Broaden attack chain coverage with multi-agent penetration testing

PwC launches a multi-agent information discovery solution to expand attack surface coverage and accelerate penetration testing for enhanced security.

Organizations have to balance the time required to achieve depth in penetration testing with the need to deliver business results quickly.

Testers must inventory network assets including domains, subdomains, IP ranges, and exposed services before moving on to the high value work of discovering exploits. This informational gathering stage is often manual and time spent can multiply with subsidiaries. One strategy is to limit information gathering activities, but the paths intruders are likely to take can be difficult to predict.

The more time teams spend on information gathering, the less surface area testers can cover, increasing the risk of intruders being successful.

Traditional open-source software tools attempt to simplify information gathering; however they require a high level of technical expertise to use effectively. This can result in inconsistent coverage of potential attack vectors, leaving potential exploits undiscovered. 

A new approach to attack surface discovery

PwC now utilizes a multi-agent solution to help accelerate information gathering for penetration tests.  

The solution is driven by an orchestration agent that plans and executes reconnaissance using specialized tools to discover network configurations and exposed services. It also simulates typical strategies attackers employ to identify the higher risk parts of the network where deeper testing may be warranted. Humans are kept in the loop to validate system recommendations and confirm the information gathering approach. 

Once information has been gathered, the system proposes a set of initial targets for testers to begin attempting to exploit, further accelerating the process. 

What PwC’s solution can help deliver

• An estimated 16 to 32 hours saved per external penetration test

• 20 percent reduction in total engagement hours

• 24 percent fewer steps to complete engagements 

PwC's approach accelerates exploit discovery by automating pen test planning, freeing engagement teams to investigate a broad set of attack vectors more deeply.