Cobalt Releases New Enterprise Security Features, Bolsters Large Scale Security Postures

In an evolving threat landscape, Cobalt’s updated platform scales enterprise security efforts and enhances offensive security workflows 

SAN FRANCISCO, CA, November 15, 2023 – Cobalt, the leading Pentest as a Service (PtaaS) company modernizing the traditional pentesting model, announced new enterprise offerings and enhancements to further optimize end-to-end offensive security workflows natively within the Cobalt platform. New updates to the platform include the In-house Pentesting Tools, Asset Tagging, Secure Code Review, Dynamic Application Security Testing and integration with Azure DevOps. 

Given their sheer size, enterprises often struggle to scale security operations, affecting their overall security posture and putting them at high risk for sensitive data exposure. As highlighted in Gartner's Hype Cycle for Security Operations report, PtaaS is the future for security testing and has the power to revolutionize the way enterprises approach proactive security with scale and speed.

“Large enterprises require proactive security programs entailing multiple processes and increased communication with stakeholders,” said Chris Manton-Jones, CEO of Cobalt. “Modern business leaders have to utilize an offensive methodology to protect their internal and customer’s data. We are proud to build these vital tools for large-scale security protocols empowering corporations in an evolving threat landscape.” 

Cobalt’s newest enterprise features effortlessly scale security and pentesting routines, enabling better collaboration. These proactive tools allow valuable insights to be shared more efficiently on a wider scale, accelerating threat detection and shortening the window to remediation across large teams: 

• In-house Pentest Management Tools - The In-house Pentest Management Tools enable enterprise teams to optimize their own security testing programs by centralizing pentesting operations and provide more visibility into collaboration with stakeholders. Enterprise teams are able to see all test results in one place whether it’s done by in-house teams or Cobalt testers. This reduces the administrative work with customizable and automated report templates, all while tracking program improvements with ongoing test data and analytics.
  
  
• Asset Tagging + All Findings View - Asset Tagging equips teams with greater flexibility to manage and oversee their security testing program workflows. Users can define tags on assets via app/API, filter on asset tags, and associate custom metadata with tags and teams that map back to other third-party systems. Additionally, the All Findings View provides a holistic look into the risks faced by the organization across all security testing projects/engagements and across all asset types, from applications and APIs to network, and cloud infrastructures.

"The In-house Pentest Management Tools give us the ability to seamlessly leverage the skills of our security engineers. The ease in communication and contextual understanding of past tests allows us to better work together and maximize our return on security investment,” said Matt Szymanski, Sr. Manager of Application and Product Security at Yext.

Integrating DevSecOps

Many security and development teams still lack an agile, seamless, and sustainable way to securely test their applications without causing potential disruption in the software development life cycle (SDLC). Cobalt’s solutions offer enterprise leaders tools that save security and developer teams alike time and increase productivity by shifting left and integrating security earlier in the SDLC. 

• Dynamic Application Security Testing - There is no slowing down of the modern enterprise’s reliance on cloud applications. Which is why  Cobalt is now including dynamic application security testing (DAST) within the Cobalt platform. This enables customers to achieve more continuous security testing for their web applications and APIs.
  
  
• Integration with Azure DevOps - Integration with Azure DevOps is one of the most prominent ticketing and collaboration systems leveraged by global enterprises today. Self-service enables security and development teams to seamlessly collaborate on findings and ultimately remediate them through their existing workflows and support for custom fields. 
  
  
• Secure Code Review: Proactively reviewing codebases instead of reactively issuing patches reduces exposure to vulnerabilities and  prevents costly fixes after deployment. Use Secure Code Review findings to inform a pentest and gain a holistic view of your application’s security with the Cobalt Platform.

Enterprise Momentum and Looking Ahead at 2024

During 2023, Cobalt continued its enterprise growth momentum, having grown 19% in the enterprise customer segment. In 2024, Cobalt will continue to grow its support for the enterprise market with advanced offerings like Digital Risk Assessments utilizing Open Source Intelligence (OSINT) framework for organizations looking to strengthen brand security, as well as further enhancements to network security services to support internal, external, wireless, and cloud-pentesting capabilities. 

As the security threat landscape continues to evolve, flexible user management and access controls will be essential for enterprises to protect against new threats. Enterprise Access Controls will be released to improve user management for organizations with multiple business units or products/security teams. The Groups feature will enable flexible access controls and simplify asset & pentest-level visibility and permissions.