While initially skeptical, Kesler quickly saw that Cobalt’s promise of high-quality findings was well-founded. “I looked at the numbers for Cobalt and thought, ‘If they're able to deliver what they're saying at this cost, it's close to twice the value I would expect from a traditional pentest.’ And it turned out that way. The Cobalt team did excellent work and delivered the value that they promised.” In particular, Kesler was impressed by the pentest team’s range and depth of skills: “Pendo is a complicated product. It takes time to wrap your mind around how it works. But the quality of the results we got from Cobalt was greater than what I had seen in comparable pentests. I felt like they were digging deep, and that’s not something I’ve always seen in the past. Where previously I might have expected two consultants to be assigned to a project, Cobalt brought five pentesters, each with different skills that complemented each other.”
Of course, the quality of findings is only half the battle. To add real value for Pendo, vulnerability findings needed to be actionable. On top of easy two-way communication via the Slack channel, the team at Pendo also benefited from the ease of retesting facilitated by the Cobalt platform. Once Pendo’s engineering team had resolved a vulnerability, they used the platform to request a retest straight away. From there, the pentester who identified that vulnerability would retest to ensure it had been resolved and update the portal accordingly.
What’s next for Pendo?
Having seen the value added by Cobalt’s PtaaS platform, Kesler sees Pendo continuing to increase the number of pentests that it does each year.