Scaling from your first pentest to a fully integrated pentest program is challenging.
Traditional consultancies have month’s long wait periods to initiate a test, only to end with an email and a static PDF file attached summarizing the pentest findings. Needless to say, most people aren’t excited to do more pentesting with this inefficient and frustrating process.
Pentest as a Service solves this. Pentest as a Service or PtaaS takes the legacy service of penetration testing and makes it faster, smarter, and stronger. With this in mind, today we’ll look at how a customer uses Cobalt’s PtaaS platform for their security program.
Datto continues to expand their pentest program to achieve a more delightful and efficient experience. We’ll explore how Datto leverages the benefits of a PtaaS platform to improve their security coverage by completing testing faster and how the platform offers smart upgrades to the legacy security process of pentesting. Lastly, companies also benefit from stronger pentests on a PtaaS platform with customizable reports and specific scope of work to fit each test’s exact goal.
Let’s dive in and look at examples of how PtaaS platforms:
- Increase reporting efficiency
- Change testers across tests without having the rigorous process of changing pentest provider
- Improve team’s bandwidth to focus on other priorities outside of a pentest
Agile and Comprehensive Pentest Reports
Agile Pentests offer customers the ability to test at the speed of their SDLC.
With software development lifecycles becoming faster and more agile, there’s no reason security should fall behind this trend. Enter PtaaS.
Through the option to choose between an Agile Pentest or Comprehensive Pentest, customers have more flexibility than ever before with their security testing programs. While both testing types achieve similar goals, there are important differences between Agile and Comprehensive Pentests.
One of the marquee deliverables from a security test is the pentest report. Here companies will see exactly what findings pentesters discovered and use the respective reports for internal or external stakeholders, depending on which type of pentest was completed.
Agile Pentest Report
An Agile Pentest report aims to inform businesses with a summary of the pentest findings including the risk rating, known as severity.
This report summarizes the scope of the test, explains the pentesting process, and closes with a summary of findings and finally includes finding details with a thorough overview of high severity findings.
View an example Agile Pentest Report.
Comprehensive Pentest Report
Unlike an Agile Pentest report, Comprehensive Pentests offer reports ideal to meet compliance requirements such as those set by PCI or SOC 2.
A Comprehensive Pentest report offers a variety of formats (all easily customizable) tailored to fit any stakeholder needs. Reports from a Comprehensive Pentest include access to an attestation letter, complete report, a list of all findings, recommendations, and post-test remediation.
Explore more with an overview of a Comprehensive Pentest Report.
Change Testers Without Changing Providers
Another valuable aspect of a Pentest as a Service platform comes from the diverse team of pentesters.
At Cobalt, our pentesters must pass a rigorous vetting process before joining the Cobalt Core — a team of over 400 testers who conduct Cobalt pentests. With such a large bench of testers available to help, Cobalt is able to offer a new set of testers for nearly every test conducted.
For some companies, changing testers may be a requirement to their security program. A fresh set of eyes in this field of work does have value but for most companies, the process to bring on a new vendor can be time consuming and frankly a headache. Therefore, changing pentesters across tests but not having to change vendors highlights one of many value propositions when you test smart using PtaaS.
Scale Pentesting to Increase Team Bandwidth
Another value proposition for using a PtaaS platform for your pentesting needs comes from the increased bandwidth teams can benefit from.
Increased team bandwidth stems from two facts for companies using a PtaaS platform. First, most apparently, outsourcing a pentest to an external provider will increase your team's bandwidth — as outsourcing anything should naturally do.
Second, companies using a PtaaS platform benefit from the increased efficiency of the platform. For example, the increased analytics provided by a platform can improve decision making. It also allows developers to speak directly to pentesters which again improves efficiency through increased knowledge and better decision making.
Video: Datto Summarizing Their Experience with PtaaS
In closing, remember there’s many different ways to scale your security program.
When it comes to pentesting, Cobalt has you covered with our industry-leading Pentest as a Service (PtaaS) platform which offers a plethora of different value propositions to companies of all sizes.
Furthermore, our different types of pentests ranging from targeted Agile Pentests to compliance-ready Comprehensive Pentest to ensure you get exactly what you need with your pentesting needs.