As program plans for 2022 start taking shape, words like “agility,” “efficiency,” and “stronger security” return to center stage. Many security tools have evolved to match companies’ need for speed, but one has proven particularly tricky: third-party external pentesting.
It’s a useful exercise. 85% of 600 IT security professionals in the US confirmed that pentests provide valuable insights on how to improve their programs, and nearly all said pentests save their companies money in the long term by preventing breaches and associated penalties.
But things could be better. Traditional vendors like consulting firms have stuck to established ways of offering pentest solutions, which are usually accompanied by slow setup, waterfall workflows, and information buried in email threads or PDF documents. 79% of the survey respondents said these inefficiencies cost them valuable time, and nearly three-fourths shared that they need these problems to be addressed in order to test more often.
Following the widespread adoption of agile and DevOps, Pentest as a Service — or PtaaS — has started taking shape. Offering cloud tools, on-demand setup, and faster access to insights, PtaaS is rapidly becoming the alternative to traditional pentests.
To objectively compare the two, we explored the following questions:
- How much time does it take to set up and manage either option?
- Which produces findings faster? How much faster?
- Are there differences in costs?
- What’s the difference in overall ROI?
These are the focal points for our latest report “The ROI of Modern Pentesting.” Breaking down the pentesting cycle into stages, it compares how consulting firms and PtaaS vendors like Cobalt stack up against each other in terms of time, costs, and impact.
The report presents stats from 6 interviews with security professionals managing programs in a variety of settings, including:
- A national marketplace for business catering that serves several thousands of restaurants and caterers
- A creator of an award-winning customer engagement platform used by 2,000+ enterprise brands and agencies
- A leading cybersecurity and compliance company that helps 3,000+ global brands stop targeted threats
- A cybersecurity company that enables 8,000+ customers to reduce vulnerabilities, monitor for malicious behaviour, and investigate attacks
Each interviewee has commissioned or managed pentests with both traditional consulting firms and PtaaS vendors, and can speak to their differences.
All the numbers come down to this conclusion: PtaaS is faster, includes less admin, is more affordable, and brings exceptional value to teams focused on agile workflows. There are many components that lead to this result, so we invite you to download the full report and dive into the stats most relevant to you.