Pentera Reviews

Common use cases include several features. The POC is completed before any customer goes for procurement. Once the POC is done, customers appreciate features such as comprehensive attack surface coverage, real-world attack emulation, and risk-based prioritization and remediation. The comprehensive attack surface coverage includes Omni Attack Surface, External Attack Surface Management (EASM), and Internal Network Validation.

The real-world attack emulation includes safe-by-design exploitation that emulates actual attack techniques and procedures without disrupting business operations. It can perform post-exploitation steps to create a full attack chain. Another feature is agentless deployment, which requires no agents or pre-installations on the customer environment, allowing for quick deployment and validation.

The Mitre ATT&CK alignment aligns attack scenarios with the Mitre ATT&CK framework, providing a standardized understanding of adversary tactics.

The solution is primarily used in BFSI (banking and financial sectors), telecommunications companies, and several large government organizations.

Comprehensive Attack Surface includes several features. Omni Attack Surface discovers, assesses, and exploits vulnerabilities across both internal networks and external assets, including cloud environments from a single platform. External Attack Surface Management (EASM) and Internal Network Validation test internal security controls and identify weaknesses within the internal network.

Automated Penetration Testing features are provided through the Pentera Surface module. Surface provides automated validation and penetration testing features with a proactive, continuous, and highly realistic approach to cybersecurity validation, helping organizations understand and reduce their true cyber exposure. They have AI-based reporting that leverages AI to identify patterns of exploitability over time, aggregate results across sites, and highlight recurring weaknesses.

They offer two types of reports: an elaborate technical report for CTOs and an Executive Summary for management. When customers see the reports after completing the POC, they are impressed by how detailed the technical report is, while management can understand what actions need to be taken to protect their network and infrastructure.

Recent Gartner reports indicate that traditional VAPT companies perform vulnerability testing at specific times, which creates security gaps. Pentera provides continuous validation, running 24/7 in the infrastructure. This means when any vulnerability appears due to firmware upgrades, OS updates, or software changes, it can be automatically identified in real-time.

The licensing model has changed from earlier versions. Previously, there was a 500 IP cap, and customers needed to buy a minimum of 500 IP and consider 500 domains. In Bangladesh, many large organizations don't have 500 domains, yet they need to buy the minimum requirement. The main challenge currently is the commercial aspect, as the product has become very expensive. They could improve by reducing the minimum requirements to 250 IP or 200 IP or 100 IP, and lowering domain requirements to 50 or 25 domains. This would help cover more customers.

The reviewer has been working with Pentera for three years.

The technical support is very good. When tickets are raised, they are taken seriously and resolved quickly. The reviewer rates the support as nine out of ten.

Positive

The setup takes at least three to four days because all IPs need to be aligned. Once the setup is complete, it is very easy to operate.

Some customers consider the ROI favorable, but facing difficulties now due to changes in the licensing model, which has made it more expensive compared to last year.

The annual cost for all features is approximately 120,000 US dollars per year.

The reviewer speaks from a sales perspective rather than a technical one. They recommend focusing on the features when presenting to customers, as traditional VAPT approaches cannot fulfill customer requirements. The solution is considered to be between simple and complex to use, with a neutral rating of seven out of ten. The overall product rating is 9 out of 10.

Pentera is utilized as part of a wider team workflow, with team members using it for penetration testing, discovering anomalies, weaknesses in environments, and identifying issues through Active Directory.

Pentera has significantly affected our organization by dropping our mean time to remediate critical vulnerabilities because the remediation team can clearly evidence the exploit instead of debating CVSS scores, and our security posture has improved. We have saved approximately 45% of the hours we used to spend on manual penetration testing.

If I could change one thing in Pentera to improve my workflow the most, it would be the platform UI because some security team members are not penetration testing specialists, making it difficult for them to navigate. I would make it easier with more guided workflows.

Continuous automated security validation across our internal network and external attack surface was necessary. The problem we were solving was that our manual penetration testing program, as good as it was, only gave us a snapshot. We would conduct a test, get a report, remediate, and by the time the next test came around, the environment had changed significantly. Pentera runs continuously, so I know our security posture isn't just validated once a year.

We moved from a reactive security posture to a proactive one. We used to find out about gaps when a penetration tester found them once a year or, worst case, when something horrible happened. Now we find them all the time.

Attack path visualization gives me the ability to communicate with leadership and the board. I can show them a complete kill chain and how an attacker gets from the initial foothold to domain admin in our environment, step by step, with evidence.

Cloud testing capabilities need enhancement. The core product was built for on-premises internal network validation.

I have used the solution for 10 years.

We used annual manual penetration testing by external firms supplemented with internal red team work. Pentera has replaced the routine annual network penetration testing.

The enterprise pricing is a big investment.

