Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Agari Video

Agari

Agari is a leading cybersecurity company, that protects people and businesses from advanced phishing attacks. The Agari Email Trust Platform is the industry’s only AI driven defense system that models authentic, trustworthy communications to protect humans from being deceived by cyberattacks such as phishing, ransomware and business email compromise (BEC).

A​ ​Security​ ​Product​ ​Firm​ ​Seeks​ ​A​ ​Modern​ ​Pen​ ​Testing​ ​as​ ​a​ ​Service​ ​Partner

As a leading cybersecurity company, Agari needs to ensure that its products are both secure and compliant with its customers’ third-party risk management requirements. However, traditional pen testing wasn’t providing the company with the full spectrum of diverse testing techniques, varying skill sets, and full test coverage they desired.

Chris​ ​Haag,​ ​Senior Director​ ​of​ ​Engineering​ ​at​ ​Agari,​ ​wanted to continue to expand the Agari security program while ensuring that he and his team were focusing on the critical mission: make email the safest form of communication their customers have. Chris wanted to partner with a pen testing solution that goes beyond traditional pen testing services to deliver more accurate and faster results against new and emerging threats.

Chris’ search led him to Cobalt’s​ ​Pen​ ​Testing​ ​as​ ​a​ ​Service​ ​approach.

"We wanted to move away from traditional pen testing services. We still want a relationship with our pen testers, but want to leverage a broader, more diverse pool for testing talents. Cobalt’s services give us a balanced approach for both requirements."

Modern​ ​Email​ ​Trust​ ​Platform​ ​Partners​ ​With​ ​Cobalt’s​ ​Pen​ ​Testing​ ​as​ ​a​ ​Service

Agari decided on Cobalt’s Pen Testing as a Service platform to ensure security compliance, as well as help elevate their application security to the next level.

Agari engaged with Cobalt for two web application tests a year, each including:

  • 2 weeks of assessment, penetration testing and analysis from 1 CISSP certified lead pen tester supported by 2 technically skilled security researchers/domain experts
  • Coverage of OWASP top 10 + Application logic
  • Access to the pen testing team for questions all year
  • Re-test and patch verification of the vulnerabilities found
  • Access to Cobalt Central - A SaaS platform to work with individual findings and communicate with the pen testers
  • A summary report to share with customers and other teams

Bringing​ ​Effortless​ ​Communication,​ ​Prioritization,​ ​And​ ​Human​ ​Ingenuity​ ​Back​ ​To Pen​ ​Testing

Through its engagement with Cobalt, Agari saw these benefits through their Cobalt experience:

  • Effortless​ ​and​ ​transparent​ ​communication.​ ​The Agari engineering team received information from the pen testers almost immediately after the assessment was deployed. Agari’s engineers were engaged on Cobalt’s SaaS platform, where they had real-time access to issues found and could ask the testers questions directly. This eliminated much of the back and forth emails and discussions that the security team must facilitate, which saved many man hours and contributed to expediting the entire test and remediation process.
  • Human​ ​ingenuity.​ Agari found that the Cobalt testers’ findings were thorough and creative. It was apparent that the testers understood what the product was supposed to do and thought through the interaction model extensively before they started the tests.These were not run-of-the-mill tests, but were crafted specifically for the protocols and business logics of the product, which the Agari team found “delightfully inventive”.
  • Accurate​ ​vulnerability​ ​findings.​ ​The Cobalt results were accurate, targeted and actionable. Agari found that by utilizing the Cobalt findings, they were able to prioritize and execute the remediation tasks quickly, saving hours or sometimes days of effort in triage, validation, and prioritization.

"Previously, I worked with a more traditional pen testing company and they put together a report, but that information wasn’t all that actionable or compelling. When​ ​you contrast​ ​that​ ​with​ ​what​ ​we​ ​got​ ​back​ ​from​ ​Cobalt​ ​-​ ​it’s​ ​completely​ ​different.​ ​From the beginning, as issues arose - my team could see them, react to them, get them back into the sprint backlogs and start working through them without waiting around for the report. With Cobalt, it was eye opening what pen testing could be."

Conclusion

With the Cobalt Pen Test / Platform, Agari has received:

  • A modern Pen Testing as a Service approach
  • Transparent and efficient communication throughout the entire process
  • Access to a global set of knowledgeable security researchers and experts
  • Better testing coverage of applications
  • Deeper, more accurate results
  • Actionable information to aid remediation prioritization
  • A higher ROI compared to traditional services

"Now that I’ve seen the Cobalt results, I’d say that our [Agari] system is demonstrably more secure as a result of what these pen testers have done.​ ​It’s​ ​also​ ​energized​ ​my faith​ ​in​ ​third-party​ ​pen​ ​testing.​ Cobalt’s Pen Test offers actionable data for businesses looking to go beyond the compliance checkbox. For any companies looking to partner with an out-of-the-box pen testing solution, I highly recommend Cobalt’s Pen Testing as a Service solution."

Cobalt bug hunters@2xChallenge

  • Finding an alternative solution to traditional pen testing services to ensure better coverage, deeper testing, and faster results to meet third-party risk assessment requirements of customers.

Icon  checklistSolution

  • Annual Cobalt penetration test
  • Globally sourced security expertise
  • Creative and collaborative testing methods

Cobalt certified researchers@2xBenefits

  • Improved process efficiency - Agari saved hours, or in some cases days, in the end to end process of detection and remediation of vulnerabilities
  • Accessible and transparent communication throughout the entire process
  • Selective skill set matching- Hand-picked security testers from a global pool to match a company’s technology stack
  • A collaborative platform where developers can easily communicate with testers, track individual findings, and quickly resolve flagged issues