WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

Scheduling Pentests in Minutes: How The Cobalt Platform Saves Teams Valuable Time

SANS: Within a matter of minutes, we could add an asset and schedule a test against it, allowing us to address business risks in a matter of moments.

Here’s a breakdown of the steps security teams have to take to schedule a pentest via traditional vendors. Notice that more than half of them are just to set the pentest up.

Screenshot_2021-04-14_at_14_52_16-3

This process can take weeks, if not months, and no part of it is efficient or cost-effective. Our platform aims to change that by automating and streamlining these steps.

SANS analyst Matt Bromiley recently produced a white paper that reviews our platform, stating that...

“within a matter of minutes, we could add an asset and schedule a test against it, allowing us to address business risks in a matter of moments.”

In this article we’ll summarize the features that enable this result and, more importantly, what the impact can be on efficiency and productivity.

Share asset info straight in the platform

One of the first features Matt appreciated was the ability to store asset information directly in the platform as plaintext, or via related documents he could drag and drop. For his review he wanted to pentest a Linux virtual machine in Microsoft Azure, and the platform allowed him to share details on the system, what it’s used for, and testing credentials.

Screenshot_2021-04-14_at_14_55_00

Why would he want to share this information? As Matt put it, “Successful penetration tests begin and end with proper asset classification. If you are asking someone to test your environment, you should have knowledge about what you are testing and expect to receive from the test.”

The platform guides users on how to provide the necessary information, either with clear questions or templates. One example is the “Description template” icon in Matt’s screenshot. When users click it, it expands and shares suggestions on what to include in the associated field, so that Cobalt has enough information to source the right talent for the pentest.

As a result, teams can set up pentests at a time and place suited to them.

Define your assets once, and schedule recurring tests in minutes

Another valuable point Matt highlighted is the potential to repeat pentests with consistency. Even when the first pentest is done, our platform stores asset information and enables teams to schedule multiple tests against it in the long run.

Scheduling becomes a matter of a couple of clicks. This also enables teams to compare findings over time, link performance data and make more strategic decisions around remediation.

“One of the biggest inconsistencies we see in the industry is that tests may not be cognizant of previous tests, essentially reinventing the wheel each time. Cobalt eliminates this problem, and we loved it.”

That being said, changes happen and teams can update their asset descriptions with ease. If the “why” behind the pentest has also changed, teams can specify new objectives and instructions.

Screenshot_2021-04-14_at_15_00_14

Launch tests as you see fit with on on-demand scheduling

Once Matt had provided all the relevant information on his Linux virtual machine, he clicked on “Start a Pentest” and observed the status changes on his dashboard. His test was up and running in less than 2 business days, which is our commitment to every Cobalt customer.

When teams have access to pentests in such short notice, they can respond much more quickly to changes in their environment, discoveries of new threats, or customer/compliance requirements.

To read the full SANS review of our Pentest as a Service platform, make sure to download the white paper.

Live pentest demo
Back to Blog
About Cobalt
Cobalt combines talent and technology to provide end-to-end offensive security solutions that enable organizations to remediate risk across a dynamically changing attack surface. As the innovators of Pentest as a Service (PtaaS), Cobalt empowers businesses to optimize their existing resources, access an on-demand community of trusted security experts, expedite remediation cycles, and share real-time updates and progress with internal teams to mitigate future risk. More By Cobalt
Meet Judy: The Security AI Watching Out for Small and Midsize Businesses
Compliance mapping, ongoing security training, endpoint detection and response, password management, and 24/7 monitoring — if you pictured a whole team of security consultants while reading this, you’ve clearly not met Judy.
Blog
Jul 29, 2022