Jay Kaplan and Mark Kuhr, the co-founders of Synack, began their careers with the United States Department of Defense (DoD) and the National Security Agency (NSA) as technical security experts protecting the country from kinetic and cyber attacks. While at the NSA, Kaplan, and Kuhr realized that malicious attackers were coming through defenses, taking data, and putting malware on systems; it was a growing problem that few organizations were ready to defend against. The two left the NSA in 2013 to develop and launch an innovative approach to security testing by harnessing a crowd of the world’s best ethical hackers and scaling them with powerful technology. Synack would revolutionize the cybersecurity industry by offering a new form of scalable and effective offensive security for the enterprise and public agencies.
Headquartered in the heart of Silicon Valley in Redwood City, California, Synack is changing the game of cybersecurity. The firm offers its customers a team of the world’s most vetted and skilled ethical hackers (the Synack Red Team) augmented by smart technology to find and help fix high-impact vulnerabilities in web, mobile, and infrastructure assets. The Synack Crowdsourced Security Platform allows security teams to see their systems through the eyes of a hacker. “Synack’s security-as-a-service offering redefines the traditional static, signature-based model of security testing by providing a proactive, adversarial perspective on the enterprise IT environment. The actionable vulnerability intelligence from a Synack test gives internal security teams unparalleled scale and diversity and enables businesses to make better risk management decisions and protect their customers,” explains Kaplan.
A Look into Crowdsourced Security: To Scale Security, You Need a Crowd
Some of the most difficult challenges facing cybersecurity leaders today are scale and efficiency. It’s imperative to ensure new products and product updates are safe and secure through regular security testing, however, it is a considerable task to keep up at a rate that matches development. Many enterprises release new code every two weeks to multiple times a day. As digital assets change dynamically, it poses a huge challenge for human security teams to ensure comprehensive and continuous coverage, especially when there is a lack of effective methodologies and applicable technology to effectively find vulnerabilities that have been released into the environment. The challenge of human scalability in security testing only gets larger as you consider the growing talent gap in the cybersecurity industry; there will be an estimated 3.5 million jobs left unfilled by 2021 according to Cybersecurity Ventures.
In today’s environment, you need a crowd of experts to scale your security. The Synack Red Team (SRT) is Synack’s first answer to the growing talent gap in cybersecurity. The SRT is a private network of highly-curated, skilled, and vetted security researchers representing over 60 countries from around the world. Less than 12% of applicants make it through the five-step vetting process (including background checks, skills assessments, and behavioral interviews) to be on-boarded as a Synack Red Team member. Synack Red Team researchers provide rigorous, creative, and adversarial assessments through vulnerability discovery, compliance checklists, and testing reports on customer assets to help customers scale their security programs. The SRT delivers high-quality security testing to some of the largest global companies and government agencies around the world.
To Scale a Crowd, You Need a Machine
There is no doubt that human creativity is incomparable when it comes to detecting and protecting against cyber threats. Humans are much more capable of discovering and analyzing security threats that often go undetected by standalone automated scanning technologies. However, there just isn’t enough human talent to take the time to manually scan and search for vulnerabilities on all digital assets on a continuous basis. Technology, on the other hand, can automate the process of scanning through multiple applications and checking for security flaws quickly and continuously. However, many security scanners have proven to be noisy and inefficient, often overburdening security teams. When security teams receive too many alerts, it’s easy to miss important remediation on higher priority vulnerabilities.
Technology can keep pace with today’s software development lifecycles, but it’s not creative enough for us to trust that it can find and prioritize the critical vulnerabilities in our systems or that it can recognize new types of attacks. Humans can offer a deep understanding of a security vulnerability and the type of risks that need to be prioritized, but they can’t scale. Synack’s Crowdsourced Security Platform recognizes that the intersection of a crowd of humans and technology is a critical part of smart security testing. Neither machines nor humans are as effective on their own as they are together – it is important to couple the two together in a trusted way. Synack’s enhanced tests are building trust between humans and machines and providing smarter security to customers.
It’s only befitting for smart technology to augment human intelligence to deal with the current challenges in the industry. “Security hasn’t kept up with the advancement of digital transformation, but we are out to change that. We at Synack believe that the answer to scale in cybersecurity is on-demand augmented intelligence, which means taking human intelligence and machine intelligence and combining it in a way that offers the easiest to scale, smartest, and most efficient solutions,” states Dr. Kuhr.
Outside of security, crowdsourced companies like Uber, Pinterest, and Airbnb have been utilizing automation and smart technology to augment humans for years. More importantly, the crowd in these platforms is trusting the technology to help them – cars now come equipped with sensors to help people park efficiently, and humans are looking to machine learning algorithms to recommend safe lodging in foreign countries. Synack is capturing and channeling the same trust component between humans and machines for security.
