An integrated development and security approach allows for a continuous testing cadence, which enables companies to build products more securely and ship them faster. “If you want to innovate the smart way, you have to bring the security and development teams together, and I think this is something that a lot of companies miss,” says Kaplan. “Many organizations consider security to be like parental supervision, but in reality, it should be seen as something that takes teamwork.” Second, the enterprise needs more visible metrics around security and better ways to measure risk. Synack offers its customers an Attacker Resistance Score (ARS) to achieve this end, which measures an asset's hardness against an attack based on the performance data gathered during a crowdsourced penetration test. ARS provides a realistic assessment of an asset’s security risk from a hacker’s perspective and allows organizations to benchmark against industry peers. Once testing is complete and scores are given, Synack works hand-in-hand with their customers’ development and security teams to understand their attack surface, effectively patch vulnerabilities, and prioritize future action to level up the security.
The Synack platform is made up of multiple components including a curated crowd of security researchers, intelligent scanning technology, a secure VPN testing gateway, a Synack vulnerability management team, and a customer portal.
The Synack solution often takes 24 hours to deploy; there is immediate reporting if vulnerabilities are found, and it takes less than 72 hours to verify patches. As the world heads toward a 3.5 million gap in open cybersecurity jobs by 2021 (Cybersecurity Ventures), the Synack platform helps security teams scale without extra operational burden or resource strain.
Synack’s crowdsourced approach has not gone unnoticed; Google, Microsoft, Hewlett Packard, Intel and others have invested and partnered with Synack in the quest to help organizations integrate security into their product development cycle and to better understand their security risk. Domino’s CISO & VP remarked, “Synack is changing the way we do security testing; our developers want their products to be ‘Synack-ed’ before they ship.”
Synack is pushing the boundaries of security testing and delivering more efficient, more effective, and more controlled security testing over a wide variety of rapidly evolving IT environments.