Skip to content

WEBINAR  Beyond Trends: Actionable Cybersecurity Advice for 2023 with Bugcrowd and Red Canary · December 14, 2022 ·  Save your spot!

VIDEO

Better Pentesting and Remediation: Cobalt and PlexTrac, Better Together

Join Cobalt and PlexTrac to learn how your security team can work smarter to identify and neutralize threats faster. During the webcast, experts from both teams will discuss more efficient ways of managing the security lifecycle from testing to remediation and demonstrate the Cobalt/PlexTrac integration that will maximize your team’s efficiency and markedly improve security posture.

Category: PlexTrac Update Series

   BACK TO WEBINARS

Play

Please accept marketing cookies to watch this video.

Transcript

Alright, I guess now is good a time as any, right? Let’s do it. So, yeah, like I said, welcome in to today’s webinar. My name is Darren Sin. I’m going to be the MC for today, but I am by no means the star of the show. For our discussion, smarter pen testing and remediation talking about PlexTrac and Cobalt being better together. So, yeah, I’m definitely not the star of the show. And this is a great segue into our two panelists that are joining me for today.

So first off, we’ve got Eugene Revson. Eugene, you want to introduce yourself? Thanks, Don. Hey, everybody, I’m Eugene Revson. I’m a senior product Manager at Cobalt, overseeing our CX integrations team, which is responsible for our native partner and partner integrations as well as our public API. Great. Thanks, Eugene. And we’ve also got Hannah cotton from PlexTrac.

Hana, do you want to say hi? Hi, everybody. I’m thrilled to be here. Thanks for joining us. I’m a product manager on the PlexTrac team and I’m focused on our integration roadmap and then also spend a lot of time working on our purple teaming tools. Awesome. Thanks, Hannah. Yeah.

I am going to step aside in just a second, but first I will detail the agenda, what we’re going to be talking about today and why you’re joining. So, yeah, like I’ve mentioned a couple of times already, we’re really focused on showing why PlexTrac and Cobalt are better together and why you should use one of, if not both of our tools. So today we’re going to introduce both PlexTrac and Cobalt. For those that might not know about one or the other tool, we’re going to explain why you should use each platform, how they’re better together, and then show off that detailing the integration from both the Cobalt and the PlexTrac side. So, yeah, without further ado, I will pass it over, but before I do that, I wanted to launch a quick poll just to kind of get a gauge of the room.

Well, maybe if this poll would go, I think we find yup, there we go. Relaunch the poll. There we go. We are live. Going to give everyone just a few seconds to answer the question, are you currently using a pen test as a service or PTAs solution today? And the results start pouring in here. It looks like one person answered what is PTAs? So we will definitely get to that today. So, yeah, great.

I’m going to be sure to get in your questions here. I will turn this off now. So, yeah, looking at the results, it looks like the vast majority of folks are not using one today. So a lot of people aren’t using one. Many people are using one or are interested in learning more about using one. And we did have one person asking the what is P test question. So I think that’s as good as segue as ever into eugene to get us kicked off here.

Thanks, Don. Alright, let me jump over to our deck here. Everyone see my screen? Got you. Perfect. All right, so I think this will help answer, hopefully, some of the questions that came up in our survey. So I’m just going to walk through very briefly some of the highlights about Cobalt, how it works, what makes us unique, and really what does a pen test through Cobalt looks like from end to end. And hopefully that will help set the context and the understanding so that you can see how the integration between the Cobalt and Plustrack platforms could really take your security data to the next level.

So, starting with about Cobalt, for those of you who might not be aware, cobalt is a pen testing. As a service company, which we like to call Ptest, we offer a modern approach to pen testing by connecting our customers with a global community of security researchers to conduct manual penetration testing on demand. So all of this is done via our SAS platform, which facilitates every step of the process, from scoping requirements, to collaborating on findings, to streamlining remediation and ultimately reporting.

