Report: 47% of IT security pros want better penetration testing

According to a recent survey by Cobalt, 74% of IT security professionals believe their organizations would test their systems more frequently if the traditional penetration testing (or “pentesting”) process was more efficient or required less management. Cybersecurity vulnerabilities are going undetected because pentesting hasn’t made its way to the 21st century — and this is a big problem.

Although software development professionals almost universally view pentesting as a critical component of application and network security programs, few organizations can actually perform as much pentesting as they want (or need) due to limited budgets and inefficiencies in the traditional pentesting process.

The most common approach to pentesting today is engaging a consulting firm with an IT practice to provide a pentesting team for a specific test project. While these engagements provide valuable input, network security teams find them to be expensive and slow, particularly in today’s on-demand, software-as-a-service (SaaS) -driven world.

Cobalt’s research found that 79% of IT security professionals agree their departments lost valuable time due to inefficiencies involved in the traditional pentesting format. Meanwhile, 71% agreed that the cost of pentesting limits their organization’s ability to test more frequently.

Enter pentest-as-as-service (PtaaS), which has emerged as a modern approach to cybersecurity threat detection and remediation. According to Cobalt’s data, PtaaS reduces the hours of work required to plan, manage, and support pentesting projects by nearly 25%, freeing up the time of security and development teams to address other critical tasks.

PtaaS can also cut the total cost of a standard pentest project by 56% compared with traditional consulting engagements, enabling organizations to reduce the same amount of risk for half the cost — or get twice the coverage for the same budget.

The “ROI of Modern Pentesting” report reveals how traditional pentest consulting engagements stack up against the PtaaS model in today’s current cyber threat climate. Cobalt surveyed 600 IT security professionals and conducted an in-depth study of six seasoned security leaders from different organizations and industries that have commissioned services from both traditional consultancies and PtaaS providers.

Read the full report by Cobalt.

Originally appeared on: TheSpuzz