Augmented Penetration Testing


In Episode S7E3, the discussion features Marko Simenov, CEO of Plainsea, who talks about the company’s innovative augmented penetration testing platform. Marko explains the origins of Plainsea, its unique features, and its benefits to both pen-testing companies and their clients, including time and cost savings, continuous testing capabilities, and improved efficiency. The conversation also covers Plainsea’s integration with various industries, compliance requirements, and other cybersecurity software, as well as its potential for future development based on user feedback and market demands.

Summary

Plainsea’s pen-testing Automation Journey 

Marko discusses the origins of Plainsea, a cybersecurity services provider that is initially rooted in the US. He highlights the challenges faced due to the high demand for pen-testing, such as scaling issues, inconsistent reporting, and a lack of trained talent. To address these issues, they developed a platform that automates and augments pen-testing, enriching data and improving efficiency. The platform also allows for continuous pen-testing, reducing vulnerability risks and providing consistent high-quality results for clients. Steven expresses interest in the concept of continuous pen-testing and the idea of augmented pen-testing.

Data-Driven Vulnerability Mapping and Scoring 

Steven and Marko discuss the data-driven approach of their system, which includes real-time infrastructure and vulnerability mapping. Marko explains that the system can either be manually mapped by an expert or automatically discovered through the platform. The system also has a proprietary vulnerability database that is constantly updated and improved. It integrates with CV and features automated risk scoring according to different methodologies. The system is designed to augment pen-testing, not replace it, and is intended to make service delivery more efficient and effective. Steven expresses interest in how the system handles new vulnerabilities and how unique their approach is in the industry.

Plainsea’s Unique Features and Pricing

Marko discusses the unique features of their platform. He highlights its automated infrastructure maps, specific run books, live collaboration features, and fully automated reporting. Marko emphasizes that Plainsea is not just a reporting platform but a tool that helps pen testers focus on the interesting aspects of their work. He also mentions that Plainsea is tailored for any single pen tester who wants to benefit from its automations and overall augmentation. When asked about the ideal user for the platform and its pricing, Marko responds that the pricing is transparent and available on their website.

Plainsea’s Benefits for pen-testing

Marko discusses the benefits of their platform, Plainsea, for pen-testing companies and their clients. He mentions that the platform is developed based on feedback from users, aiming for simplicity and user-friendliness. Furthermore, Marko notes that organizations that are clients of service providers express interest in working with Plainsea due to the consistency of results and the ability to communicate live through the platform. He emphasizes the benefits of continuous pen-testing, particularly for companies developing new features throughout the year, as Plainsea provides real-time testing and results.

Plainsea’s Industry Integration and Compliance

Marko discusses Plainsea’s approach to integrating with various industries and compliance requirements. He explains that the platform offers tailored run books for specific methodologies and industry standards, such as NIST and PCI. Plainsea works on integrations with threat intelligence software to enable threat-led penetration testing, which has become a prominent requirement for financial institutions in Europe. The company relies on feedback from MSSPs to improve and expand its offerings, including continuous penetration testing functionalities for highly susceptible industries. Marko also highlights Plainsea’s integration efforts with commonly used software in the market, including vulnerability assessment platforms and project management systems like Jira, to create a comprehensive cybersecurity service delivery platform.

About our Guest

Marko Simeonov is the CEO of Plainsea, a cybersecurity platform for augmented penetration testing aimed at enhancing the efficiency and service delivery of cybersecurity experts and managed service providers. With over seven years in the cybersecurity industry, Simeonov’s leadership is defined by a deep understanding of the challenges faced by professionals in the field.

Before establishing Plainsea, Simeonov was the CEO of A-MATAS, a prominent cybersecurity service provider with operations spanning Europe and the USA. Drawing on this hands-on experience, Marko established Plainsea, transforming his vision for simplified security service delivery into an innovative platform that’s reshaping how organizations approach cybersecurity.

This episode is a must-listen for anyone interested in penetration testing.

Click the image below to listen to this episode of Brilliance Security Magazine Podcast


Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.