enterprisesecuritymag

Synack: Hacker-Powered Attacker Resistance

Follow Synack on :

Jay Kaplan, Co-Founder & CEO, SynackJay Kaplan, Co-Founder & CEO
There’s a pressing shortage of trained and qualified personnel who can handle modern-day cybersecurity threats, and leading cyber experts have to lean more heavily on artificial intelligence (AI) and machine learning (ML) to protect their attack surfaces. When it comes to cybersecurity, though, no amount of technology can be sufficient without human intelligence (HI) working alongside it. Synack, the leading crowdsourced security testing platform, knows this truth better than anyone, which is why their optimal blend of AI and HI to combat cyber threats is changing the game of enterprise cybersecurity. Synack’s founders—Jay Kaplan, CEO, and Mark Kuhr, CTO—bring exceptional cybersecurity experience from their time at the NSA. Since 2013, Kaplan and Kuhr have been building out a crowdsourced security platform to deliver cutting-edge solutions that offer continuous and comprehensive coverage of attack surfaces.

A key part of the Synack solution is the Synack Red Team (SRT)—a global pool of highly experienced and vetted ethical hackers who look for vulnerabilities in clients’ networks and applications through the Synack platform. Synack’s hackers also work on compliance checklists for a variety of industry standards. Synack Red Team hackers undergo stringent vetting to validate their hacking expertise and trustworthiness; less than ten percent of applicants are accepted into the SRT.

While Synack’s crowd of hackers are at the heart of their crowdsourcing business model, the technology behind the crowd is just as important to ensure the necessary scale and efficiency to stay on top of the onslaught of threats that organizations face. The SRT are empowered by a hacker toolkit that helps them conduct reconnaissance, find entry points, and focus in on suspected vulnerabilities.
Synack created Hydra, a tool for categorizing a company’s digital assets and identifying suspected vulnerabilities in the attack surface, to make human testing more efficient. It’s the first of its kind in the industry.

Such diverse and scalable security can only be realized via this optimal combination of human and machine intelligence that drive Synack’s comprehensive crowdsourcing model. The solution also allows customers to achieve their compliance requirements and comply with PCI, HIPAA, or any other industry standards. Additionally, Synack provides value beyond discovering vulnerabilities and achieving compliance; the AI-enabled platform also tracks all hacking activity to provide audit ability, metrics and insight available to the user through the customer portal. The data and metrics play a huge role in security that is practical and results-focused. Customers are getting a real-time score that tells them how resistant they are to attacks and how that score is trending over time. Experience has proven that Synack’s customers increase their Attacker Resistance Scores by up to 200 percent when they utilize Synack’s crowdsourced security platform consistently over the course of two years.

One of Synack’s customers is a national agency that wanted to identify and mimic breaches on their systems in order to avoid them in the future; they were looking for a solution to help them perform scalable security testing. Since the bureau dealt with highly-sensitive data, they required a decorum of trust to be set in place before they proceeded. “Organizations can’t think of security as just an IT issue—it’s a trust issue, which massively affects their reputation and their business. It’s important for today’s organizations to build trust and security by design, which takes intention and diligence. Security has to be a lifestyle,” explains Kaplan. The Synack Red Team and platform provided the agency’s leaders with fast and quality results and insightful metrics that helped them harden their critical systems. The customer was impressed by the professionalism shown by the Synack team, and at how easily they were able to discover and understand their vulnerabilities, patch the critical vulnerabilities, verify those patches and improve their Attacker Resistance Scores.

Cybersecurity has become an endeavor of building trust inside a company and with consumers. Synack has pioneered a security testing model that combines the best of artificial intelligence (AI) and human intelligence (HI) in order to beat hackers at their own game and deliver not just security, but trust.
Synack

Company
Synack

Headquarters
Redwood City, CA

Management
Jay Kaplan, Co-Founder & CEO