Now, what do we mean when we say modern pen testing? So in the past, if any of you run a pen testing, you’ll be very familiar with this. The pen testing process could take weeks or even months to plan and execute. So let’s say you were going through a SoC Two compliance review and were at the stage where you needed to conduct a pen test. You have to find a pen tester, get a contract in place, schedule the engagement, and finally, after you’ve done all that, you hand over the keys, close your eyes, and wait. After a period of time, you’ll get a PDF report back that lists out your vulnerabilities, and then you have to copy and paste those into your ticketing and reporting systems so you can start on remediation with Cobalt. Our goal is to make this whole process faster, easier, and more transparent. So one is we have global talent.

Our tester community, which we call the Cobalt Core, is a group of over 400 extensively vetted, highly skilled security experts that are globally distributed and specialized in a broad array of technologies. All that is to say that we’re able to conduct on demand pen testing pretty much regardless of tech stack.

We enable all this through a modern SaaS platform, as I mentioned, where you’ll manage virtually every step of the process from scoping and launching a pen test, reviewing findings, tracking your remediation, and viewing insights. Speaking of remediation, we offer free retesting. So once your teams have implemented a fix to address a vulnerability that might have been found, our pen test team will actually go back in and validate that the results do, in fact, fix the problem. Your testing activities are all managed directly through the platform and can be scheduled. So let’s say you need a monthly or quarterly compliance check or evidence collection. You can schedule out your Pen test in advance, so that there’s no waiting once you’re actually ready to start. Or in some cases you might have an urgent need.

So you can kick off Pen test virtually on demand. Just go to the platform, build out your asset, submit your Pen test brief, and we can staff up a team as quickly as 24 hours. And finally, our collaboration model. Our platform enables real time collaboration communication with your Pen testers via dedicated Slack channels, email and impatform chat. So if you have questions, let’s say, about a vulnerability that was found, or your team proposed a fix and you need some insight and feedback, you can reach out to the Pen testers to get answers quickly. And finally, our cost model is credit based, which is really meant to provide flexibility throughout the year. So credits can be used for big comprehensive tests, smaller, very targeted tests, or even for some bespoke engagements with our professional services teams.

There are multiple different types of tests, methodologies and approaches that we offer to support your security programs. As I mentioned, the Cobalt Core has a broad array of expertise, so we can perform everything from application testing such as Web, Mobile and API tests, or even test your infrastructure networks, and just about anything in between. We also offer a number of services to tailor the actual engagement to your needs, as well as business drivers. So many of our customers run Pen tests for compliance purposes. This is probably the most traditional use case. This could be, let’s say, formal attestation or audit such as a SoC Two or HIPAA compliance on it, or sometimes for MNA due diligence. Sometimes a prospect simply requires some form of external validation in order to complete a security questionnaire.

So you can close any business with our comprehensive Pen testing. We provide an extensive report at the end of the engagement, which will satisfy the needs from just about any third party.

Also, many of our customers conduct Pen testing on an ongoing basis to really just help them validate their security posture throughout the development lifecycle. And for instance, this could be delta testing, such as around a change in a target set of assets, or sometimes it’s a new version, a new release, a change to a microservice that might have some downstream impact, or testing whether a specific vulnerability is exploitable within your particular environment or set of assets. An example of this might be log four J. Our Agile Pen testing offering is intended to align closer with release cycles and your CI CD pipelines, so you can really integrate security throughout your dev stack ops workflow. And finally, for engagements requiring more specialized services or more white glove approach. Cobalt also offers professional services which can help support your team with things like Pen test program management, phishing engagements, and Red teaming.

And finally, what does a Pen test with Cobalt look like from EThad? Well, it all starts with your teams and tools. Your security team details the relevant assets, drafts out the requirements and objectives, and defines the scope of the Pen Test directly through our platform. Once the brief is received, your dedicated Cobalt Customer Success Manager and Pen Test Architect will match you with the Cobalt Core members that are best suited for your needs. And we’ll coordinate to make sure that the Pen Test team has all the requisite, business knowledge, context, and understanding to give you the most impactful results. Then we move on to testing. So, once it’s scheduled, your Pen test will kick off. Our comprehensive Pen tests are performed over two weeks, while Agile tests can vary and could be as little as three days.

And once completed, you do receive a report directly to our platform. Now, every step of the way, you’re going to get actionable, findings and insights in real time. And your teams can begin working on fixing the issues. With our integrations, as well as our public API, your teams can collaborate on remediation efforts directly from the tools that they use every day. For example, you can enable the Jira or GitHub integration and create an issue anytime a binding is uncovered. When your team works on that ticket and marks it as resolved, the Cobalt platform automatically notifies the Pen Testers so that they can start the retest and ensure the vulnerabilities been addressed. And as those findings do get remediated, your report actually automatically gets updated, so you don’t have to wait for it to be republished.

It’s a dynamic report and shows you the latest.

And so, just to wrap up, why Cobalt, really? Because today’s Pen Test must be agile, actionable, smart, and collaborative. And Pen Test, as a service, empowers you to start testing faster, remediate risk smarter, and react to changes at the speed demanded by security teams. So that’s a little bit about Cobalt in our approach. And now I’ll pass it to Hannah to tell you a bit about how Clutchtrack leverages Pen test data alongside other data sources to give you a holistic view of your security program.

Thank you, Jean. I’m excited to be here with you guys to talk about PlexTrac. So what is PlexTrac? PlexTrac is a penetration test reporting and collaboration platform. This platform makes security data aggregation, red and Blue Team reporting, purple Team collaboration and remediation tracking more effective and efficient. And this is also security teams can become more proactive and demonstrably improve their security posture. We want to show how you’re doing, how things are changing over time and improving.

So, as I said, this is a platform that’s made for Red Teamers, Blue Teamers security leaders. And you can see here, we work with your toolkit, and this is how we’ve changed the way cybersecurity can get done. If you’re using the Plagtrack platform, we’re excited to show that Cobalt is now one of the many on this list when we talk about what’s in your toolkit as a tool to bring in your PTAs data into the Plucktrack platform.

Once you’ve consolidated all of your data into the PlexTrac platform, we provide tools for recording, whether that’s rapid recording, custom templates, automated processes, we also have tools for collaboration, this might be for purple teaming exercises, or if you’re just looking to standardize your engagements, and then also tools for realtime communication from there kind of downstream. Further along in the process, we also have out of the box status tracking. So if you want to enable users who have access to PlexTrac to be assigned to Findings, and then remediate and report on how those are progressing, we have tools for that. But we also have integrations with remediation tools like ServiceNow and Jira. And we’re really excited to share our updated Jira integration coming later this month. That’s our 2.0 So improvements coming there. Now, the final area that’s the output within Tech Track is analytics.

So once you’ve done your reporting, your engagement work, your remediation tracking, all of that data is aggregated into our analytics to allow you to get a better sense of your overall security posture, giving you kind of that living risk register experience.

So, lots of tools for improving efficiency and effectiveness. And as you can see, some wins from our customers. They’ve stated five X ROI in one year, 30% increase in efficiency, and a 65% shorter reporting cycle. A fun note I’ll call out here is we have a new video out on our YouTube channel that’s reported in five minutes or less with PlexTrac. So lots of opportunities to reduce reporting in the PlexTrac platform. Final note here is 20% time saved on engagements themselves and handling that top to bottom process.

So we’re here to solve some really key problems in the industry. The first being cumbersome remediation and reporting processes. And this can make remediation cycles far too long. This makes it hard to validate your risks, to understand what was in fact remediated, and then when that data isn’t up to date, it’s hard to reflect your risk posture in real time. The modern and dynamic organizational environment is posing an ever growing number of cyber risks, and there are new vulnerabilities all of the time. And simultaneous to that in the industry, there’s also a shortage of quality talent to defend against these new threats. And I think this is another area where you may look to a service like Cobalt MP Towers to help in this area.

The final thing here I want to call out is your internal processes. So if your current processes are requiring significant investment of time and effort in reporting and organizing data derived from many, many different cyber tools, this can really make it very hard to prioritize. And track.

So, talked a little bit about what PlexTrac is, and I’m going to hand it back over to Eugene to get into the demo version of our talk today.

Thanks, Hannah. So, to help illustrate how the Cobalt platform streamlines the Pen test process, I did want to walk you through just a few areas of our system. Certainly not a comprehensive demo. And if you’d like to test out the platform, I encourage you to sign up for a free test drive on our website at Cobalt IO. And now I’m going to try and switch over here. My screen is still showing. Let me see your demo.

Excellent. I have to practice that one earlier. All right, terrific. So, as I mentioned, just very high level. I want to step through the workflow that I showed on one of the previous slides. And so, as I’ve said, first step in scoping a Pen test is to input the details about your assets into our platform. And an asset can really be an application, an endpoint, a network, an environment, a website, just about anything.

Since our account here is quarterly a power user, we have a number of assets already in the system here. I’m just going to pick one here so we can take a look. So, quite a variety of range of data that’s stored in here. And as our Pen testers conduct their Pen tests, they also uncover aspects that can then be further added here to add more detail. But what we’re really here to do is to kick off a Pen test. So I’ll go ahead and create a Pen test. As I mentioned, we have a few different flavors.

So we’ll do an agile Pen test for this particular one. And this is really the process to getting a comprehensive brief, which then allows our teams to properly scope the engagement and bring in the right resources. And so, just stepping through a few of these steps. So the process is done via guided four step wizard. Step one is reviewing the asset details.

Then you’ll define a bit more about the requirements. So such as the targets, the types of assets, things like that.

Next, you’ll provide technical details. This could be IP addresses or environment details, applicable test data, and then finally you’ll find the Pen test. So the timings and some of the other nuances to get this Pen test scheduled. In our case, I won’t go through filling out the form of dummy data, but I will jump over to a list of existing Pen tests. And as you can see, we recently ran one on the same asset. And so from this Pen test view, so this is really your home base for the duration of the engagement. Whether it’s an agile Pen test, a comprehensive Pen test, or even professional services, the engagement will be tracked all here within this area.

First, you’ll see here’s our brief. So this corresponds to that wizard that I was showing you earlier. There’s quite a bit of data in here I won’t cover all of it, but this ultimately is the information that the testers will use to conduct their work.

The coverage tab will show you specifically all of the areas that were reviewed by the Pen testers. So this gets into quite a bit of detail. So based on the brief that you’ve provided here’s, every element that was looked at, reviewed, who it was reviewed by, and this gives you a real deep dive into the work that’s being performed. Most importantly, of course, is the findings. So these will appear in real time as the vulnerabilities are discovered.

You can actually go into detail and see exactly how the finding was uncovered, what other areas of the platform maybe were involved, and really track the progress from start to finish, all the way through, from the suggested fix to when your team has actually implemented a fix and the retest has been run to validate.

Next, you can look at some reporting in the summary. So this shows you the different types of vulnerability, severity, and so on. And ultimately, the thing that we’ve been talking most about is our report. So here you can see, as this was a comprehensive pen test, you can see a very detailed report which was published at the end of the engagement and it presents the complete set of findings alongside a summary of the results, methodologies used, recommendations, as well as mitigations taken to help address some of the vulnerabilities that were found. So everything is tracked here dynamically. And so from here, hopefully, this gives you just a little bit of a sense for how to run a Pen test through the Cobalt platform. And while we certainly feel pen testing is a critical element of your security program, it is just one piece of the puzzle.

And so I’m going to turn it back over to Hannah, who will show you a little more about the PlexTrac integration and how it’ll help you get even more from your test records.

All right, Eugene, can you give me a heads up that I’m sharing? Awesome. So, on the PlexTrac side, Eugene just shared with you guys, right? You’ve got all of these findings now from Cobalt, and we want to get those into PlexTrac and aggregate them. I’m going to talk to you about configuring your Cobalt integration, ingesting those findings into your report, adding findings from multiple sources, and then remediating some of your goals. So the first thing I want to share with you guys is just a little more detail on the data that we’re mapping in this new integration. We’re taking the details that build up a finding from Cobalt, and we’re passing that into PlexTrac as findings. So the findings title, the severity, all of this data that’s really the name of what was found and what needs to be done to fix it and how serious it is, is going to get passed in via this integration.

So I’m going to use an example with you guys to kind of illustrate how PlexTrac can be valuable from this point. The visual you have here is our PlexTrac platform. And I’m going to go with the idea here that we’re doing a quarterly report, and we want to include our data from our Cobalt test into this quarterly report. So from the PlexTrac platform, once you configure this new integration, you’ll have the option to just select Add from Findings and then add findings from this integration. And this is how all of our API level integrations work in the platform today. Once you select that you’re pulling in from Cobalt, we have tools here that are going to allow you to determine what findings you want to bring in. So Eugene showed an IoT report from earlier on in the summer, so we can filter by some of that data, grab those findings, and then just automatically add them from this UI feature here into your report and PlexTrac.

So once your report is populated with all of these great findings that need to be addressed, you’re going to see a much more robust experience. Here where we’re detailing all of the findings we’ll pretend we pulled in. That 25 for this use case. In the PlexTrac platform, every finding is modifiable. So from here, as you pull in this data, you can use our workflow tools, our narrative tools, to make your recommendations more robust. You can choose to filter out lower priority items if you need to focus on what’s most important. All of those features are available to you in the Black Track Platform.

Taking a look at an example of a binding that’s been sold in from the Cobalt integration, this is what you can expect to see, the title of the issue, the description coming in, information about the asset, of course, probably most importantly, the recommendation about how to resolve this issue. We are mapping in this integration over the status and the severity of this issue, and we always show the source. And this is important, in fact, track, because we are an aggregation tool. So you always want to show where this data came from. So you’ve got a good sense, if you’re working on a report that’s coming that has findings coming in from multiple places. A couple of other PlexTrac features I can call out in this visual, we do have an SLA feature that you can enable. So if you want to set goals for your team, you can configure those SLAs, and any findings you bring in from Cobalt or otherwise will then calculate that SLA against those findings based on the date that they were reported.

So, going back to my example, we’ll say we’re doing a large quarterly report I want to call out while this great valuable data is coming in already, but we pulled it into our report from Cobalt. We may have other sources that give the true story of what’s going on for the team or if you’re working with a client and what’s happened in the quarter. So PlexTrac offers multiple integrations. You can also pull additional data in from our file imports from multiple scanners, lots of robust options to build out this broader view of what’s going on in this quarter.

So I hope one more thing I’m going to call out here is now that we’ve got a report full of all of these great findings, we pulled them in from Cobalt, maybe we added some from a scanner or another tool that Flex Shock supports. We also have features that enable tracking and the status. So I talked about SLA, that’s one feature. We also have an out of the box status tracker where you can assign individual findings to a user who has access to PlexTrac, and they can remediate write notes back and forth, change the status, determine if something’s ready for retests. This is where all our remediation integrations come in, and you can take this data and pass it into a Jira ticket or ServiceNow. And I think this is a really powerful point if you’re a joint customer of Cobalt, because the finding is in your Pen test report from Cobalt, that data is then being ingested into blacktrack. And if you’re using one of our remediation integrations, it’s also being passed then all the way into Jira, and you can expand on that and add from those other sources.

So one other thing we want to call out. I hope that we’ve kind of shown you what you can expect from both Cobalt and from PlexTrac, but this isn’t the end of our relationship. We’re excited to partner with Cobalt going forward, and we already have our next feature planned and on the roadmap. So we’ll be introducing our next feature for our Cobalt integration, which will be the ability to just sort by your report names and then automatically select all of those and pull them into your PlexTrac report. And if you guys are interested in becoming a part of this community and becoming a joint customer, we would be so grateful to hear feedback and continue to work on solving these industry problems together.

Dallas, I think this brings us to the Q amp a portion of our talk today. Yes, thank you both so much. That was great. And we’ve got some awesome questions that have come in throughout the chat, so wanted to get to those. So I’ll just kind of round robin them to you. And if you’ve got a thought, both of you, for either side, just blurt them out. So the first one was just talking about the balance between manual and automatic and automated Pen testing and really talking about, can Cobalt replace automated Pen testing? What is the balance there between manual and automated Pen testing? And Eugene, I think you might be a good person, is an answer absolutely.

There’s undoubtedly value in automation. I mean, automation is part of virtually every aspect of what we do as security professionals as well as just across the industry. But we look at manual pen testing where it really can support and fill the gaps is that your pen testers are like the folks who are trying to exploit vulnerabilities and infiltrate your system. So there’s an ingenuity and an intuitiveness that comes with that, that they’re able to do in ways that automated scanners cannot. One of the things that we’ve heard quite a bit of recently from our customers is that they’re employing more and more of these scanning tools and it creates a lot of noise. And actually that’s one of the things that we’re being asked about is could we potentially leverage our Cobalt core community to help cut through that noise and be able to support our customers when they get a slew of vulnerabilities reported by their scanning tools? For instance? Sometimes they know what to do with them. Sometimes they understand that these ones are not really important.

These ones maybe are, but oftentimes they won’t know. What is the real criticality of this? Is this a real problem for me? Can this be exploited within my environment? And that’s really where manual pen testers and our researchers can come in and help provide insight on that. So I think that’s really the key distinction. So I don’t know if I would say it should replace your automated Pen testing, but it really works in unison to make sure that you have the strongest overall security posture. Great. Thank you, Eugene. And that kind of dovetails perfectly into my next question.

You kind of talked about the core of the, I think you called it the Cobalt core, the pen testing group that you’ve got over there. Just, I’d love to get some more details about how one would go about joining that group. What does that process look like? I know we’ve got some Pen testers probably in the audience today.

Sure, absolutely.

In order to join the core, we do have a strict vetting process. I’m probably not the best person to speak to that in a great bit of detail, but I can certainly follow up with some more information. But really what we see is typically the folks that are applying to Cobalt have at least five years or more of experience.

There’s a number of external certifications that we require as well as quite a few internal skill set assessments that we perform. Third party verification, background checks, certainly an interview process. So it’s a fairly extensive betting. But for Pen testers who are familiar with this industry and interested to join, it’s a big community. A lot of the community has been built over time by Pen testers referring others. So I would certainly encourage you to join and hopefully that addresses the question. Yeah, no, you did great.

So I’ve been peppering you for a little. Bit, Eugene. So I’ll go back over to Hannah here. So you called out a little bit some of the other tools that work in unison with PlexTrac. I know specifically you called out Jira and ServiceNow, but what other categories and tools do work with PlexTrac can be adjusted into the platform? Yeah, somebody was asking about that. Yeah, absolutely. So I showed just a brief list of our scanners and our file import.

So burp nessus qualifies, right? Lots of those types of tools. But we also have partnerships with Pinterra sites, some other companies that are doing more than, say, scanning. And really this touches on the challenge and the enjoyable challenge of my job, which is the roadmap for integrations. And we are constantly looking for that feedback from our customers. Our objective I showed you guys is to be an aggregation tool. So as our customers on board, we have an active idea community where we’re always looking for that next conversation. And in fact, even our partnership with Cobalt was one of our customers reaching out to us jointly and saying, let’s get this integration going and solve some terrible copy pasting that was going on and some efficiency games that needed to happen there.

So the list is, I think we’re around 20 and check out Flexrack.com. We’ve actually got a feature on our website where you can sort between key tabs, scanners, breaching, attack, simulation tools. Those categories are out there. So if you want to check out those integrations, you’ve got access to that. Yeah. Thanks, Hannah. Yeah, that’s PlexTrac.com integrations.

You can go sort through that. That’s great, and I’ll pass it over back to Eugene. I guess this could be for either of you, but kind of detailing a question that we got in the chat, which was, how does PTAs differ from a traditional pen test? Eugene, I know you kind of touched on this a little bit with how Cobalt fills in there, but I don’t know if you want to take the lead on that.

Sure, yeah. I mean, really, PTAs is just modernizing the delivery method of traditional manual pen testing, where we aim to really streamline and simplify things for you, is by making pen testing on demand. It’s something that most companies don’t have the luxury of having those in house resources who could be constantly performing this, and even those companies that do, oftentimes there’s still challenges with building those teams to the scale that’s necessary with the ever evolving and ever more complex security world. And so with Cobalt, you have this large group of resources available to you virtually on demand, similar to how you can you set up scans when your teams are developing new features. At some point in the CI CD pipeline, they trigger a security scan to delta test and regression test the results. Our aim is to try and make pen testing as close to that as possible. That level of simplicity and speed so that you can constantly get insight and constantly get experts to look and help you understand where your security is at, how you can improve it.

Great. Yeah. Awesome. Hannah, I don’t know if you have anything else to add to that if now we’ve got a couple more questions. No, I mean, I think we can cover that one. Great. Yeah.

This one, I’ve got one more for PlexTrac, and one more for Cobalt. So get you both in there one more time. So on the PlexTrac side, Hannah, you talked about Jira and ServiceNow and ticketing systems that we work with and really facilitate that passing of data. Is there any sort of advantage to handling that remediation tracking inside of PlexTrac versus using one of those tools that you mentioned? I think there are some advantages, but really we try to be flexible, and that’s why we have multiple options, because we realize security teams are different. Some of our customers are consultancies, right, and they’re working directly with their clients. Some of them are enterprise. So it depends on your team and the resources you have and what you’re looking to achieve.

So I think that if you want your team working in PlexTrac, our tools are great. Right. Because you’re using status throughout the PlexTrac platform to watch and track through the remediation, and then you can use our analytics to kind of monitor from there. But the reason we have other integrations as an option is we want our customers to have that flexibility. And we realize that sometimes there’s maybe one product in your scope that has a dedicated engineering team, and maybe that dedicated engineering team only wants their tickets in Jira in one special format. Maybe you’ve got an area where the team is more operational and they’re using service now, and that’s why we have those options and would always be on the lookout to expand those and make sure we’re being flexible enough to allow you to determine. Do you want to do that within PlexTrac and within your team, or is there a team you have to communicate with? And if there is a team you want to communicate with, we want that to be as easy as possible.

We want to break down all of those communication silos and make it really efficient to say, here’s exactly the thing that went on, here’s how serious it is, and here’s how you can fix it. Great. Yeah. Thanks, Hannah. And, yeah, I’ve got one more question, and I’ll throw it back to you, Eugene, and then we can wrap up here. Thank you so much to everyone for all awesome questions. It’s been great.

This one just relating to Cobalt. Eugene, somebody’s just asking how Cobalt would compare to and win against other PTAs platforms and solutions that might be out there.

I think one of the key points would be free retesting. That’s really something that helps us stand out amongst the competition and it’s really something that our customers value greatly. Because it’s one thing to uncover vulnerabilities. Even if our pen testers detail out their recommendations for how to resolve a given vulnerability, being able to put the fix in place and then actually have them go through and run it again to make sure that it wasn’t in fact fixed, and create some other vulnerability that maybe you weren’t aware of, that really helps close the loop and make sure that the output of your testing work with Cobalt is that you’ve really secured your asset going forward. Great, yeah. And that’s a great book to end our Q and A session. If you’ve got any further questions, feel free to reach out to us.

I don’t know if there’s an email for Cobalt, but info at PlexTrac. We’re happy to answer your questions or point you in the right direction for somebody who can, but yeah, I can wrap this up here really quickly. Hannah, if you want to go back one more slide for me. Yeah, I’ll walk you through some PlexTrac resources and then Cobalt and then we’ll get you out on your way. So, yeah, first area I want to point you guys to is over on our YouTube channel. Hannah made a call out to this earlier. We do have a new Build a Pen Test report and five minute challenge video that is out and really shows the power and speed that you can get inside of PlexTrac.

But beyond that, this webinar is going to be on there on demand if you’d like to view it again. So make sure to subscribe over there, keep up. You can see our socials here, twitter, YouTube, LinkedIn. We’ve even not gotten Instagram if that’s your thing. And yeah, if you are interested in booking a demo connecting with our team, seeing how PlexTrac can help you, PlexTrac. Comdemo is the place to do that if you want to move on. I will give a shout out to Cobalt as well.

You can see you can stay connected with Cobalt at Cobalt IO on Twitter and at Cobalt on LinkedIn as well as they’ve gotten awesome new strengthen your cybersecurity in 2023 report talking all about vulnerabilities, what companies can do to retain and nurture their talent and how to really see the ROI from the pen testing work that they do. So be sure to check that out. I’m sure that the Cobalt team will be following up with that as well, but you can go get your copy on their website now. Thank you both Hannah and Eugene for being here with me today. This is an awesome conversation. We had some great questions in the chat, so thank everyone for attending and taking a little bit of time out of your day to come chat with us. So really appreciate it and yeah, have a good rest of your day everybody.