Latest news with #Pentera
Techday NZ
07-08-2025
- Business
- Techday NZ
Pentera unveils AI web attack testing to boost cyber defences
Pentera has launched AI-powered Web Attack Testing with new features designed to emulate advanced cyber threats and enhance security validation for organisations. The latest addition introduces AI-driven payload generation and adaptive testing logic, aiming to provide security teams with tools to emulate contemporary threats more effectively. These capabilities are intended to deliver more nuanced and context-aware attack emulation, supporting organisations in validating their defences against increasingly sophisticated, AI-assisted cyberattacks. Pentera's Chief Product Officer, Ran Tamir, commented on the growing impact of artificial intelligence in the cybersecurity landscape, stating, AI is leveling the playing field, turning even keyboard kiddies into credible threat actors. Leveraging AI, attackers can move faster and with more precision than ever before. With the addition of AI to our adversarial testing arsenal we're giving defenders that same advantage, adapting in real time to new threat patterns and tuning each test with the context needed to uncover what traditional scans miss. We have a strong vision for how AI will permeate throughout the security validation practice, and these additions are only the beginning. The new capabilities extend Pentera's AI suite, which commenced with the introduction of AI Insight Reporting earlier in the year. Drawing on the experience from that launch, the company is now focusing on the external-facing web attack surface, incorporating AI in several key areas. AI-driven payload generation According to Pentera, the system can now generate attack payloads informed by current threat intelligence, allowing for faster emulation of newly discovered attack techniques. By building payloads based on the latest trends, the platform is designed to ensure that testing keeps pace with the evolution of real-world cyberattacks. PII-aware attack chaining Another capability highlighted by Pentera is PII-aware attack chaining. The system proactively identifies and extracts exposed Personally Identifiable Information (PII) during testing, automatically leveraging that data within identity threat attack emulations when relevant. This aims to reflect how attackers might exploit such data in actual intrusion attempts. No language or cultural barriers Pentera's platform reportedly accommodates variations in language, naming conventions, and terminology across different regions. The company states this enables consistent and accurate attack simulations regardless of regional differences in labelling or structuring of user-facing components. This feature aims to improve the realism and applicability of tests in diverse environments. System-aware logic The platform also features system-aware logic within its attack tactics. It can recognise the type of system it is interacting with, attempting the most relevant default credentials based on how authentication is structured in each case. This approach is intended to support more precise and context-driven attack scenarios. AI security insights reporting Alongside the AI-based web attack testing, Pentera has also introduced AI-powered security posture reporting specifically for assets exposed externally. These reports analyse historical test data across a selected timeframe, surfacing trends in security posture, regressions, and top remediation priorities. The AI insights reports are exportable, supporting both technical teams and executives by offering a clear overview of exposure and progress over time. The goal, according to Pentera, is to furnish stakeholders with actionable intelligence to guide security priorities and track the effectiveness of remediation efforts. Pentera's growing suite of AI tools reflects a broader movement in the cyber defence sector, where rapid advancements in attack automation and adversarial AI present ongoing challenges to enterprise security. The organisation focuses on supporting security teams by equipping them with assessment and validation functions that align with developments in the threat landscape.
Techday NZ
08-05-2025
- Business
- Techday NZ
Survey shows enterprises shift towards software-driven pentesting
Pentera's latest State of Pentesting report highlights a move among enterprises towards software-based penetration testing and examines cybersecurity trends among organisations with more than 3,000 employees in the United States, Germany, France, and the United Kingdom. The report is based on a survey of 500 Chief Information Security Officers (CISOs) and senior security executives and provides insight into security validation practices, budget allocation, and factors affecting the adoption of proactive risk management strategies. The data reveals that over 50% of CISOs now use software-based pentesting to supplement their in-house security testing, a practice which was not common a decade ago. The same percentage of CISOs now designate software-based pentesting as their primary means of discovering exploitable weaknesses in their organisations' IT environments. This shift appears to be a response to the scale and complexity of modern enterprise IT environments, which require more extensive coverage of attack surfaces and continuous validation efforts to address persistent vulnerabilities. According to the survey, 67% of US enterprises have experienced a security breach within the past 24 months, despite the deployment of an average of 75 security tools across their environments and an increase in security stack size for 45% of organisations over the past year. Of those experiencing breaches, 76% reported significant consequences: 36% faced unplanned downtime, 30% saw data exposure, and 28% reported financial losses. A larger selection of security tools does not always equate to improved outcomes. The report notes the difficulties posed by operational complexity: organisations managing 11 to 50 security devices generate an average of 883 alerts each week, while those with 76 to 100 tools receive 2,048 alerts, and some enterprises juggling over 101 tools deal with 3,074 weekly alerts. This volume can complicate the prioritisation and response to critical threats. On average, US enterprises spend USD $187,000 per year on pentesting, which represents approximately 10.5% to 11% of the total IT security budget, the latter of which averages USD $1.77 million per organisation. More than half of surveyed CISOs stated they plan to increase their pentesting budgets in the coming year, with nearly half intending to raise total IT security budgets as well. Use of software-based pentesting platforms is becoming more widespread, with 55% of organisations deploying such tools to support internal security assessments. Half the CISOs polled now see software-driven testing as essential for uncovering their most significant vulnerabilities, indicating increased trust in the efficacy and safety of these solutions. Cyber insurance providers are influencing enterprise security technology adoption. The report shows 58% of US enterprises and 59% overall have implemented at least one recommended cybersecurity solution at their insurer's request. An additional 34% of US companies had received recommendations for specific security solutions from their insurance providers. Despite extensive investment in technology and outside advice, confidence in government support for cybersecurity is low. In the United States, 22% of CISOs surveyed said they cannot rely on government support for cybersecurity, while 64% acknowledged government actions but believe they are insufficient. Only 14% feel that the government is fully playing its part in protecting the private sector. Jason Mar-Tang, Field CISO at Pentera, commented on the findings: "The pace of change in enterprise environments has made traditional testing methods unsustainable. 96% of organizations are making changes to their IT environment at least quarterly. Without automation and technology-driven validation, it's nearly impossible to keep up. The report's findings reinforce the need for scalable security validation strategies that meet the speed and complexity of today's environments." The survey underpinning the report was carried out by independent research firm Global Surveyz between December 2024 and January 2025.