Human-Powered, Machine-Augmented Security Solutions for Enterprise Networks and Applications
Synack’s Crowdsourced Security Platform empowers enterprises to strengthen their security by testing the smart way. Firms can achieve actionable results using Artificial Intelligence (AI) combined with the in-depth human investigation. The platform is built on three technology pillars which include: Hydra - an AI-powered scanner, Apollo – a continuous learning engine, and LaunchPoint – a secure testing gateway. Synack’s flagship products and solutions are built on this platform and include the following:
Disclose: Vulnerability Disclosure Program
Discover: Crowdsourced Vulnerability Discovery
SmartScanTM: Intelligent Vulnerability Assessment
Certify: Crowdsourced Penetration Testing
Synack365: Continuous Crowdsourced Penetration Testing
Driven by Advanced Technology, Trust, and Insights
Synack is the ultimate cybersecurity weapon and an absolute standout from market competitors, as a result of the following distinct advantages:
Smart Technology – Synack is the industry’s leading, and first and only cybersecurity platform to seamlessly orchestrate the optimal combination of crowdsourced human intelligence with artificial intelligence to offer effective security on a 24/7/365 basis. The firm’s smart platform technology helps security teams work smarter and four times more efficiently to protect critical digital assets. Synack’s SmartScan continuously scans for suspected vulnerabilities then engages the Synack Red Team to validate them, helping security teams increase their attack surface coverage.
Trust and Control – Synack is the most trusted crowdsourced security testing platform and a top choice for enterprises and governments. One of the firm’s key differentiators is its capability to offer secure and managed workspaces with endpoint control. Synack has introduced LaunchPoint+ which extends Synack’s original LaunchPoint VPN offering by providing a managed workspace environment for crowdsourced testing of enterprise and government assets. “Amidst calls for greater consumer privacy, Synack’s LaunchPoint+ helps organizations meet today’s rising security standards. In a recent survey by SAS, 73% of consumers stated that their concerns over data privacy were increasing. We responded by providing managed workspaces with endpoint controls to give our customers the data protection and privacy that they need during testing,” said Kaplan.
Attacker Resistance Scores (ARS) – Synack offers a quantitative score showing hardness to attackers - the Synack Attacker Resistance Score™. Synack’s platform analyzes data gathered from Synack Red Team testing activity and calculates a unique score to quantify an asset’s hardness. The Attacker Resistance Scores (ARS) allows customers to see how they compare relative to others in their industry or of similar scale.
A Commitment to Protect the Customers’ Customers: Secure Pizza Delivery
In the age of smartphones, even our pizza orders have moved online and to mobile apps. We have Domino’s to thank for this—the pizza powerhouse has successfully spearheaded a new age of convenient digital deliciousness. Today, over 60% of Domino’s pizza sales are digital,
and perhaps not coincidentally, Domino’s trades at a 50% higher premium relative to its peers. Domino’s multiplatform ordering capabilities (including multiple social media channels) and continued investment in innovative delivery technology have propelled the pizza company to new heights.
But Domino’s recipe for success is more than just sinfully cheesy pizza and convenient ordering and delivery. Domino’s was able to leverage the creativity and diversity of the crowd, a data-driven platform, insightful reporting, and a measurable score of attacker resistance. Instead of utilizing Synack as simply a security vendor, Domino views Synack as a security partner that can help them build excellent products (and deliver their pizza securely!).
Efficiency - Domino’s can augment and scale their team’s efforts without any additional or unnecessary operational burden. All responsibilities of vetting security researchers, triaging vulnerability submissions, paying out bounties, and verifying patches lie with Synack.
Effectiveness - Synack not only helps Domino’s find and fix vulnerabilities, but the firm also provides real-time intelligence to help Domino’s manage and reduce their security risk.
Control - Domino’s has complete control and can decide how they want to activate the crowd. They also have clear visibility into all testing activity and full ownership of all vulnerability findings and IP.
Our policy is if an app is going to impact the business before it goes live, it must be Synacked. -Ronald Ulko, Domino’s Information Security Manager
Helping Enterprises Achieve Maximum Business Value
Synack got its name from the foundational protocols of online networks. SYN-ACK represents the ‘handshake’ that transfers data packets between the sender and the receiver. Synack’s goal is to create a similar handshake that unites technology and human intelligence to revolutionize the cybersecurity landscape based on trust. Going forward, Synack hopes to build the essential trust between humans and machines in order for security to scale. “We understand that trust is earned, so we work towards delivering maximum business value for all our clients and hope to instill complete confidence in what we deliver. We want our clients to have total control and security over their processes, so they feel empowered to achieve greater business excellence,” concludes Kaplan.
Headquarters/Location: California, United States