X
Število kibernetskih napadov se je v zadnjem letu podvojilo. Vas zanima, kako se jim lahko izognete? Postanite del naše skupnosti.
In the last year, the number of cyberattacks doubled compared to the year before. Do you want to repel potential threats? Join our community.
  • Skip to primary navigation
  • Skip to main content
  • Skip to footer
Carbonsec – Cybersecurity Consultancy Services Company

Carbonsec - Cybersecurity Consultancy Services Company

Cybersecurity services for businesses to be hackerproof, because it sucks to waste unnecessary time dealing with cyber criminals instead of focusing on business.

  • Services
    • DDoS test
    • Penetration test
    • Red Teaming
    • ICS Security
    • Cybersecurity Consulting
    • Secure Static Code Review
  • Solutions
    • Pentera Automated Penetration Testing Solution
    • Breach and Attack Simulation (BAS)
    • Simulated phishing attacks
    • Free Tools
  • Training
    • Security Awareness Training
    • Security for Developers
    • Purple Team Coaching
  • News
    • News
    • Blog
  • Company
    • About Us
    • Leadership Team
    • Careers
    • Partners
  • Contact
  • SLO
  • Email
  • Facebook
  • LinkedIn

One Thousand Pentesters In a Box – Dream or Reality?

25. August, 2020 by Matjaž Kosem

1000 bad guys per day… every day

Not a day goes by lately when we can’t read news about breaches with damage estimations, about new vulnerabilities, about new innovative social engineering techniques, about enormous ransomware earnings, etc. Ensuring a strong security posture is really becoming a big challenge nowadays, so it is not surprising that many CISOs ask themselves how to proceed, how to really manage security risks effectively?

What influences cybersecurity risks and how to manage them effectively?

The main concern in the information protection is that it is always available to those who should have access to it, and in the exact form it needs to be in. Organizations have information resources in the form of data, which are mostly stored on computer systems. These systems may contain or will contain vulnerabilities, and these vulnerabilities can be exploited by a hacker, which is simply called a threat. And because, of course, we want the probability of the threat to be kept to a minimum, we will do everything we can to prevent this.

There are three mayor ways to reduce the risks:

  1. We protect assets with security controls – from a relatively small set of basic controls, such as classic firewalls and antiviruses from more than a decade ago, one can find more than 100 different security solutions in today’s enterprise.
  2. We use vulnerability management systems – in this way we know practically every day which systems do not have security patches installed and which patches should be installed faster than others.
  3. We monitor threats through Threat Intelligence tools – the purpose of this is to find out early enough whether industry-specific attacks are happening somewhere that can happen to us as well.

However, because the information system is a “living organism”, it means that all of the following is constantly changing:

  1. Adding new systems, upgrading parts of networks, connecting to cloud services, introducing new services
  2. Vulnerabilities are changing. Just looking at the Common Vulnerabilities and Exposures (CVE®) makes us think
  3. Threats are changing, whether it’s a new hacker group or a new campaign with never-before-seen attack techniques.

One of the best ways to check where we actually are is the good old Penetration test, or even Red Teaming exercise (what are the differences between the first and second I wrote in a blog post: What’s Red Teaming? Is it a pentest?).

Despite their popularity, such tests still have some drawbacks:

  1. The duration of the test until the final report is at least two weeks, and it can also be much longer
  2. The lack of experts for such service means a relatively high price
  3. The result usually depends on the experience and talent of the pentester, sometimes even the daily form or their well-being a

Due to the above, penetration tests are usually performed once a year and have the right value only on the day of completion with a “shelf life” until the first change.

The Solution

So what would be the solution? In an ideal world, a pentest would be faster, cheaper, and more comprehensive, thus independent of an individual’s expertise. If I’m joking a bit I can say that we would, therefore, need 1000 perfect pentesters in one box and always available, preferably with a push of a button. Dream or reality?

Ladies and Gentlemen! I present to you the first and currently the only tool for automated, machine-driven penetration testing, PcySys PenTera. So that the unknown will finally become known, with just a simple push of a button.

P.S.

Because each penetration test shows vulnerabilities that need to be remediated, which is often not easy at all in larger systems, it sometimes seems like it would be easyer not to know where all the problems are.

Is it really better not to know than to know?



Blog,  News,  Red Teaming

Let’s work together

Get in touch with us and send some basic info about your project.

Get Quote

Footer

ABOUT

Cybersecurity services for businesses to be hackerproof, because it sucks to waste time dealing with cyber criminals instead of focusing on business.

  • Email
  • Facebook
  • LinkedIn

CONTACT

CARBONSEC Ltd.
Hacquetova ulica 8
1000 Ljubljana
Slovenia

info@carbonsec.com

QUICK LINKS

  • Join our community.
  • Blog
  • Terms & Conditions
  • Privacy Policy
  • Cookies

SERVICES

  • DDoS test
  • Penetration test
  • Red Teaming
  • ICS Security
  • Cybersecurity Consulting
  • Secure Static Code Review
  • Training

Copyright © 2022 Carbonsec · Created by mod.si

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT