Pentera Reviews

I'm a consultant and private contractor. Currently, I'm working with a financial organization that has deployed it. Their use case is to supplement their vulnerability management program and automate some of the regular pen testing they do.

The solution is SaaS-based. From a cloud perspective, it has Pentera Surface and Pentera Core. The Core is the on-prem deployed solution, while the Surface is the cloud-hosted solution that scans your public infrastructure. From the Surface perspective, the most valuable feature so far has been the attack surface mapping.

Using the platform, you provide seed information, such as a top-level domain like bank.com, bank.fr for France, or bank.de. You give them these top-level domains, and they gather as much information as possible from an OSINT perspective. This includes identifying subdomains, determining what they are linked to, where they are hosted, and their associated IP addresses. This process builds a map based on the seed information provided, assuming all discovered data is owned by your organization. It is effective because it regularly updates to monitor the external perimeter and uses that information to perform its scans.

Its remediation guidance is pretty good because it's evidence-based. Unlike a vulnerability scanner that might indicate a potential exploit, Pentera demonstrates actual exploitation and its impact, which is very useful.

It is also very helpful from a remediation perspective because if you believe you've fixed an issue, you can immediately retest to confirm that the fix has been effective.

The tool's usability allows the organization I work with to achieve a much faster turnaround on tests that would typically be outsourced to an external penetration testing company. The simpler, more repetitive, and generic tests can be conducted in-house, making it quicker for the security team to respond to the organization's needs when conducting these tests.

We used the solution for password strength assessments, ransomware testing, and automated penetration testing.

The tool helped us discover that we were using an outdated network protocol, NTLM.

The main use case for Pentera mostly comes from a compliance point of view. We use Pentera to close some compliance findings.

The most valuable feature of Pentera is that you can do continuous vulnerability assessment, which is automated. Also, the solution keeps you awake in terms of cybersecurity activities.

Our customers use the product to validate their security environment, ensuring that vulnerabilities within the network are identified and addressed.

The platform's most valuable features are credential management and vulnerability management. 

I am using the OpenIntra solution for pentesting and managing candidates in my environment. I also use this solution for house customers.

Pentera has many authentic features. We can automate the Pentera processes by automatically creating scenarios to validate the system.

The solution is used for test simulation. It simulates tests on all our servers to know the vulnerabilities in them.

We perform scheduled scanning. We create reports for the system administrators.

We are searching for VMware scanning or ransomware scanning. 

The automation and the scalability. There is some work with demolition ransomware, and the Mitra attack specification is very useful for us.

I have used Pentera as an automation tool both for customers and within my organization.

What I like the most about Pentera is its solution-oriented approach.