From Maintenance to a Professional Pentest Reporting Platform
“Cyver is really helpful, I really like it. We had an old reporting system we developed ourselves and it was a great change to Cyver. We’re really happy with the updates and the maintenance, it feels like we get new features every month or so, I’m really happy. We can easily prepare a report that looks good, deliver extras like the customer portal to the client, and consistently get great feedback from our customers.” _ CEO Of CyberSecurityFirmD
CyberSecurityFirmD is anonymized based on preference. The firm is a cybersecurity company delivering pentesting, automated vulnerability scanning, and both offensive and defensive cybersecurity to organizations. The firm is based in the EU, but with branches in multiple countries, is able to serve customers on an international basis.
CyberSecurityFirmD stands out with a focus on a multi-pronged approach to cybersecurity, with the goal of empowering its clients to improve cybersecurity by understanding and remediating vulnerabilities. CyberSecurityFirmD has always had a focus on using automation technology for reporting, with their own pentest reporting tooling. That was first developed in-house, giving the company early access to a pentest portal and cybersecurity-as-a-service. Eventually, maintaining that portal became too much work, and CyberSecurityFirmD wanted to switch to a professional platform with a team focused on developing and maintaining that portal.
We spoke with the CEO of CyberSecurityFirmD about the company’s experience making the switch to Cyver Core and how moving from their own portal to ours has worked out for the company.
CyberSecurityFirmD
CyberSecurityFirmD is a multi-national cybersecurity firm with more than 30 pentesters working in one branch alone.
- Projects on Cyver Core: 100+
- Plan: Enterprise
- Location: EU/Eastern Europe
- Rates Cyver Core: 9
- Started: 2023
Moving from an Existing Pentest Platform
CyberSecurityFirmD had developed its own pentest platform, which it used to manage pentests, to manage pentest processes and to distribute work across its large teams.
“We originally had a solution we developed ourselves and we ended up struggling to allocate enough time to development and maintenance.” says the CEO, “We were focused on reporting and eventually our platform was outdated, which isn’t ideal for a security company, so we wanted something new”
“We also needed a single system across all our subsidiaries.CyberSecurityFirmD alone has more than 30 pentesters in Europe, it’s important for us that everyone is on the same page so to speak. So, it was important for us to have a good platform, not developed by us – so that it gets regular updates and maintenance by a team focused on just that.”
Moving to Cyver Core from a Custom Platform
CyberSecurityFirmD reviewed several pentest management platforms and eventually selected Cyver Core.
“A lot of what Cyver Core was doing was very similar to what we already had. The documentation was similar, the reporting process was similar, it was a very easy transition for us. We had a discussion with Luis about future development for us, and everything lined up.
We also really liked the issue tracking, remediation frequency, that customers can log in and directly communicate with pentesters – and they are really happy with this feature because they are asking questions – overall Cyver Core was a good documentation and reporting system, and we were happy to choose it.”
“Cyver’s option to choose from a range of different report options is also a great fit for our business model, because we operate as several companies sharing resources. It’s important that the company name and branding matches what’s been contracted with, and with Cyver, we can easily select the right template from our library. We were able to set up custom report and project templates per subsidiary, allowing our subsidiary companies to seamlessly switch branding and business name as necessary”
CyberSecurityFirmD also exported its vulnerability library from the old tool and was able to fully import it directly to Cyver Core.
Moving to Cyver Core from a Custom Platform
CyberSecurityFirmD now uses Cyver Core to deliver pentest-as-a-service, with Cyver Core’s platform and customer portal used in its marketing. All of CyberSecurityFirmD’s customers also exclusively use the portal to access reports, including viewing findings or downloading the PDF report. But, how was that process for CyberSecurityFirmD?
“We primarily use Cyver rather than any other tool for reporting. In addition, we have all of our customers in the portal, so we don’t actually send PDF files anymore. Once the client onboards, they get the findings in the portal and can choose to download the PDF if they want.”
“Our old system was designed for us, by us. It was a really great system that perfectly met our needs. We’re really happy because Cyver has the same effective workflow/approach, the same time-period for reporting, etc.”
“As a result, we actually still spend about the same amount of time on reporting as with our own platform.”
“We originally saved about 50-60% of time on reporting when we switched from writing the report by hand to in our own reporting tool. Moving to Cyver Core, we were actually able to maintain that, but without spending all the time on development and maintenance.”
“Our current process also means we upload findings and do write-ups immediately when we find issues. We don’t wait till the end of the month, if a pentester finds something, they immediately add it to the portal, so we don’t have other testers writing duplicate findings. Then, at the end of the test, we only spend about 2 hours reviewing the final report, which is pretty great.”
“Cyver’s reporting tracking and documentation means we can spend more time on pentesting and not on writing documentation. So, for technical people, the documentation and reporting really is a nightmare, and Cyver Core helps us with that a lot.”
Cyver Core also helped CyberSecurityFirmD maintain its goal of keeping everyone on the same system and inside the same processes.
“CyberSecurityFirmD has multiple subsidiaries and we’re using Cyver Core across all our companies. It’s great to use the same documentation and reporting system across our companies, because we share resources. So, that simplifies internal management and resource sharing.”
Ready to see more Cyver Core? Book a demo to get a personalized platform tour. Or, download our case studies here.