Over the past decade cybersecurity criminals, or ill-intentioned “hackers” as some might call them, have proliferated, costing the global economy $2.9 million every minute. In response, there has been a surge in the number of cybersecurity tools in the market, while enterprises allocate millions of dollars of budget annually to make operations, teams, and customers more secure. Point solutions have popped up to protect certain “sections” of the cybersecurity landscape, but C-Suite executives in security and information technology are left wondering: “How do I know my cybersecurity tools are working?” and “What is the state of the overall security posture within my network?”
To answer these questions, enterprises would historically hire a pentesting team of “good hackers” to replicate the real-world malicious attacks that enterprise may face, but do so in a harmless way. The core goal? To exploit these vulnerabilities before the bad guys can, so that enterprise are able to patch up these weak spots before the hackers find a way into the network & wreak havoc. However, these pentesting exercises are expensive, disruptive to the flow of business (as the pentesters physically set up shop within the organization), and are infrequent in nature – leading to the need for a vulnerability manager, or VM for short.
On top of the quarterly-to-annual “pentest,” many enterprises will have a VM tool that can take a point-in-time snapshot of a network to point out existing vulnerabilities within a network. However, these VMs are often overly exhaustive, sometimes detect “vulnerabilities” that weren’t even vulnerabilities to begin with (i.e. false positives), do not actually attempt to exploit the network, and require a fairly technical user to get the most out of the tool. That’s where Pcysys comes in.
Pcysys’s automated pentesting solution, PenTera, attacks live production networks from the inside just as a real-world malicious hacker would, moving beyond the constraints of a traditional VM by exploiting vulnerabilities to grab credentials, crack passwords, gain privileges, and inject harmless malware. The output? A comprehensive, easily digestible report that details the step-by-step “attack.” PenTera highlights the exploits it was able to achieve and prioritizes the most critical vulnerabilities it discovered. Furthermore, Pcysys can be run by less-technical users compared to a VM and can be set to run as frequently as the enterprise wants, resulting in continuous, autonomous security. Ultimately, Pcysys enables C-Suite executives to understand whether their cybersecurity tools are preventing critical vulnerabilities, and if not, what vulnerabilities to patch, while outputting a truly holistic understanding of their security posture & go-forward plan of defense.
As for the genesis of the partnership between Insight & Pcysys, our first conversation with CEO Amitai Ratzon, was back in early 2019, and we hit it off immediately as we built a bond over our love for cybersecurity and basketball! As it was apparent that the pain-points Pcysys was solving were real and pervasive, Pcysys began to garner an industry leading reputation, securing the 2019 “Enterprise Risk Management (ERM) Software of the Year” Award. Come summer 2020, Pcysys had scaled quickly to 120+ customers, adding marquee logos such as Blackstone, Cybereason, Exabeam, and NHS Bolton to name a few, and was ready to raise the “growth round” we’ve been waiting for. Both parties quickly engaged. Now, post-investment we remain eager to see how Pcysys will continue to shape the future of vulnerability management!