NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

RockDove Solutions remediates 3x faster with Cobalt’s PtaaS platform

As a crisis management platform with a strong, security-focused culture, it was essential for RockDove Solutions to find the right pentest partner to keep their customer data secure.

RockDove Solutions specializes in key risk areas such as reputation management, business continuity, security, and workplace safety to help its customers identify and respond to emerging threats. Their cloud-based platform, In Case of Crisis 365, removes the complexity of responding to and resolving emerging issues for teams by connecting their customers’ stakeholders to actionable playbooks, intelligent workflows, social listening tools, and more.

Their customers turn to them in times of crisis and need to be confident that RockDove’s platform is safe and secure, which is why the RockDove team does annual pentesting of their assets with Cobalt to ensure that customer data is protected and kept secure.

“The efficiency of the process comes from the interaction we have with the testers, which is unlike anything we had before. We can communicate with them throughout and remediate those fixes as they come in instead of having to wait for the full report to be delivered before getting started.”

JEFF ROBERTSON,

SENIOR DIRECTOR OF IT

Challenges

Lack of visibility

With previous pentest providers, the RockDove Solutions team had no insight into their pentest until the final report was delivered.

Inefficient pentesting process

RockDove’s development team couldn’t remediate issues until after the report was delivered.

Slow retesting

RockDove would need to schedule an additional retest to retest all remediated findings.

Results

Complete pentest visibility

Cobalt pentests are turned around in two weeks, with retesting happening in real time.

Real-time remediation

Due to the interactive nature of the Cobalt platform, RockDove was able to remediate 3x faster than with their previous provider.

Quick, unlimited retesting

Cobalt’s unlimited retesting helped RockDove close the remediation loop.

Although RockDove Solutions was satisfied with the pentest results they received from their previous provider, the process of working with them was long and lacked transparency. Not having visibility throughout the pentest process frustrated the RockDove team and they started to look for other pentesting solutions.

The RockDove team had a different experience when they kicked off their first pentest with Cobalt in the fall of 2020. They received nightly updates from Cobalt pentesters, informing them of validated findings. With this information, the RockDove team immediately started working on the fixes as the testing engagement was still ongoing- saving them a significant amount of time.

RockDove’s team is able to remediate three times faster with Cobalt compared to their previous provider, largely due to the fact Cobalt’s PtaaS platform enables their development team to start remediation on found issues ahead of the test even being completed. Having retesting included in all of Cobalt’s contracts also speeds up this process, as RockDove Solutions does not need to schedule an additional retest engagement, as they had to do with their previous provider.

The team at RockDove Solutions relies on Asana as their task management system between the security and development teams. During their first year with Cobalt, Jeff was manually transferring information from the Cobalt platform back into RockDove’s Asana instance to share pentest findings with his development team. With Cobalt’s newly available integration, the findings from their pentest now populate automatically into Asana, saving the team time and manual effort. As soon as updates were made to existing findings in Cobalt’s PtaaS platform, those changes were instantly reflected in the existing task descriptions in RockDove’s Asana instance. For RockDove, having the pentest findings integrated directly into their software development cycle meant they had more time to focus on remediation, a crucial step in the DevSecOps lifecycle.

"Previously, we would have to make sure every issue from the report was fixed before setting up a retest, as we’d only have one included with our old provider. Our team would have to be pulled from all other development for a dedicated security release. But with Cobalt’s unlimited retesting, the team can retest our fixes continuously and it’s been much less stressful on the security and development teams as well as just more efficient overall."
 

JOHN BALDWIN,

SECURITY ANALYST