Published on: April 23, 2024
In a recent Q&A with Ran Tamir, Chief Product Officer at Pentera, SafetyDetectives delves into the intricate world of cybersecurity through the lens of an industry veteran. With a rich background spanning over two decades in product management at cybersecurity giants like Palo Alto Networks and CheckPoint, Tamir provides a unique perspective on the evolving challenges and innovations within the field. Since joining Pentera in 2017 as one of its earliest employees, he has been pivotal in scaling the company and its product offerings, emphasizing the critical role of automated security validation in today’s dynamic cyber landscape. Throughout the interview, Tamir articulates how Pentera’s cutting-edge platform not only tests but also enhances organizational resilience against real-world cyber threats, reshaping conventional security strategies. His insights into the necessity of continuous, comprehensive security assessments offer a valuable roadmap for businesses aiming to fortify their defenses against increasingly sophisticated attacks.
Thank you for your time today. Can you provide an overview of your background and current role at Pentera?
My name is Ran Tamir and I’m the Chief Product Officer of Pentera. Prior to joining Pentera, I served as a product director at Palo Alto Networks, CheckPoint, and RSA. I’ve been with Pentera since 2017, joining as the 9th employee, and have overseen the growth of Pentera and our product suite from the ground up. In my role, I manage a team of 20 product managers, UX experts, and technical writers, oversee Pentera’s product roadmap and strategy, and lead the process from product innovation all the way to post release. I have more than 20 years of cybersecurity experience in product management and have held leadership positions at market leaders such as Palo Alto Networks and Checkpoint, as well as many startups along the way.
Can you walk me through the core features of Pentera’s automated security validation platform?
Pentera’s Automated Security Validation is a new approach to validating security controls based on real-world attack emulation. By mimicking threat actors’ techniques, tactics, and procedures (TTPs) against production environments, Pentera can identify exploitable gaps that adversaries can take advantage of. This understanding allows organizations to validate the effectiveness of their existing security controls and policies, as well as properly prioritize remediations to reduce exposure and improve cyber resilience. Pentera’s ASV platform is an agentless solution that safely tests the organization’s entire attack surface, from on-premises to external to cloud environments. The platform is based on a few core principles:
- On-Demand Validation – Organizations can’t afford to wait 6 months between traditional pentesting assessments and need the ability to test their dynamic IT environment on a continuous basis.
- Covering the Complete Attack Surface – Threat actors are not limited to attacking one aspect of your attack surface. They can target your on-prem environment, web-facing assets, or cloud estate individually, simultaneously, or even as part of the same attack. Security validation must account for all attack surfaces.
- Emulate Real Threat Actors – To effectively validate the security of your organization, your testing must get as close to the real threat as possible. The testing must progress every scenario until it’s completion so that security teams have an accurate assessment of how impactful each attack can be and where along the attack kill-chain is the most effective for mitigation.
- Safe by Design – Security validation must be able to showcase how threat actors can exploit your environment without any impact to your business continuity.
- Actionable Insights – Security validation provides a risk-based remediation roadmap with actionable insights that you can immediately execute to reduce exposure.
What are some of the challenges businesses face when it comes to traditional pentesting?
When it comes to traditional pentesting the challenges ultimately boil down to speed and scale.
Traditional pentests represent point-in-time assessments of your security posture. During an assessment 3rd party teams, usually of one or two pentesters, try to hack your IT environment over the course of a few days. Within the following days, the pentesters generate a report on their findings for the organization to remediate.
With a limit on the speed at which human testers can work, manual pentests can only cover a small percentage of your overall attack surface. Moreover, the pace at which new technologies and updates are deployed far exceeds the frequency of conventional penetration tests. Changes to an organization’s deployments (i.e. cloud servers or identities being added, policies changing, etc.) can fundamentally alter your risk exposure on a weekly or even daily basis, but testing in most cases is done only once or twice a year. This leaves the enterprises’ security controls untested for long periods of time with many areas of the IT environment completely untested.
Organizations face issues scaling their pentesting practices as there is a major shortage of skilled pentesters. Organizations fear being taken offline by a pentesting mistake, and only want to work with pentesters who offer the highest level of service while presenting the least risk. This shortage and danger becomes more pronounced in the cloud where there are even fewer specialists and pentesting experts and many more limitations posed by the CSPs.
The result is that security teams are basing their security validation on a partial snapshot of their security posture. There are too many assumptions and unknowns in this model.
Let’s dive further into the cloud. How has the shift to the cloud affected organizations’ exposure to threats?
The cloud offers organizations flexibility and scalability for their resources. Embracing this value, many businesses are migrating, or have already migrated, a significant number of their workflows and data to the cloud. This exposes the organization to an entirely new array of cloud-native threats. Crowdstrike recently reported a 75% increase in Cloud intrusions and the problem is that many organizations have not yet reached the security maturity to effectively defend their growing cloud deployments.
Compounding the challenge of cloud security is the idea that within your IT environment, your cloud is not a silo. Threats that endanger your cloud can also end up impacting your on-prem environment as threat actors move laterally across environments. Many organizations tend to operate in hybrid cloud environments that utilize a mix of providers and on-premises infrastructure. Though these deployments enhance operational flexibility, they also increase the number and complexity of possible attack vectors. Understanding the massive risks this causes for organizations today, our team recently launched Pentera Cloud, designed for the scale of modern attack surfaces and the speed of dynamic cloud environments.
Can you elaborate on the recently launched Pentera Cloud?
Pentera Cloud is the first software product enabling on-demand pentesting and resilience assessment of corporate cloud accounts against cloud-native attacks. Pentera Cloud challenges existing security controls and policies to validate their effectiveness and identify exploitable gaps across AWS and Azure environments.
Pentera Cloud automatically maps the organization’s AWS and Azure environments, identifying cloud resources, identities, workloads, and data. Our algorithmic engine emulates cloud-native attacks, including moving laterally across workloads, to test the organization’s resilience against cloud attack techniques mapped to the MITRE ATT&CK framework. After identifying exploitable gaps, the platform leverages kill-chain analysis within the unique context of the organization’s cloud environment to provide prioritized remediation guidance.
As part of Pentera’s platform, Pentera Cloud can test and validate the security controls beyond the cloud environments. When attacking an organization, malicious hackers are not limited to one environment. They will utilize data or harvested credentials to infiltrate the cloud or the on-prem environments. Pentera Cloud applies the creativity of these experienced threat actors in a software based, safe by design attack emulation. It can account for how attacks starting in one area of the attack surface can migrate across environments to impact the rest of the environment.
What makes Pentera Cloud different from other cloud providers on the market?
Pentera Cloud complements cloud security solutions such as Cloud Security Posture Management (CSPM) and Cloud Native Application Protection Platforms (CNAPP) by validating the exploitability of enumerated risks.
CSPM/CNAPP tools focus on cloud configuration scanning, checking existing configurations for compliance with industry regulations, standards, and security best practices. They check the theoretical risk based on the parameters but aren’t designed to validate your posture against real attack scenarios and tactics. Pentera complements these offerings by revealing true security gaps through active emulation of real cloud-native attacks that threat actors can levy against your organization. This ultimately enables you to properly identify and prioritize the remediation of exploitable security gaps outlined by your CSPM/CNAPP tools to increase your overall efficiency.