Aviva Zacks of Safety Detective caught up with Arik Liberzon, Founder & CTO of Pcysys, to find out how PenTera™ can protect its customers from threats.
Safety Detective: How did you get into cybersecurity and what do you love about it?
Arik Liberzon: Before founding Pcysys, I led a red team in the IT branch of the Israeli Defense Forces. Our mission was to run penetration tests and red teams against extremely secure networks. I developed the attacker’s perspective of cybersecurity that is very different from the defender’s perspective.
What I like specifically from a cyber offensive perspective is that while 95% of cyber investment is related to the defensive part, only 5% to 10% is invested in offense, which is more creative and nonlinear. It’s always fun to try and break into something that a group of people has been building for years and find the way to sneak inside. It’s thrilling—you need to control many disciplines to do it well and use all the information you collect throughout the attack. You’re constantly advancing to the next step towards the end game—the grand prize.
SD: What are some of the industries that use your technology, PenTera™, and why?
AL: Our current technology is industry agnostic. A network—is a network—is a network. It doesn’t matter if you are a hospital or an insurance company. Our clients range from banks, hedge funds, investment houses, insurance companies, telco’s, high tech to legal, retail, higher education, and healthcare. Even cyber-security technology companies buy our product to ensure their network is resilient to all of the latest cyber threats.
SD: How can Pcysys’ PenTera protect customers from threats?
AL: PenTera is an automated penetration testing platform. With a single mouse click, you can check whether your IT infrastructure is secure and understand the issues that need to be fixed based on the severity of their potential breach outcome.
The automated penetration testing revolution is long overdue. Service-based pen-testing takes a lot of time, is very costly, and only offers a point-in-time snapshot. Automation of this important activity presents many benefits:
- First of all, once your organization has PenTera, it can continuously run performance security validations. Instead of pen-testing once a quarter or once a year, you can do it on an ongoing basis.
- Secondly, PenTera shows the hacker’s perspective in terms of challenging one’s security controls. It’s not a simulation; it ethically hacks the organization in a harmless way using ethical malware injections and activation capabilities.
- Lastly, we help prioritize vulnerability remediation in a very cost-effective way. There are vulnerability scanners that will show you 30,000 vulnerabilities in the organization; there are even some organizations that have over a million vulnerabilities, making remediation prioritization very difficult. PenTera prioritizes the remediation of the de facto damage-bearing vulnerabilities first.
SD: What do you feel is the number one threat in cybersecurity today?
AL: The human factor is always the first-degree risk. The human factor can be a careless worker or employee’s misconfiguration action. A great number of breaches in recent years were caused by the misconfiguration of controls and human error.
The second risk is the leakage of nation-state attack tools. In the last few years, lethal nation-state attack tools were leaked to the public intensifying the cyber threat risk. There is a clear indication that attacks are becoming more and more sophisticated and multi-step by nature.
SD: How do you feel the cyber threat landscape will change in the next 5 years?
AL: Attackers are becoming increasingly automated and leverage attack programs over current rudimentary toolkits that are operated by a person. This is a rapid ongoing arms race. We need to think of the threat evolution that we don’t see in the same lines of the security industry. In a similar way leading EDR and SIEM systems use more AI and algorithms to detect attacks, the attackers are also using similar technologies on the offensive side.
As budget and adequate personnel remain a bottleneck, the call of the industry is for automation in all aspects of cybersecurity—validation, remediation, prevention, detection, response, and recovery. Pcysys leads the charge in automated risk validation.