.svg){kind=icon}
.svg){kind=icon}
Operating in a heavily regulated industry, Insurity must fulfill compliance requirements including PCI-DSS and SOC 2, while also satisfying their customer’s demand for frequent third-party pentests. Insurity’s customers are large insurance providers with high security standards. According to Adam Davis, Director Application Security at Insurity, “Our customers trust us as the keepers of their data, and we have to be worthy of that trust. We do a lot of security testing in-house, but we also need an external partner to provide an extra layer of detection and defense.”
Insurity needed an offensive security provider that not only fulfilled their compliance and customer requirements but also provided in-depth testing coverage for an expanding portfolio of digital products and services. Insurity has grown in a number of ways, including via acquisition, acquiring 8 companies since 2020. While these acquisitions extend Insurity’s capabilities and provide essential value to their customers, they also create an ideal opportunity to collaborate with a security expert to strengthen and scale the team’s capacity. The team must complete regular security assessments of existing applications and infrastructure while integrating new colleagues, systems, and processes into their business. This also includes Insurity’s rigorous approach to embedding security into the software development lifecycle (SDLC). “All those new systems from the companies we acquire present unique security challenges. At the same time, being leaders in the cloud space means we’re needing to continually expand into new areas of security. To maximize our impact, we rely on expert support to act as an extension of our team and help us achieve our goals efficiently.” says Davis. These challenges prompted the team to seek a partner with offensive security expertise, capable of delivering comprehensive pentests to externally validate the effectiveness of Insurity’s security program.
Cobalt fulfilled Insurity's offensive security needs, providing comprehensive testing across critical assets including web applications and APIs. The Cobalt platform made it easy for Insurity to prioritize remediation and validate fixes, as well as to adjust vulnerability scoring and provide a rationale when accepting risks. The customizable final reports demonstrate to customers and stakeholders Insurity’s commitment to security. By partnering with Cobalt, Insurity extended the impact of its security team through access to Cobalt’s community of over 450 highly vetted and certified pentesters. The pentesters’ broad range of expertise enhanced Insurity’s capabilities, enabling more thorough and consistent testing than the internal team could achieve alone. “Cobalt’s pentesters give us specialized talent, delivering exceptional value compared to maintaining the same talent in-house.” states Davis. “And we don’t just get one person, we get a team. We’re ecstatic that we can have these highly talented pentesters with diverse skills and perspectives working on our applications.”
Cobalt identified more critical vulnerabilities as compared to previous approaches and provided comprehensive reports to meet compliance and stakeholder needs. In particular, Insurity valued Cobalt’s ability to uncover complex, high-risk vulnerabilities. “Some of the issues that come back are phenomenal, things I’d never think of. We’re talking chained exploits and complex business logic issues that we could never find internally ourselves. The Cobalt pentesters go deep and find vulnerabilities that a real hacker in the wild could exploit,” says Davis.
Cobalt also streamlines Insurity’s issue validation process by providing actionable vulnerabilities that need to be addressed - saving time and resources. “I haven’t had a single vulnerability back from Cobalt that isn’t a real issue. I can hand them to the engineers with confidence that they are genuine, exploitable vulnerabilities. That’s a huge time savings and a much higher value process,” says Davis. Every issue reported by Cobalt pentesters helps Insurity redefine their internal testing procedures. Insurity actively learns from each pentest’s results, implementing training and additional security controls to catch similar issues in the future.
“Cobalt’s pentesters give us specialized talent, delivering exceptional value compared to maintaining the same talent in-house. And we don’t just get one person, we get a team. We’re ecstatic that we can have these highly talented pentesters with diverse skills and perspectives working on our applications.”
