Preventing Compromised Credential Breaches With Pentera's Attack-Based Validation
Pentera’s new module leverages real-world leak data to expose compromised identity threats both internally and externally
FREMONT, CA: "We see a dramatic increase in identity related threats, specifically in the number of leaked credentials available to attackers. These, alongside credential stuffing techniques allow attackers to gain access to valid accounts, resulting in a breach" said Ran Tamir, Chief Product Officer at Pentera, "By integrating leaked credentials threat intelligence into Pentera, we offer our customers a unique solution of actionable threat intelligence based on credentials that are already available online. This enables continuous validation of account exposure and a remediation plan before the accounts are compromised".
A new module on Pentera’s platform will allow administrators and end users to test stolen or compromised credentials against the full attack surface of the enterprise, providing them with an automated security validation solution based on Pentera's Automated Security Validation. Every organization faces a serious risk if its credentials are leaked or stolen. Over 80% of breaches of Web Applications are due to compromised credentials, according to the 2022 Data Breach Investigations Report (DBIR). Cyber-criminals can collect billions of credentials yearly through the dark web, paste sites, and share data dumps. As a result, organizations are at risk of being breached, ransomware attacks, and data theft when credentials are used for account takeover attacks.
Pentera's platform uses leaked credential data from real-life leaks and an active verification engine to challenge internal and external attack surfaces with real-time credentials. Through the platform, it is possible to exploit millions of attack vectors to compromise a user's credentials, allowing mitigation strategies like password resets and hardening MFA policies to limit privilege exposure.
Globally, Pentera guides remediation and closes security gaps before security professionals and service providers exploit them.