PT Dephaze

Main article: Pentesting (pentesting)

2024: PT Dephaze Launch

On October 11, 2024, Positive Technologies announced a product for automatic internal penetration testing - PT Dephaze. PT Dephaze opens up a segment of the cybersecurity market for Positive Technologies - breach and attack simulation (BAS) and automatic pentest systems. According to expert estimates of the vendor, its volume, along with the classic pentest, reaches 5 billion rubles.

Freepik

According to the company, the product conducts safe and managed penetration into the infrastructure in order to get maximum access. At the same time, chains of attacks to critical systems are formed in order to confirm or deny the possibility of their achievement.

According to Positive Technologies, companies even with a high level of maturity INFORMATION SECURITY implement security analysis projects at most once a year or only on request. This is extremely small, as the level of security of the infrastructure is constantly changing. In addition, in 100% of organizations in which PT SWARM researchers conducted internal penetration tests, an internal attacker could establish full control over the infrastructure. Moreover, in 63% of cases, he did not have to have a high level of training, which means that such attacks can be automated.

According to surveys conducted by Positive Technologies, companies, regardless of the level of maturity of information security, would like to track the state of their cyber resistance at an arbitrary moment in time. In addition, organizations need to regularly evaluate the configuration of installed protection tools in order to then improve their configuration to repel cyber attacks. According to the Center for Strategic Research, the needs of companies in assessing security are growing from year to year, in 2023 this market was estimated at 8 billion rubles.

We see the desire and demand of companies to conduct a security audit. On average, more than 500 organizations turn to us with such requests per year. To provide more security verification opportunities, we are strengthening the direction of the pentest with the product - PT Dephaze. The continuous internal penetration testing tool complements the classic manual penetration test, allowing companies to know the level of their security and further build effective security. We estimate the market for classic and automatic pentests in Russia at a total of more than 5 billion rubles. told Egor Nazarov, Head of the Positive Technologies Infrastructure Security Business Development Group

PT Dephaze allows you to safely for infrastructure in automatic mode using machine learning technologies to conduct internal penetration testing - without limiting the number of checks. To run the simulation, the user only needs to install the software on the server, specify the target and wait for the result. Among the goals, you can set both points of interest in the infrastructure - an information system, an application, a device, for example, a general director's computer, an entire segment, for example, with the 1C platform), and unacceptable events, which each company defines for itself. If necessary, it is possible to exclude certain components and operating techniques.

The product understands how the shortest way to reach a given target, visualizes the route on simulation map and tells you how to attack this or that system. This data will help information security specialists prioritize vulnerabilities and develop an effective strategy for investing in information security. Based on the results of the inspections, the company will gain knowledge of how to cut off the path of a potential attacker, eliminating the shortcomings.

PT Dephaze is launched with a single button and does not require special knowledge from the operator in the field of pentesting. The product will allow you to assess the real security of different segments of the infrastructure, for example, to understand whether a real hacker from an employee's computer from the sales department can get to the device of an accountant or IT infrastructure administrator. commented Yaroslav Babin, Director of Attack Simulation Products at Positive Technologies

PT Dephaze is suitable for large companies with a mature information security system, as well as organizations that only implement cybersecurity processes or establish them. The product will allow them to run as many automatic penetration tests as they like for any purpose. End users are specialists of the internal division of the red team or the information security monitoring and incident response center (SOC).