Will automation replace pentesters?

3 min

Penetration testing (pentest) is probably the most revealing “discipline” of information security. It is indicative in all aspects: films are made about hackers, their activity helps to highlight the “real” problems of the company’s information security (real security), and in the information security community these guys are always treated with trepidation and honor!

However, from the point of view of customers of penetration tests, even such an interesting activity has nuances: qualified specialists are expensive, not every company can afford to implement Red and Blue Team practices, and the checks themselves are periodic (it is good if more than once a year) and cannot cover the entire infrastructure. The idea of ​​automating such activities appeared long ago, and over time, products were developed that translate these ideas into reality! Interesting? Then welcome to the cat!

On the one hand, penetration testers are not limited by anything except LoA, have imagination, ingenuity and can find non-trivial ways to solve the problem.

On the other hand, automation should not be written off either: systems do not need to sleep, eat, put children to bed, they can work continuously, bring benefits and tangible economic benefits. And if you have a Red Team, then you can equip its members with the tools discussed below!

So what are these solutions and what do they do? If systematized according to the principles of work and the results achieved, then three key groups can be distinguished:

  • Analytical Pentest – solutions that make it possible to hypothesize about the possible development of an attack if there is knowledge about how to exploit a vulnerability to gain access to the most valuable company resources.
  • Protection testing – solutions that contain a large number of all kinds of checks for a specific attack vector or element of the IT infrastructure. For example, what happens if I run these N exploits on a workstation? How many of them will antivirus or EDR stop?
  • “Automated” pentest – last but not least! Solutions that allow you to simulate the actions of a real hacker. Including exploitation of vulnerabilities. Scary? Fear not, no network has been harmed in testing yet for now!

You can write a separate article and more than one about each direction. Therefore, we decided to go a little differently – it’s better to see once than a hundred times read hear! We invite you to a series of webinars, at each of which we will analyze a separate group of solutions using examples:

  • Analytical pentest – Cronus CyBot;
  • Protection testing – Cymulate;
  • Automated pentest – Pcysys PenTera.

Each webinar will consist of two parts:

  • Introductory (slides, slides, slides, alas …). We will tell you what the solution is, what it can do and how it can be used.
  • Live demo. Let’s start it before your eyes and break something!

In addition, the webinars will be attended by vendor representatives who will answer all our and yours, even the most tricky ones.

And the main question that we posed in the title of the article: “Will automation replace pentesters?” Yes or no? You will receive answers, opinions and points of view at our webinars! And at the same time you will have the opportunity to express your point of view – we are always happy and open for discussion!

October 22, 16:00. Cronus CyBot: Analytical Security Testing

The Cronus CyBot solution identifies vulnerabilities, simulates attack scenarios and identifies the most critical flaws in the infrastructure, web and applications, the elimination of which will increase the security of the company’s valuable assets. At the webinar, we will consider the functionality of Cronus CyBot and answer the questions: how the product works, what tasks it solves, how to use the results of work in practice. We will conduct a live demonstration of the solution and answer questions.

Register for the webinar

October 29, 16:00. Cymulate: checking the effectiveness of the protection system in different vectors

The Cymulate solution allows you to test the configuration of email security, web gateway, web applications, endpoints, and also allows you to simulate phishing attacks, horizontal network traffic and the transfer of sensitive data outside the company. At the online event, we will talk about the functionality of the Cymulate product, options for its use, and demonstrate how the solution works using several attack vectors as an example.

Register for the webinar

November 12, 16:00. PenTera: continuous end-to-end infrastructure penetration test

The Pcysys PenTera pentest automation platform continuously and consistently tests your cyber defense. The system automatically finds and performs ethical exploitation of vulnerabilities, builds and visualizes complete attack vectors, and gives recommendations on how to eliminate the identified deficiencies to improve protection. At the webinar, you can get acquainted with the Pcysys PenTera platform, learn about its advantages over other methods of security analysis and see the system in action.

Register for the webinar

See you live!


Leave a Reply