerabilities for days and still not be ready for a ransomware attack," said Amitai Ratzon, CEO of Pentera. "RansomwareReady is a compilation of the nastiest ransomware in the wild — from REvil to Maze. We safely emulate these within our customers' environments to show them exactly how ransomware will move throughout their network. This allows them to prioritize the critical weaknesses attackers exploit and become attack-ready."

Pentera says its platform safely performs the actions a malicious adversary would — reconnaissance, sniffing, spoofing, cracking, (harmless) malware injection, file-less exploitation, post-exploitation, lateral movement and privilege escalation — all the way to data exfiltration.  

You might be interested also