Pentera Acquires DevOcean to Enhance Vulnerability Remediation

Pentera has announced the acquisition of DevOcean, an Israeli startup founded by a former CyberArk security research leader. The goal is to operationalize the remediation process for vulnerabilities identified during simulated attacks. By enhancing their existing security validation offerings, Pentera aims to provide a more efficient method for organizations to address identified weaknesses.

The Boston-based cybersecurity firm emphasizes DevOcean’s capability to connect with over 100 security tools, streamlining and prioritizing remediation tasks using an advanced AI prioritization engine. This integration is designed to alleviate the historically cumbersome, manual remediation workflow that organizations currently experience.

Amitai Ratzon, co-founder and CEO of Pentera, articulated a perceived gap in their previous operational approach to attack findings. “The results of our attack simulations needed a practical pathway towards remediation,” he stated. “DevOcean came highly recommended, and its technological capabilities resonated with our operational goals.”

Founded in 2021, DevOcean has quickly gained traction, securing $6 million in funding, including a recent seed round led by Glilot Capital Partners. Reports indicate Pentera invested $30 million in the acquisition, aiming to create a closed-loop solution where vulnerability findings are promptly routed to relevant personnel for swift action.

Ratzon explained that while Pentera effectively identifies vulnerabilities, resolving those issues can often fall short due to inefficient processes. The acquisition of DevOcean is intended to bridge this gap by automating task assignment and monitoring progress through a structured ticketing system. Prior to this solution, users typically relied on manual methods, such as emails and ticketing systems, which were prone to errors and delays.

DevOcean’s system employs AI to manage the flood of vulnerability data, effectively triaging and prioritizing issues for resolution. This approach aligns with the MITRE ATT&CK framework, which categorizes tactics such as initial access, privilege escalation, and remediation, providing insights into how adversary techniques could be applied to exploit identified vulnerabilities.

The integration of DevOcean with Pentera’s platform has already begun, offering users an API-based link that facilitates real-time data transitions from attack simulations to remediation actions. This advance is crucial for security teams seeking to enhance their operational efficiency.

As organizations prepare to navigate the complex landscape of cybersecurity, the collaboration between Pentera and DevOcean illustrates a focused effort to streamline vulnerability management. With DevOcean’s capabilities in place, Pentera aims to transform the way organizations respond to cyber threats, underscoring the importance of timely and efficient remediation.