WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

ESG Report: Cobalt Customers Fix Vulnerabilities 66% Faster for Half the Cost

Enterprise Strategy Group (ESG) put us to the test, analyzing Cobalt-provided material, public and industry knowledge of pentesting and security practices, and the results of customer interviews and subject-matter experts. 

As security teams continue to adapt to faster software releases, their testing repertoire has to adapt with them. One critical line of defense is pentesting — a highly manual testing method with the reputation of being slow, inflexible, and expensive. 

Cobalt’s Pentest as a Service (PtaaS) model challenges each of these points, striving to make pentests faster and more accessible. Enterprise Strategy Group (ESG) put us to the test, analyzing Cobalt-provided material, public and industry knowledge of pentesting and security practices, and the results of customer interviews and subject-matter experts. 

Their verdict:

Cobalt’s PtaaS model can reduce the total cost of a pentesting engagement by 53%, while reducing the time exposed to vulnerabilities by 66%.”

Esg-pentest-as-a-service-report

ESG’s analysis found that Cobalt’s PtaaS model can help teams test not only more quickly and for lower costs, but also more frequently, scaling their testing programs to cover more of their applications. This assessment is based on a review of three components: time to remediation, operational efficiency, and overall risk. Let’s look at each more closely. 

Faster Time to Remediation 

ESG-validation-report-overview

The first component ESG examined was time — how much time pentests need to launch, how quickly security teams receive their first test results, and ultimately, how long their systems stay exposed to vulnerabilities. PtaaS cuts that time by 66%. Here’s how: 

  • Faster pentest launch: Tests can start as quickly as 48 hours after contract signing.
  • Faster time to first results: Cobalt customers reported receiving their first findings within 48 hours of the pentest's start, 93% faster than with traditional consulting models.
  • Faster time to test completion: Customers reported that their pentests were complete in 10-14 days, resulting in up to a 50% reduction in time to results compared to traditional approaches. 
  • Faster time to remediation: Customers were able to triage, remediate, and retest earlier because they had constant access to pentesters’ knowledge and guidance.
  • Faster subsequent testing: Customers requiring regular security testing of their assets found that using Cobalt’s PtaaS model scales well over time.

Higher Operational Savings and Efficiency 

ESG-pentest-as-a-service-economic-report

Second on ESG’s list were costs. Because Cobalt’s PtaaS model is considerably faster than traditional approaches, pentesting’s costs also drop by 53%. Examples of efficiencies include:

  • Less time spent managing pentests: Cobalt becomes an extension of the customer’s team, offering access to testers, a dedicated customer success manager or dedicated sales engineers (based on pricing tier).
  • More efficient triage: Customers reported they find triage and remediation easier with Cobalt’s continued support, receiving a remediation plan and prioritized vulnerability lists at the end of each test.
  • Fewer internal resources required: Cobalt’s pentesters supplement customers’ teams and free up resources for other core tasks. 
  • Integrations with existing processes: Through integrations with tools like Jira and GitHub, and an open API, Cobalt reduces admin time when processing pentest findings and frees up teams’ time for more impactful work. 
  • Re-testing included in pentest engagements: Cobalt customers don’t need to pay for another pentest to validate their fixes. 

Reduced Cost and Risk to the Organization

It won’t surprise anyone that data breaches can be pricey — The Ponemon Institute reports that on average it costs $4.24M per attack, with the number going as high as $9M for North America. UpGuard estimates that there’s a 29.6% chance businesses can suffer a data breach over a two-year period, resulting in a 0.04% daily average. After crunching the numbers, ESG found that a Cobalt pentest results in an avoided risk cost of $58.5K.

Expected-avoided-cost-of-data-breach-ESG-report-Cobalt-PtaaS

Here are some of the reasons why: 

  • Reduced cost of engagement: Cobalt’s credit-based pricing allows organizations to pay only for the resources they need. 
  • Lower risk of data breach: ESG found that the time Cobalt customers are exposed to risk is reduced by 66% versus traditional pentesting methods.
  • Greater depth and frequency of testing: Cobalt’s highly specialized testers and speed of engagement allow for greater agility and more frequent testing. 

We’re humbled by ESG’s analysis, and will continue making pentests more accessible and valuable to teams of every size and industry. We invite readers to access the full report here

ESG, a division of TechTarget, Research Publication, Analyzing the Economic Benefits of Cobalt's Pentest as a Service (PtaaS) Model, July 2022.

5 tips to knock out your security budget negotiation

Back to Blog
About Cobalt
Cobalt combines talent and technology to provide end-to-end offensive security solutions that enable organizations to remediate risk across a dynamically changing attack surface. As the innovators of Pentest as a Service (PtaaS), Cobalt empowers businesses to optimize their existing resources, access an on-demand community of trusted security experts, expedite remediation cycles, and share real-time updates and progress with internal teams to mitigate future risk. More By Cobalt
Cobalt’s External Network Pentest
It’s important to know your organization’s vulnerabilities and how attackers might exploit them. Learn more about Cobalt's External Network Pentest.
Blog
Mar 21, 2022
New Cobalt Offering: Agile Pentesting for Faster, More Targeted Testing
Today, Cobalt announced Agile Pentesting, a new pentest offering that gives businesses greater flexibility and marks the next evolution in PtaaS.
Blog
Sep 7, 2022