Content, Channel partners, Security Program Controls/Technologies, Channel investors

Penetration Testing-as-a-Service Firm Cobalt Raises $5M in Funding

Credit: Getty Images, a penetration testing-as-a-service (PTaaS) platform provider, has raised $5 million in Series A funding from byFounderseLab Ventures, DG Incubation and other investors. The company plans to use the Series A funding to expand globally and invest in its PTaaS platform, according to a prepared statement.

In addition, byFounders Managing Partner Eric Lagier has joined Cobalt's board of directors, the company said. Robb Mann, who leads security assurance at Google, also has joined Cobalt as an advisor.

A Closer Look at the Cobalt Platform

Cobalt's application security platform supports a find-to-fix workflow, the company noted. The platform delivers on-demand pen tests that are performed by a certified security researcher. After a Cobalt pen test is completed, the certified security researcher sends a summary document that details his or her findings. Each Cobalt pen test report contains vulnerability descriptions, screenshots and suggested fixes.

Cobalt CEO Jacob Hansen
Cobalt CEO Jacob Hansen

All Cobalt pen test reports are delivered via CobaltCentral, the company's reporting application. Key features of CobaltCentral include:

  • Integrated Messaging: Allows users to discuss vulnerabilities with Cobalt researchers.
  • GitHub and JIRA Integrations: Enables users to add vulnerability insights directly to workflows.
  • Visualization: Provides visualizations that highlight the number, severity and frequency of vulnerabilities.

The Cobalt platform is now available and is used by GoDaddy, Credit Karma and other globally recognized brands. Cobalt customers pay a fixed price to use the platform based on application size and testing frequency.

How Does the Cobalt Platform Differ from Standard Pen Testing Options?

The Cobalt platform leverages a global talent pool of certified security researchers, the company noted. A typical Cobalt pen test can be scheduled within 48 hours, the company pointed out. All pen test results can be directly integrated into an organization's security bug tracking systems and development lifecycle, and Cobalt provides real-time communications with certified security researchers to accelerate pen testing.

Cobalt uses crowdsourced security to deliver SaaS-based pen testing. It has a global application security team that includes over 200 certified security researchers across 131 countries.

To date, Cobalt's certified security researchers have helped organizations discover more than 20,000 security bugs, the company indicated. Cobalt also continues to explore growth opportunities.

Cobalt tripled its growth and added nearly 100 new customers in 2017, CEO Jacob Hansen said. The company also opened a sales, customer success and engineering office in Berlin earlier this year.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.