Menu Icon
< back to main
 • 4 min read

How KUBRA Scaled Pentesting from PCI Compliance to a Continuous Pentest Program

KUBRA was looking for quality pentesters and consistent documentation to help them budget and scale security testing

How KUBRA Scaled Pentesting from PCI Compliance to a Continuous Pentest Program
Cobalt
Cobalt

Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model by providing streamlined processes, developer integrations, and on-demand pentesters. Our blog is where we provide industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

KubraIntro

KUBRA is a technology company that provides customer experience solutions for some of the largest utility, insurance, and government organizations in North America. Their portfolio includes a variety of services, including billing and payments, alerts and preference management, mobile apps, and utility mapping solutions.

As the VP of Information Security and Risk Management, Tushar Chandgothia is in charge of maintaining security on a multitude of levels from information security to privacy to some elements of physical security. KUBRA’s security team aims to build security processes and programs that grow with the organization. To do this Tushar and his team work closely with product development, IT operations, client implementation, and many other parts of the organization to ensure they are building secure applications.

KUBRA manages more than 1.5 billion transactions annually, making it critical to ensure their data remains protected.

The Challenges

  • It can be expensive and difficult to retain internal pentesters

  • Traditional penetration testing yields inconsistent quality of findings and reporting

  • Inconsistency and constant turnover makes budgeting difficult

Retaining full-time internal pentesters can be costly and competitive so KUBRA often outsources their security testing needs. However, when they worked with traditional third-party penetration testing companies, KUBRA found that there was too much variation in quality. In addition, each pentester had a different way of structuring the test and reporting on issues. This gave them additional work to gather and store this data consistently, which made it hard to track trends over time and didn’t help them budget accordingly.

Tushar and his team were looking for a reliable pentest partner that would give them access to top pentester talent and provide them with quality reporting that would help them more effectively track improvements and properly budget.

The Solution

  • Access to a global pool of nearly 300 pentesters with a variety of tester backgrounds and expertise

  • Comprehensive, consistent, and standardized documentation and reporting

  • Real-time pentest findings accessible through a interactive platform

KUBRA’s pentest program was originally driven by PCI compliance requirements, which say you need to do at least one pentest a year. However, as the organization grew, they wanted to scale and conduct pentesting on a more continuous basis; especially for their public-facing web applications.

Cobalt makes it easy for KUBRA to build out their pentest program with an easy setup, consistent real-time reporting of results, and access to nearly 300 pentesters. Gaining access to a large and diverse pool of pentesters has yielded higher quality results that are more relevant and impactful to KUBRA’s business. With Cobalt, they can also choose to add new pentesters to engagements, offering fresh and diverse perspectives while maintaining consistency in quality and reporting structure. Consistent and standardized reporting has made budgeting easier for KUBRA and has allowed them to better track trends over time.

KubraScreenshot

Cobalt’s PtaaS platform gives Tushar and his team the ability to see and act upon findings in real-time. This means they can start fixing issues as they arise instead of waiting until the test is complete. Once testing is done, there are a variety of reporting options: Customer Letter, Attestation, Full Report, or Full Report + Finding Details. This makes sharing different information with various stakeholders as easy as clicking a button.

KUBRA came to Cobalt for a single pentest but quickly realized the potential to nurture and expand their entire security testing program. As a result, they’ve hardened their security posture with a security chaos engineering mentality of frequent testing that builds resilience.

“When we first went with Cobalt it was purely for PCI requirements but we were looking to scale our program and pentest on a more continuous basis. Cobalt gave us the ability to pentest on a frequent basis with minimum effort from our teams. Saving us time and providing us quality results on a consistent basis.” ~Tushar Chandgothia, VP of Information Security and Risk Management at KUBRA

Interested in learning how Cobalt’s Pentest as a Service Platform could help you budget and scale your security testing program? Schedule a demo today.

Related Stories

Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens