San Diego, CA, September 20, 2022 – Prancer Enterprise, a visionary cloud security startup specializing in offensive and defensive security tools, announced today the release of the Zero Trust Security Validation Service technology. The solution verifies and validates an organization’s complete technological infrastructure and application within its zero trust policies. Then it generates a comprehensive security report on the Zero Trust Security posture of the organization.
As enterprises adopt zero trust models, they develop applications that are internet-facing and designed with default “deny access” policies. There are many tools available in the market to implement Zero Trust security. But when it comes to the validation, no automated tool can do the security validation of a zero trust implementation. This is where Prancer Enterprise’s Zero Trust Security Validation Service comes into the picture. The solution offers a complete and comprehensive security validation of an organization’s technology stack and provides a detailed report on the Zero Trust Security posture.
Prancer uses its patented Penetration testing as Code (PAC) framework to do the security validation of a Zero Trust implementation. The PAC framework is a code-driven security testing methodology that automates the entire process of offensive security testing. The Penetration testing as Code (PAC) solution covers the entire spectrum of Zero Trust implementation from networking, identity/access management, data security and application security. A wide range of zero trust policies is included in the PAC framework to support this initiative.
“As more and more businesses move to the cloud, it’s imperative that they adopt a Zero Trust Security approach,” said Prancer CEO, Farshid Mahdavipour. “Our new service offering will help organizations to automatically validate the implementation of their zero trust security,” explained Farshid. “Without this validation process, you cannot ensure if you are protected.”
Prancer zero trust testing uses sophisticated toolsets to assume the contexts of both external and internal adversaries. Current agent-based dynamic application security testing (DAST) tools that rely on fixed contexts may not be able to identify all potential attack scenarios, especially when testing zero trust applications at scale. With this new release, Prancer Cloud Security Solution is equipped with features to do the offensive scanning of a zero-trust implementation:
Validates the implementation at different layers, including assuming different zero trust identities, contextual findings and attack emulation against various company assets.
Flexible enough to take multiple contexts and contracts to validate the “deny and allow” lists.
Includes contextual access policies such as client certificates / MTLS or O-Auth tokens (vital for apps to determine data access)
On the attack emulation side, Prancer’s Pentest As Code ( PAC) framework intuitively delivers threats as code. It provides simple interfaces incorporating bespoke penetration testing scripts to simulate a wide range of attack types, including 1.)white-box, 2.)black-box, 3.)in-network, and 4.)out-of-network testing.
It also allows users to emulate automated and controlled attacks using a fully automated and managed service.
These new features are available immediately to clients who need to validate their Zero Trust Security measures. To learn more about Prancer Enterprise’s zero trust validation service, please visit: https://www.prancer.io/zerotrust/
Prancer is the industry’s first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud. Prancer provides a comprehensive suite of Code security and penetration testing as code (PAC) solutions to enable shift-left approaches to implement preventative controls and offensive security testing mechanisms. Prancer Cloud Security Solution allows you to rapidly validate at scale your cloud applications against ever-growing, sophisticated purpose-built cyber threats. The results of implementing Prancer are 1.)faster release cycles, 2.)higher reduction of false-positive findings, and 3.)greater overall cost savings for both security and engineering teams. For more information, visit https://www.prancer.io/