The company’s security status keeps changing in line with the evolving risks faced by multiple sources. However, identifying security vulnerabilities/loopholes is a crucial task for obvious reasons. Here’s where many companies use Penetration Testing or Pen Test, which is a simulated cyber-attack that is made to exploit the system to detect the exploitable vulnerabilities concerned with the system security.
Based out of Berlin and San-Francisco, Cobalt is one such cybersecurity platform that connects human penetration testers (sometimes known as ‘ethical hackers’) with companies looking to test the robustness of their software.
Raised €24.4M in Series B round
Recently, the company raised $29 million (approx €24.4 million) in Series B round led by growth-stage experts Highland Europe, the global venture capital firm whose portfolio includes Malwarebytes, Nexthink, Adjust, ContentSquare, and WeTransfer. Gajan Rajanathan joins the board from Highland. This brings the total amount raised to $37 million (approx €24.4 million).
The company is planning to use the funding to expand globally and continue the development of the Cobalt platform, which pioneered the penetration-test-as-service (PtaaS) model.
“Organisations do business globally and digitally, yet traditional pentesting is delivered locally via a PDF,” said Jacob Hansen, co-founder, and CEO of Cobalt. “The pentesting industry doesn’t need another cool tool, it needs people and process innovation. That is why we created a way to engage the best cybersecurity talent, via our pentest management platform, allowing customers to move from a static pentest to platform-driven pentest programs. Cobalt ultimately drives better security and improves return on investment for each customer.”
Struggled with bug bounty business
Founded by four co-founders – Jacob Hansen, Esben Friis-Jensen, Jakob Storm and Christian Hansen in 2013, the team struggled for traction with early-stage investors for its original ‘bug bounty’ business model, where testers were paid based on the vulnerabilities they found. This made the team innovate its product as well as execute with impressive capital efficiency.
500 clients, thousands of pentests, double the growth and more
Cobalt now has more than 500 clients, including GoDaddy, Vonage, Axel Springer and MuleSoft, and around 300 pentesters on its platform. The company’s growth has accelerated in the first half of 2020, despite the global pandemic, with the company operating at break even.
Over the past four years, Cobalt has conducted thousands of pentests; its annual testing figures are doubling year on year, and its rate of growth is increasing.
“Sometimes it’s by solving unsexy problems that you revolutionize a whole industry,” said Caroline Wong, Chief Strategy Officer of Cobalt. “Consultancies have relied on the story that the hardest part of pentesting is hacking the software. We’ve known for decades what the most pervasive technical problems are and how to address them. The much harder part is connecting with the right people who can do the technical security work, and delivering the results to the development team who can fix the vulnerability.”
Reduces time from 2 weeks to 24 hours
The company’s PtaaS approach opens up a global marketplace of talent, enabling pentesters to collaborate and companies to easily locate specific expertise. This reduces the time to start testing from 2-4 weeks to as little as 24 hours.
Once pentesting begins, Cobalt’s platform logs issues as they arise. It visualises them on a dashboard and connects seamlessly to development tools such as JIRA, so developers can quickly action on any breaches and notify pentesters – creating a dynamic, real-time feedback loop.
This also allows security managers at client companies to oversee the entire process, with immediate visibility for the first time into which security flaws have been fixed, and the ability to request instant retests where needed.
Collects data in a dynamic online repository
Cobalt’s platform is also able to collect rich data because, unlike the traditional model, pentesting results aren’t stored and sent in static documents, but rather in a dynamic online repository. This allows the client to improve the security of their customers by surfacing and remediating the types of vulnerability that are affecting them most over time.
Gajan Rajanathan at Highland Europe said: “The digitization of inefficient manual processes has continued to drive value for enterprises, and cybersecurity is no exception. By providing an automated and collaborative environment for DevOps professionals to engage with cybersecurity experts, Cobalt is disrupting a critical part of the application security and compliance value chain. We were impressed with what Jacob and his co-founders have accomplished within such a short period, and believe in their vision to democratize access to the best cybersecurity talent transparently.”
Main image credits: Cobalt