See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.
See our Fast Start promotion and start your first pentest on The Cobalt Offensive Security Testing Platform for only $4,950.

Jarvis Analytics uses pentesting and compliance automation to set itself up for security posture success

Jarvis Analytics built a security and compliance program with Cobalt & Drata to accelerate the due diligence process.

Jarvis Analytics is a dental analytics platform that provides comprehensive business analytics tools and actionable workflows to help dental businesses use data to diagnose problems, strengthen decision-making, and improve business and clinical performance. Founded in 2017, Jarvis Analytics is being used in thousands of dental practices and has grown 20x in the last four years.

The team at Jarvis Analytics, led by Steven Maroulis, Founder and CEO, leveraged Cobalt & Drata’s offerings to create and scale their foundational security program ahead of a recent acquisition by Henry Schein One. In addition to the acquisition, and the stringent requirement needed for HIPAA compliance, Jarvis Analytics felt a responsibility to actively show their customers how seriously the organization takes the security of their sensitive information so that they could feel confident in Jarvis Analytics’s commitment to upleveling their security and compliance. Some of the biggest and fastest-growing dental businesses, such as MB2 Dental, DECA Dental, rely on Jarvis Analytics to unlock their business potential.

Drata is a security and compliance automation platform whose goal is to monitor and streamline the SOC2 and ISO process. The team at Jarvis Analytics relied on Cobalt’s Pentesting as a Service (PtaaS) platform, the Drata platform, and worked closely alongside Ashley Hyman, Drata’s Vice President of Customer Success, to create and scale their foundational security program ahead of their recent acquisition by HSO.

"When it came to pentesting and assessing our system against threats, we really gravitated towards the Pentesting as a Service model because it was important that my team could login and see exactly what was happening, what testers were working on and finding, as well being able to flexibly buy additional credits as needed."





Requirements of due diligence during an acquisition

Jarvis Analytics wanted their security posture to stand up to any scrutiny during the merger and acquisition process

Flexibility & speed

Customer requirements for Jarvis Analytics vary, so customized reporting was essential


Quick turnaround time

Jarvis's pentest was turned around in two weeks, with retesting happening in real-time

Transparent reporting

Cobalt delivered a detailed report to Jarvis Analytics's acquisition company, helping build confidence and trust in their security program

Accelerated acquisition timeline

Jarvis Analytics saved hundreds of hours with help from Cobalt, and Drata's policy center - completing their acquisition process in two months

Jarvis Analytics had to move fast to find the best providers with what they needed to build out their security and compliance program, especially while doing so during the due diligence process. Looking for partners that were flexible, and had incredible customer service and support were top priorities for the Jarvis Analytics team, as well as platforms that would easily integrate into their existing tech stack and would map to systems Jarvis Analytics already has in place, such as Github and Slack.

The Drata and Cobalt platforms were easy for the Jarvis Analytics team to adopt and use. Jarvis Analytics took advantage of Drata’s intuitive onboarding checklist and policy center, and the support of their dedicated customer success manager. On their first call with Drata, Jarvis Analytics was able to connect all of its key infrastructure and systems and begin setting up its policies, allowing them to quickly invite customers into the platform.

Through Cobalt, Jarvis Analytics was able to easily integrate using Slack to communicate directly with pentesters into their processes and loved how they could freely communicate back and forth on findings as soon as they were found by the pentesters on the project, get instant updates, and ask questions in real-time instead of having to wait weeks for a final report as the only communication. However, the true differentiator for Maroulis was that unlimited retesting was included in the scope of the test - as someone working on a tight timeline and working towards compliance requirements and acquisition, he didn’t want to have to re-engage with another provider for retesting, which would have added significant time and cost.

“We knew we were about to go through an acquisition and something that I cannot stress enough is that your security posture is an important part of the technical due diligence process. We wanted to show our future buyers that we took this matter seriously, and we were a technical fit for their business… At Jarvis Analytics, we handle really sensitive data, and truthfully security keeps me up at night. I worked with Drata and Cobalt because I wanted to make sure we would pass our due diligence with flying colors.”




The entire acquisition process took about two months for the Jarvis Analytics team - including getting started on the Drata platform and the two weeks for their pentest, remediation, and retesting with Cobalt before finishing the acquisition with the Henry Schein One team.

Drata was a great fit, as it had the highest level of automation, was the only single-tenant database solution provider out there, and had natively embedded security training, giving the team at Jarvis Analytics confidence that they’d partnered with a company that had a culture of commitment to data and security, and could give them a real-time view of their security posture. Maroulis notes that his team saved hundreds of hours by having the policy center in the Drata platform available to them.

Although Steven acknowledges that a pentest is only reflective of a moment in time, the results provided Jarvis Analytics with a strong baseline of understanding where their security posture stood. The level of detail the Jarvis Analytics team was able to share with HSO from Drata and Cobalt was high - Cobalt produces a comprehensive report that includes an executive summary, scope of work, methodology of testers, summary of findings, recommendations, and a post-test remediation report that transparently and clearly shows the results of the testing engagement.

These findings affirmed that Jarvis Analytics is headed in the right direction with its security program. As expected, there were a few low/medium risk items identified, but the team was able to push changes fast and retest with the Cobalt Core team of pentesters, most of which were resolved within 36 hours.

Moving forward, the team at Jarvis Analytics will continue to work with Drata to monitor and assess their real-time security posture and will pentest with Cobalt every time they introduce a new major feature or change their architecture in addition to annual testing as part of compliance requirements.

"Protecting data and patient privacy is more important than ever...As the team at Jarvis Analytics experienced, the Drata and Cobalt platforms are a powerhouse when used together to create a security and compliance program."