.svg)
The Challenge
As an innovator in SaaS solutions for energy utilities, the GridTech company operates within a heavily regulated environment. The company faces stringent security requirements, as their customers require a thorough procurement process. Because of this, they needed to expand their security program to include pentesting.
Without a dedicated pentest provider, the company needed to build their pentesting program from the ground up. A reliable and efficient pentesting solution was critical to satisfy client security expectations and comply with standards such as ISO 27001 and SOC2.
The Solution
The company partnered with Cobalt for several reasons, starting with Cobalt’s credibility and reputation. The Lead Software Engineer said: “Our decision to partner with Cobalt was strongly influenced by a trusted advisor's positive experience, and that recommendation was validated by our own great experience.” The Head of Product and Technology agreed: "It's important that both we and our customers have confidence in our pentest provider. We needed a provider with a proven track record, and Cobalt definitely met that requirement.”
Beyond Cobalt’s reputation, Gridsight valued the ease-of-use and reporting capabilities of the Cobalt Offensive Security Platform. The Cobalt platform streamlined reporting by providing clear findings, customizable reports, and efficient remediation tracking. The Head of Product and Technology stated, “The ability to tailor reports for different audiences has been a huge benefit. We can easily export reports and customize them to the specific needs of different stakeholders, so that everyone receives the information relevant to them.” The ability to remediate findings within a specified timeframe with the SLA feature and have those changes documented in the report was also a significant benefit for the company.
Additionally, unlimited retesting and collaboration with the Cobalt pentesters via Slack provided further value. "Cobalt's retesting policy gave us the confidence that we can efficiently remediate vulnerabilities and validate those fixes without undergoing an entirely new pentest," the Head of Product and Technology said.
The Results
Cobalt performed web application and network pentests. The web application pentest focused on the company’s platform, which handles a substantial amount of customer data. The network pentests helped them understand their security posture and ensured their platform was properly segmented so they could isolate potential incidents.
The pentests yielded low severity findings, such as a weak content security policy, which the company remediated by aligning to the content security policy CSP3. The low severity findings validated their commitment to security with the Head of Product and Technology stating, “We've consistently achieved the outcome any security team would want, which is low risk findings that demonstrate thorough testing. Cobalt maintains an outcome-focused approach, ensuring we can effectively demonstrate a strong security posture to our customers.” The Lead Software Engineer added: “Security is deeply ingrained in our software development lifecycle and considered critical to our platform’s foundation. A weakness in security creates an inherently unstable system.”
The company will continue to leverage Cobalt as a key part of their security program, ensuring customer security due diligence, compliance with standards, and the overall security of their product suite.
