Cobalt Raises $29 M for Software Security Testing


writer icon Tormod Birch     NeONBRAND   |   Tech     🕐 26. Aug. 2020

Cobalt, the cybersecurity platform that connects human penetration testers also known as 'ethical hackers' with companies looking to test the robustness of their software, has raised $29 million from investors to continue its global expansion, bringing its total funding level to $37 million.

The Series B round was led by growth-stage experts Highland Europe, the global venture capital firm whose portfolio includes Malwarebytes, Nexthink, Adjust, ContentSquare and WeTransfer.

In relation to the newly gained capital, Gajan Rajanathan joins the board from Highland.

The new funding will go towards expanding global usage and continuing development of the Cobalt platform, which pioneered the Penetration test as a Service (PtaaS) model.

The breakneck pace of technology innovation has triggered increased demand for sophisticated human cybersecurity experts, who work to find vulnerabilities in software – a process known as ‘penetration testing’ or ‘pentesting’.

While automated cybersecurity screening is important, systematic security checks require human ingenuity and rigorous compliance reviews.

The Four Danish Founders
Cobalt was founded back in 2013 by four Danish co-founders; Jacob Hansen, Esben Friis-Jensen, Jakob Storm, and Christian Hansen. All self-identified outsiders to the security world.

The team struggled for traction with early-stage investors for its original ‘bug bounty’ business model, in which testers were paid based on the vulnerabilities they found. This forced a rethink, leading the team to innovate its product as well as execute with impressive capital efficiency.

Cobalt Today
Cobalt now has more than 500 clients, including GoDaddy, Vonage, Axel Springer and MuleSoft, and around 300 pentesters on its platform.

Customers are globally distributed, with the US as Cobalt’s largest market. The company’s growth has accelerated in the first half of 2020, in spite of the global pandemic, with the company operating at breakeven.

During the past four years, Cobalt has conducted thousands of pentests; its annual testing figures are doubling year on year, and its rate of growth is increasing.

As technology buying decisions become more agile and remote-first, Cobalt’s security certification process enables software and internet companies to navigate release cycles faster while ensuring trust and efficiency in the procurement process.

“Organisations do business globally and digitally, yet traditional pentesting is delivered locally via a PDF,” said Jacob Hansen, co-founder and CEO of Cobalt.

What Ethical Hacking Needs
“The pentesting industry doesn't need another cool tool, it needs people and process innovation. That is why we created a way to engage the best cybersecurity talent, via our pentest management platform, allowing customers to move from a static pentest to platform-driven pentest programs. Cobalt ultimately drives better security and improves return on investment for each customer,” said Hansen.

The Pentesting
Once pentesting begins, Cobalt’s platform logs issues as they arise. It visualises them on a dashboard and connects seamlessly to development tools such as JIRA, so developers can quickly take action on any breaches and notify pentester, creating a dynamic and real-time feedback loop.

This also allows security managers at client companies to oversee the entire process, with immediate visibility for the first time into which security flaws have been fixed, and the ability to request instant retests were needed.

“As someone who oversees security for a large and diverse portfolio of web applications, traditional pentesting simply cannot keep pace,” said Henning Christiansen, Chief Information Security Officer of Axel Springer.
“We need real-time insight. Cobalt’s unique delivery model meets this need. All our business units have embraced the platform, which is testament to its ease of use, quality of the test findings, and ability to deliver real results.”

“We are the leading API management and integration platform, and it is our job to keep customer data safe and protected,” said Sergey Stelmakh, Platform Security Architect of MuleSoft.
“During a pentest we need flexibility and speed, which is what Cobalt gives us.”

Collects Data
Cobalt’s platform is also able to collect rich data because, unlike the traditional model, pentesting results are not stored and sent in static documents, but rather in a dynamic online repository.

This allows the client to improve the security of their customers by surfacing and remediating the types of vulnerability that are affecting them most over time. Cobalt is quickly establishing thought leadership in this critical area of cybersecurity, releasing its annual ‘State of Pentesting’ report, and expects to continue to enrich its business insights and product features in the future.

Gajan Rajanathan at Highland Europe said: “The digitisation of inefficient manual processes has continued to drive value for enterprises, and cybersecurity is no exception. By providing an automated and collaborative environment for DevOps professionals to engage with cybersecurity experts, Cobalt is disrupting a critical part of the application security and compliance value chain. We were impressed with what Jacob and his co-founders have accomplished within such a short period, and believe in their vision to democratize access to the best cybersecurity talent in a transparent manner.”

We believe that information should be free and will therefore never put up a paywall.

If you like reading our reports about the Scandinavian business scene and would like to donate towards the upkeep of the site, we would be very grateful. Click here to donate.

Most Popular Articles of November

Most Popular Articles of this Year