NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Scheduling Pentests in Minutes: How The Cobalt Platform Saves Teams Valuable Time

SANS: Within a matter of minutes, we could add an asset and schedule a test against it, allowing us to address business risks in a matter of moments.

Here’s a breakdown of the steps security teams have to take to schedule a pentest via traditional vendors. Notice that more than half of them are just to set the pentest up.

Screenshot_2021-04-14_at_14_52_16-3

This process can take weeks, if not months, and no part of it is efficient or cost-effective. Our platform aims to change that by automating and streamlining these steps.

SANS analyst Matt Bromiley recently produced a white paper that reviews our platform, stating that...

“within a matter of minutes, we could add an asset and schedule a test against it, allowing us to address business risks in a matter of moments.”

In this article we’ll summarize the features that enable this result and, more importantly, what the impact can be on efficiency and productivity.

Share asset info straight in the platform

One of the first features Matt appreciated was the ability to store asset information directly in the platform as plaintext, or via related documents he could drag and drop. For his review he wanted to pentest a Linux virtual machine in Microsoft Azure, and the platform allowed him to share details on the system, what it’s used for, and testing credentials.

Screenshot_2021-04-14_at_14_55_00

Why would he want to share this information? As Matt put it, “Successful penetration tests begin and end with proper asset classification. If you are asking someone to test your environment, you should have knowledge about what you are testing and expect to receive from the test.”

The platform guides users on how to provide the necessary information, either with clear questions or templates. One example is the “Description template” icon in Matt’s screenshot. When users click it, it expands and shares suggestions on what to include in the associated field, so that Cobalt has enough information to source the right talent for the pentest.

As a result, teams can set up pentests at a time and place suited to them.

Define your assets once, and schedule recurring tests in minutes

Another valuable point Matt highlighted is the potential to repeat pentests with consistency. Even when the first pentest is done, our platform stores asset information and enables teams to schedule multiple tests against it in the long run.

Scheduling becomes a matter of a couple of clicks. This also enables teams to compare findings over time, link performance data and make more strategic decisions around remediation.

“One of the biggest inconsistencies we see in the industry is that tests may not be cognizant of previous tests, essentially reinventing the wheel each time. Cobalt eliminates this problem, and we loved it.”

That being said, changes happen and teams can update their asset descriptions with ease. If the “why” behind the pentest has also changed, teams can specify new objectives and instructions.

Screenshot_2021-04-14_at_15_00_14

Launch tests as you see fit with on on-demand scheduling

Once Matt had provided all the relevant information on his Linux virtual machine, he clicked on “Start a Pentest” and observed the status changes on his dashboard. His test was up and running in less than 2 business days, which is our commitment to every Cobalt customer.

When teams have access to pentests in such short notice, they can respond much more quickly to changes in their environment, discoveries of new threats, or customer/compliance requirements.

To read the full SANS review of our Pentest as a Service platform, make sure to download the white paper.

Live pentest demo
Back to Blog
About Cobalt
Cobalt provides Pentest Services via our industry-leading Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model with streamlined processes, developer integrations, and on-demand pentesters. The Cobalt blog is where we highlight industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community. More By Cobalt
Then & Now: One Year Pentesting at Cobalt with Arif
Arif (@payloadartist) joined the Core last April and shared his experience of how things have been for him at Cobalt for the past year.
Blog
Apr 17, 2022