Cymulate and AttackIQ are both great, but Pentera executes real attacks instead of simulations.

The category is evolving fast, and Pentera is one of the leaders.

My main use case for Pentera is automated penetration testing and security validation to identify vulnerabilities and improve the security posture of applications and networks.

The best features of Pentera are the dashboard and security, with the dashboard being excellent as I can see everything. I simply go in, do work, and come out; it is really simple and easy to work with.

Pentera has impacted my team and my workflow by making things faster and more efficient.

Pentera has changed how my team works together, as it has improved teamwork significantly.

The biggest frustration I have had with Pentera is the navigation, which seems slower.

If I could change one thing about Pentera, I would definitely want faster navigation, which would improve my workflow.

There are no features I wish Pentera had that it does not have today.

I have been familiar with Pentera for two to three months.

Before I started using Pentera, I had just joined recently, and when I joined, my organization was already using Pentera; I did not use anything else prior.

When my organization first implemented Pentera, it was a very easy process that took around two to three hours. I am not entirely certain how the implementation works, but my team handled more of the setup process while I observed them.

My team did not need any formal training to use Pentera as it was intuitive, and everyone was able to pick it up very easily.

I would say it saves me about a five out of ten or something, and I might give it a seven because I have never tried something new, so I am giving it a seven; perhaps if I try something new, I may change my assessment.

When my team originally evaluated options, I do not know if they considered any other tools besides Pentera, but I feel they used OpenVAS and I read something about OpenVAS and Nessus.

The advice I would give to someone considering Pentera who has a workflow similar to mine is that it is different for everyone. I would rate this review a seven overall.

My main use case for Pentera is for automated penetration testing and security validation to identify vulnerabilities and improve the security posture of applications and networks.

When I open Pentera, the first thing I do is review the dashboard and launch a security assessment to identify vulnerabilities and security gaps.

This is a team workflow. I handle the dashboard and launch the security assessment with basic tasks, while our team does more advanced work.

Pentera has impacted my team and my workflow by making things faster and more efficient. The speed at which I work has improved significantly.

Pentera has changed how my team works together by improving teamwork substantially.

The best features of Pentera for me are the dashboard. The dashboard is excellent. I can see everything at a glance. I just go in, work, and come out. It is really simple and easy to work with.

Pentera has impacted my team and my workflow by making things faster and more efficient. The speed at which I work is really good.

The biggest frustration or friction point I have had with Pentera is that the navigation seems slower.

If I could change one thing about Pentera, it would definitely be faster navigation.

I have been familiar with Pentera for two to three months.

Before I started using Pentera, I had just joined recently, so when I joined, the team was already using Pentera. They did not use anything else.

When I first implemented Pentera, it was actually a very easy process. It took around two to three hours.

My team did not need any formal training to use Pentera as it was intuitive. Everyone was able to pick it up very easily.

Adoption has gone well overall with my team using Pentera.

I do not know if my team looked at any other tools before choosing Pentera, but I feel the team may have used OpenVAS, Nessus, or something similar.

The advice I would give to someone considering Pentera who has a workflow similar to mine is that the experience is different for everyone. I would give Pentera a rating of seven out of ten.

We used the solution for password strength assessments, ransomware testing, and automated penetration testing.

The tool helped us discover that we were using an outdated network protocol, NTLM.

The password strength assessments feature was valuable. The testing features are fantastic. The tool showed us that our ransomware protection wasn’t working on some machines. The product provides a lot of value.

The automated penetration testing features must be improved.

I have been using the solution for about two years.

We faced a couple of bugs in the early days, but they were resolved fairly quickly. I rate the stability a seven out of ten.

The tool is quite scalable. There's a one-to-one relationship between the engine and how many scans we can do. We can only do one scan with one engine. We had some issues around the password assessments because we added a lot of users. It took a long time. I rate the scalability a seven out of ten. We have three users in our organization.

The technical team was very good. We had a problem that needed a code update. It was done a bit slowly.

Positive

I did the initial build. The deployment was easy. We need a limited amount of experience to deploy the product because it runs a custom installation of Linux. The instructions were very good. If we have a little bit of experience, we will find the process simple.

The tool is relatively cheap. It is worth the money. A product that tells us that our ransomware protection isn't working is worth quite a lot of money.

We didn’t use automated penetration testing much. It was acting a bit like a man in the middle. It was responding to broadcast requests and broke all the reporting in the warehouse. The problem was in our organization. However, the vendor can improve automated penetration testing to prevent such situations. I will recommend the solution to others. There's not much competition. It's quite a niche product. Overall, I rate the product an eight out of ten.

The main use case for Pentera mostly comes from a compliance point of view. We use Pentera to close some compliance findings.

