Pentera Credential Exposure reveals compromised identity threats to internal and external attack surface
Pentera announced Credential Exposure, a new module on the Pentera platform for testing stolen and compromised credentials against the complete enterprise attack surface.
Leaked and stolen credentials pose a critical risk to organizations everywhere. The 2022 Data Breach Investigations Report (DBIR) indicates that over 80% of Web Application breaches involve compromised credentials. Every year, billions of credentials appear on the dark web, paste sites, and in data dumps shared by cyber-criminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.
The Pentera platform combines real-world leaked credential data with its active validation engine to exploit both internal and external attack surfaces. The platform leverages these hashed or clear text credentials in millions of attack vectors, and provides actionable credential exposure mitigation steps such as password reset, or hardening users’ MFA policies and limiting privileges at risk in near real-time.
“We see a dramatic increase in identity-related threats, specifically in the number of leaked credentials available to attackers. These, alongside credential stuffing techniques allow attackers to gain access to valid accounts, resulting in a breach” said Ran Tamir, Chief Product Officer at Pentera, “By integrating leaked credentials threat intelligence into Pentera, we offer our customers a unique solution of actionable threat intelligence based on credentials that are already available online. This enables continuous validation of account exposure and a remediation plan before the accounts are compromised”.
The Pentera Credential Exposure (CE) module will be demoed at Black Hat USA 2022 in Las Vegas, and generally be available starting Oct 2022.