As security teams continue to adapt to faster software releases, their testing repertoire has to adapt with them. One critical line of defense is pentesting — a highly manual testing method with the reputation of being slow, inflexible, and expensive.
Cobalt’s Pentest as a Service (PtaaS) model challenges each of these points, striving to make pentests faster and more accessible. Enterprise Strategy Group (ESG) put us to the test, analyzing Cobalt-provided material, public and industry knowledge of pentesting and security practices, and the results of customer interviews and subject-matter experts.
Their verdict:
“Cobalt’s PtaaS model can reduce the total cost of a pentesting engagement by 53%, while reducing the time exposed to vulnerabilities by 66%.”
ESG’s analysis found that Cobalt’s PtaaS model can help teams test not only more quickly and for lower costs, but also more frequently, scaling their testing programs to cover more of their applications. This assessment is based on a review of three components: time to remediation, operational efficiency, and overall risk. Let’s look at each more closely.
Faster Time to Remediation
The first component ESG examined was time — how much time pentests need to launch, how quickly security teams receive their first test results, and ultimately, how long their systems stay exposed to vulnerabilities. PtaaS cuts that time by 66%. Here’s how:
- Faster pentest launch: Tests can start as quickly as 48 hours after contract signing.
- Faster time to first results: Cobalt customers reported receiving their first findings within 48 hours of the pentest's start, 93% faster than with traditional consulting models.
- Faster time to test completion: Customers reported that their pentests were complete in 10-14 days, resulting in up to a 50% reduction in time to results compared to traditional approaches.
- Faster time to remediation: Customers were able to triage, remediate, and retest earlier because they had constant access to pentesters’ knowledge and guidance.
- Faster subsequent testing: Customers requiring regular security testing of their assets found that using Cobalt’s PtaaS model scales well over time.
Higher Operational Savings and Efficiency
Second on ESG’s list were costs. Because Cobalt’s PtaaS model is considerably faster than traditional approaches, pentesting’s costs also drop by 53%. Examples of efficiencies include:
- Less time spent managing pentests: Cobalt becomes an extension of the customer’s team, offering access to testers, a dedicated customer success manager or dedicated sales engineers (based on pricing tier).
- More efficient triage: Customers reported they find triage and remediation easier with Cobalt’s continued support, receiving a remediation plan and prioritized vulnerability lists at the end of each test.
- Fewer internal resources required: Cobalt’s pentesters supplement customers’ teams and free up resources for other core tasks.
- Integrations with existing processes: Through integrations with tools like Jira and GitHub, and an open API, Cobalt reduces admin time when processing pentest findings and frees up teams’ time for more impactful work.
- Re-testing included in pentest engagements: Cobalt customers don’t need to pay for another pentest to validate their fixes.
Reduced Cost and Risk to the Organization
It won’t surprise anyone that data breaches can be pricey — The Ponemon Institute reports that on average it costs $4.24M per attack, with the number going as high as $9M for North America. UpGuard estimates that there’s a 29.6% chance businesses can suffer a data breach over a two-year period, resulting in a 0.04% daily average. After crunching the numbers, ESG found that a Cobalt pentest results in an avoided risk cost of $58.5K.
Here are some of the reasons why:
- Reduced cost of engagement: Cobalt’s credit-based pricing allows organizations to pay only for the resources they need.
- Lower risk of data breach: ESG found that the time Cobalt customers are exposed to risk is reduced by 66% versus traditional pentesting methods.
- Greater depth and frequency of testing: Cobalt’s highly specialized testers and speed of engagement allow for greater agility and more frequent testing.
We’re humbled by ESG’s analysis, and will continue making pentests more accessible and valuable to teams of every size and industry. We invite readers to access the full report here.
ESG, a division of TechTarget, Research Publication, Analyzing the Economic Benefits of Cobalt's Pentest as a Service (PtaaS) Model, July 2022.