The most valuable feature of Pentera is that you can do continuous vulnerability assessment, which is automated. Also, the solution keeps you awake in terms of cybersecurity activities.

Pentera's general dashboards could be improved and made more specific in terms of vulnerabilities that I'm discovering. Also, the solution should accommodate virtual patching. It will be a good idea not to prolong this vulnerability in our network.

I've got one issue with Pentera's licensing. Pentera should allow small organizations to subscribe and use the solution. Sometimes, it gets very difficult to get 100,000 approved for a project. Pentera should provide the capacity to allow testing something quickly on a demand basis.

Now that we haven't been doing red teaming and blue teaming, it would be good if the solution could give general reports that we can send or communicate to our executive. That would really make our job easy. Sometimes there's a lot of jargon around the dashboard, and if it can be general, we can easily convince our executive management.

I have been using Pentera for one year and nine months.

Pentera is a very stable solution. It doesn't affect other services within the network. So it's actually very good.

I rate Pentera a nine out of ten for stability.

For now, we have about three to four individuals that can operate Pentera. One or two among them are not that technical.

Pentera is very much scalable. I rate Pentera a nine out of ten for scalability.

Pentera's technical support team is quite helpful, and they are quick to provide recommendations and point out what you need to do. Mostly, they are always on point.

Positive

Before Pentera, I have previously worked with Qualys and ManageEngine. We have used some applications of an open-source tool called Security Onion. Internally, we compare reports between Pentera and Security Onion.

Pentera’s initial setup is quite easy.

Given some procedures, Pentera's deployment takes about an hour or an hour and a half. However, it would need more time to know the environment and learn how data is actually transmitted through the network.

We have to pay a yearly licensing cost for Pentera.

We did some evaluations and POC of other products like ImmuniWeb and Qualys.

About four individuals are involved in the maintenance of Pentera. Pentera's maintenance is done by the ICT security and compliance officer, cybersecurity analysts, and infrastructure administrators.

Pentera is a very good product, but it takes some time for you to learn and understand it.

I would recommend Pentera to other users.

Overall, I rate Pentera an eight out of ten.

Our customers use the product to validate their security environment, ensuring that vulnerabilities within the network are identified and addressed.

The platform's most valuable features are credential management and vulnerability management. 

One area for product improvement could be the inclusion of a dashboard to cover multiple branches and subsidiaries, allowing for centralized monitoring.

We've been a partner with Pentera for over two years, deploying their solutions to our customers. We work with the latest version. 

The product is stable. I rate the stability a ten out of ten. 

We have four enterprise-level customers using Pentera. As long as the minimum requirements are met, it scales well. I rate the scalability a ten out of ten.

We provide the technical support services directly to our customers.

The solution is usually deployed on-premises. The setup is easy and takes a few days, including network integration and obtaining necessary permissions.

I rate the process a ten out of ten. 

The product's cost is reasonable. I rate the pricing a three out of ten. 

The solution is suitable for enterprises. I rate it a nine out of ten. 

The solution is used for test simulation. It simulates tests on all our servers to know the vulnerabilities in them.

We perform scheduled scanning. We create reports for the system administrators.

We schedule scans to find all the vulnerabilities. The product is easy to use. It is useful for cybersecurity. It keeps the organization secure.

The price could be improved.

I have been using the solution for three years.

I rate the tool’s stability a nine out of ten.

I rate the tool’s scalability a nine out of ten. We have 700 users. We have four people on the technical team to maintain the product.

It’s easy to deploy the tool. We deploy the tool on our server.

The solution provides security.

I don't operate the system. I will recommend the solution to others for automated security validation. It is scalable and easy to set up and use. Overall, I rate the tool a nine out of ten.

We are searching for VMware scanning or ransomware scanning. 

The automation and the scalability. There is some work with demolition ransomware, and the Mitra attack specification is very useful for us.

Maybe there are some remediation steps on the website, we can mask sensitive information on the website better.

Maybe scalability. I know that the Pentera right now is high level in order to scan big deals over 500 IPs and not less, and not less. That can be more granular. This will be useful.

I have been using Pentera for one or two years as a reseller. I am a specialist, and I integrate this product.

Pentera is very stable.

I'm in touch with the engineers because of the previous onboarding proposal but have not used the Technical Support yet.

Positive

All the integration is very easy, and useful. I don't have any complaints about the integration or the use of the tool. It takes maybe one day or a few hours to deploy it. It depends on the pan testing. It is a team that is involved in the process. For each product, usually two or three people. 

It's not that expensive, but it could be more cost-effective.

Well, it's important not to expect that it's about the penetration test because, in some cases, the customer has an overseas expectation or wrong expectation about that. It's important to know exactly what you want and if the tool is suitable for that.

Overall, I would rate Pentera an eight out of ten

.