The problem

How do you know the test found everything?

A penetration test produces a report you pay for, fix, and repeat next year. But how do you know it found everything, that the severities are calibrated, that the methodology matches what TIBER-EU or DORA Article 26 require? Most organisations have no independent means of verification.

What it does

A verification layer for red-team findings

PenTeva executes penetration-test scenarios described in a domain-specific language and produces an independent finding set you compare against your pentester's report. A finding PenTeva catches that the tester missed is an immediate priority; one the tester reported that PenTeva cannot reproduce is a calibration question worth asking.

TIBER-EU and DORA Article 26

DORA Article 26 requires financial entities above a certain threshold to conduct threat-led penetration testing (TLPT) under the TIBER-EU framework. TIBER-EU requires an independent red team, a threat intelligence provider, and a structured methodology. PenTeva is designed to serve as the verification layer — the mechanism by which the financial entity's own team can challenge and validate the red team's findings without relying solely on the red team's self-assessment.

Status

PenTeva is in active development. A waiting list of customers already exists. If you have an immediate TIBER-EU or DORA TLPT requirement, contact us — we can discuss whether an early access arrangement is appropriate for your timeline and environment.

Frameworks addressed

DORA TIBER-EU NIS 2 ISO 27001

cVaR

PenTeva findings feed directly into cVaR threat scenario calibration — turning penetration test results into quantified financial risk.

Evidence

EviGen

EviGen collects the configuration state that PenTeva tests against — the same inventory, two different verification lenses.

Every product is field-tested

← All products