Yahoo
13-03-2025
- Business
- Yahoo
Pentera raises $60m in Series D funding
Pentera, a US-based cybersecurity software company focused on automated security validation solutions, has secured $60m in its Series D funding round. This funding round was led by Evolution Equity Partners, with participation from Farallon Capital Management. The latest funding round brings Pentera's total funding to $250m. With the new funding, Pentera aims to accelerate innovation through research and development, AI integration, and expansion in the US market. Pentera said that since its previous funding round in December 2021, it has increased its annual recurring revenue (ARR) by more than 300% and expanded its customer base by 200%. The company's platform aims to address the evolving cyber threat landscape, enabling organisations to adopt continuous threat exposure management frameworks to ensure defences are validated against AI-driven threats. Pentera's platform emulates real-world adversarial techniques to identify security gaps across on-prem networks, web assets, and multi-cloud environments. It allows security teams to analyse attack paths, identify root causes, and prioritise remediation for effective risk reduction. Pentera CEO Amitai Ratzon said: 'Security teams face relentless, automated threats that traditional testing methods can't match. This investment allows us to accelerate innovation and expand our platform to help enterprises continuously validate their security against real-world attacks. 'As we execute our strategy to exceed $200m in ARR, we are actively exploring strategic M&A opportunities to drive market consolidation and deliver even greater value to our customers.' Evolution Equity Partners managing partner Richard Seewald said: 'Pentera has redefined enterprise security testing and validation practices. Pentera's exceptional growth, strong enterprise adoption, and category-defining innovation make it the clear leader in Automated Security Validation. 'We are proud to lead this investment and continue our relationship with Pentera as it scales globally, expands its technology, and continues to set the industry standard for security validation.' More than 1,100 enterprises, including Casey's, Wyndham Hotels & Resorts, and Virgin Atlantic, are said to use Pentera to validate their security defences. In January 2022, Pentera raised $150m in Series C funding, which brought its valuation to $1bn. "Pentera raises $60m in Series D funding " was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
Yahoo
12-03-2025
- Business
- Yahoo
Pentera nabs $60M at a $1B+ valuation to build simulated network attacks to train security teams
Strong and smart security operations teams are at the heart of any cybersecurity strategy, and today a startup that builds tooling to help keep them on their toes is announcing some funding on the back of a lot of growth. Pentera — which has built a system that launches simulations of network attacks to stress test software and human response — is announcing $60 million in funding, a Series D that values the Boston-based, Tel Aviv-founded startup at over $1 billion. The funding will be used for M&A and to continue developing product, CEO Amitai Ratzon said in an interview. Pentera is a play on the term 'pen testing', which is short for penetration testing, programs that have been devised to help drill security teams on potential attack techniques. This is effectively what Pentera has built to an elaborate degree in a product that is officially described as 'automated security validation.' 'We provide enterprises and governments a technology that, with a click of a button, can launch a mega attack against themselves, and with another click, the genie goes back into the bottle,' said Ratzon. 'The beautiful thing is that it's all safe by design.' And in contrast to, say, a fire drill in an office, Pentera's simulated attacks are carried out in a way where the rest of the organization outside of the security team is none the wiser — not unlike a lot of real-world security breaches in fact. The round is coming on the heels of Pentera growing customers by 200% to 1,100 organizations and ARR by 300% in the last four years, underscoring the demand in the market for its tools. Evolution Equity Partners is leading the round, with Farallon Capital participating. Prior to this, the company had raised $190 million in a combination of primary and secondary equity, according to PitchBook. Its other investors include Insight, K1 and Blackstone. Pentera's rise is coming at a time of a lot of automation in the world of cybersecurity. The world of cybersecurity has been virtually ambushed by the arrival of AI, which is used both by malicious hackers to breach systems, and also by a wide array of tools to help identify and stop those attacks in their tracks. Pentera takes this swing in AI into account as part of its platform. When it launches attacks, it does so around specific vulnerabilities and in the process identifies the different areas in an organisation's network that might be exploited. Typically, this could throw up as many as 10,000 alerts, Ratzon said. To be fair, an overwhelming number of alerts in live products is a classic issue with a lot of security tooling, and a number of startups are tackling that problem, too. In the case of Pentera, it automatically takes that 10,000 and whittles it down to six or eight root causes or exploitable vulnerabilities, he said, and then provides suggestions for how to fix them, and then leaves that to the teams to handle. "Pentera has redefined enterprise security testing and validation practices,' said Richard Seewald, managing partner at Evolution Equity Partners, in a statement. 'Pentera's exceptional growth, strong enterprise adoption, and category-defining innovation make it the clear leader in Automated Security Validation. We are proud to lead this investment and continue our relationship with Pentera as it scales globally, expands its technology, and continues to set the industry standard for security validation." Sign in to access your portfolio
