Menu Icon
< back to main
 • 3 min read

Cobalt Customer Datto Ensures World-Class Product Security With On-Demand Pentesting

Cobalt Customer Datto Ensures World-Class Product Security With On-Demand Pentesting
Cobalt
Cobalt

Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model by providing streamlined processes, developer integrations, and on-demand pentesters. Our blog is where we provide industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

Datto Cover Image

As a disaster recovery provider for MSPs offering secure cloud, SaaS, and file protection services, Datto places cybersecurity at the heart of its business. To find out more about how a pentesting program fits into Datto’s agile development workflows and what challenges they faced before working with Cobalt, we spoke with Application Security Manager Justin Bacco and Security Engineer Jeremy Galindo.

Initially, the main driver for Datto’s pentesting program was SOC 2 compliance. The company previously worked with a handful of third-party vendors who delivered pentesting services. However, their approach to vulnerability reporting was challenging to integrate with Agile development workflows.

“We were working with companies that use the old-school ‘email-and-PDF’ style of reporting,” Bacco explains. “We would kick off a two-week pentest and then have to wait two more weeks before we finally get the PDF report. Then it would have mistakes, and we’d have to push back on it. There wasn’t much communication, and that created real challenges for us.”

Lacking a channel for real-time communication with pentesters, Datto ran into several problems. Most notably, the company’s engineers weren’t receiving vulnerability reports in a usable format. Not only were they unable to seek clarification where needed, but there were also issues with feeding reports into established engineering sprints. Combined, these issues made it difficult to obtain full value from each pentest.

Over time, Datto wanted to expand its program to support a more rigorous testing approach in line with its commitment to industry-leading cybersecurity. At this point, it became clear the traditional method wasn’t providing the high-quality, full-coverage testing Datto needed. Instead of having the same 2-3 pentesters working on the same assets year after year, Datto needed a more diverse pentesting approach. In 2018, they decided to try Cobalt’s platform, where they could communicate with pentesters in real-time throughout the engagement and use different testers for each pentest, to always have a new perspective on their security.

“Having instant communication with testers is a driving factor in why we chose Cobalt and continue to use them,” explains Bacco. “Talking to the researchers in real-time and getting instant feedback on issues, or answering their questions, just makes for a better quality pentest. If a researcher is stuck on something and we can answer their question within 10 minutes, that really helps dig out vulnerabilities.”

Read the full story of how Datto transformed their pentesting program with Cobalt.

Read full case study from Datto

Modernizing Pentesting

Related Stories

How KUBRA Scaled Pentesting from PCI Compliance to a Continuous Pentest Program
How KUBRA Scaled Pentesting from PCI Compliance to a Continuous Pentest Program
KUBRA was looking for quality pentesters and consistent documentation to help them budget and scale security testing
Read moreArrow Right
On-Demand, Streamlined, Interactive: SANS Reviews Our Pentest as a Service Platform
On-Demand, Streamlined, Interactive: SANS Reviews Our Pentest as a Service Platform
SANS instructor Matt Bromiley describes Cobalt's Pentest as a Service platform as "an information security experience unlike many others."
Read moreArrow Right
Meet Engineering Halfway: How Pentest as a Service Speeds Up Remediation
Meet Engineering Halfway: How Pentest as a Service Speeds Up Remediation
How does Pentest as a Service (PtaaS) help teams respond to findings quickly and effectively?
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens