Case Study: Datto achieves world-class product security with Cobalt's on-demand pentesting

How Datto Ensures World-Class Product Security with On-Demand Pentesting

Datto, a technology, business continuity, and disaster recovery provider for MSPs, needed a pentest partner that could support SOC 2 compliance and deliver rapid, detailed web-application testing that fit its Agile workflows. Datto faced slow, “email-and-PDF” vulnerability reporting, lack of real-time communication with testers, and the need to ramp up broader coverage quickly — so it turned to Cobalt and its PtaaS on-demand pentesting platform.

Cobalt delivered a community-driven PtaaS solution with real-time communication and flexible tester assignments, enabling Datto to “shift left” and involve developers earlier in remediation. The engagement produced measurable gains: pentesters completed testing, reporting, and retesting within two weeks, researchers could be answered within roughly 10 minutes, testing exceeded expectations, and Datto saw concrete improvements to input validation, code and logic — prompting Datto to plan on outsourcing nearly all pentesting to Cobalt.

Datto

Justin Bacco

Application Security Manager