One of the big issues we have is that the tool has an additional license for compromised credentials. Suppose compromised credentials for any of your domains appear in leaks, dumps, or are being sold. In that case, they try to aggregate that data and highlight that, for example, ten users appeared in recent dumps as compromised credentials. However, they don't provide much information about where those compromises came from or their source information, probably to protect their sources. Also, if you have credentials and want to check if they're still valid or can still be used, and you confirm they can't be used (maybe they're from a leak or a twenty-year-old database), there's no way for you to flag that these credentials aren't a problem anymore. The solution has a sort of flat report. It's annoying to go through lots of legwork only to see the same names or credentials still there, and you can't do anything about it in their portal. We've given them feedback, but I think it's probably on their long list of feature requests to address. For me, that would be a greater user configuration of the tests performed on a granular level. As I mentioned with Cymulate, they show you every line of code they will run and what tool is being used, step by step. Pentera is more closed in that regard. If Pentera released a feature that allows you to alter the attack path or change the command, that would be incredibly useful. Pentera might use one or a few different methods to do something, but if none of those work, it will just say everything is fine and secure. If Pentera could adapt or change based on what it finds in the environment, that would be very valuable. As a customer, we understand our environments better than an automated tool, so providing context to help the tool get better results would be valuable.
