What if organizations could turn external penetration testing into an interactive experience they could use to regularly evaluate and increase their security posture? It is possible. SANS instructor Matt Bromiley reviews Cobalt's "pentest as a service" platform, an experience he describes as "an information security experience unlike many others"--but in a good way. In this paper, Bromiley examines using Cobalt to schedule, perform, interact with, and act upon penetration testing results. And more.
SANS key takeaways from the Cobalt pentesting experience include:
- The ease of scheduling a pentest against various enterprise assets was simple and effective, allowing us to control scope.
- The platform provided granular insights into risks identified and the subsequent impact to our environment, prioritized in an easy-to-consume “what should we fix now” format
- During the penetration test, coordination with the Cobalt team allowed us to evaluate security controls and posture in real time
- A detailed, impactful report clearly outlined business impact and provided a checklist for post-test remediation.