Synack: The Security Platform that Leverages Hackers

Jay Kaplan, CEO & Co-Founder
Jay Kaplan is the CEO and co-founder of Synack, a company that utilizes a hacker-powered security platform to keep organizations’ digital assets secure. With several years of experience as a security practitioner at the US Department of Defence (DoD) and National Security Agency (NSA) and over 5 years building Synack’s security platform and curating the crowd of top security researchers to power it, Kaplan has a unique vantage point on the security landscape. His take: while every enterprise is eying for digital transformation, it can only be sustained if security transformation happens alongside it. Today’s enterprises have to think about security from the ground up, which means: integrating security and development teams together, and measuring and prioritizing security risk more accurately.

An integrated development and security approach allows for a continuous testing cadence, which enables companies to build products more securely and ship them faster. “If you want to innovate the smart way, you have to bring the security and development teams together, and I think this is something that a lot of companies miss,” says Kaplan. “Many organizations consider security to be like parental supervision, but in reality, it should be seen as something that takes teamwork.” Second, the enterprise needs more visible metrics around security and better ways to measure risk. Synack offers its customers an Attacker Resistance Score (ARS) to achieve this end, which measures an asset's hardness against an attack based on the performance data gathered during a crowdsourced penetration test. ARS provides a realistic assessment of an asset’s security risk from a hacker’s perspective and allows organizations to benchmark against industry peers. Once testing is complete and scores are given, Synack works hand-in-hand with their customers’ development and security teams to understand their attack surface, effectively patch vulnerabilities, and prioritize future action to level up the security.

The Synack platform is made up of multiple components including a curated crowd of security researchers, intelligent scanning technology, a secure VPN testing gateway, a Synack vulnerability management team, and a customer portal.
Synack’s hacker-powered security platform is powered by the company’s Synack Red Team (SRT), a private network of highly-curated and vetted security researchers representing over 60 countries. The SRT searches for exploitable vulnerabilities across clients’ mobile or web apps and host infrastructure. Synack's scanning technology, Hydra, continually scans all customer assets and alerts the SRT with suspected vulnerabilities that require further testing. All testing activity is routed through Launchpoint, a secure VPN testing gateway that offers customers full transparency and control. Launchpoint captures data in real-time and is available to view in the customer portal. The Synack Mission Ops team is an internal team of vulnerability experts that work closely with clients throughout their engagements to help with scoping, manage researcher communication and payment, triage vulnerabilities, and general support. Synack’s portal gives customers the ability to start and/or pause a test, review testing metrics, review vulnerabilities in progress, verify any patches made, and review their ARS score.

The Synack solution often takes 24 hours to deploy; there is immediate reporting if vulnerabilities are found, and it takes less than 72 hours to verify patches. As the world heads toward a 3.5 million gap in open cybersecurity jobs by 2021 (Cybersecurity Ventures), the Synack platform helps security teams scale without extra operational burden or resource strain.
Synack’s crowdsourced approach has not gone unnoticed; Google, Microsoft, Hewlett Packard, Intel and others have invested and partnered with Synack in the quest to help organizations integrate security into their product development cycle and to better understand their security risk. Domino’s CISO & VP remarked, “Synack is changing the way we do security testing; our developers want their products to be ‘Synack-ed’ before they ship.”

Synack is pushing the boundaries of security testing and delivering more efficient, more effective, and more controlled security testing over a wide variety of rapidly evolving IT environments.

Company
Synack

Headquarters
Redwood City, CA

Management
Jay Kaplan, CEO & Co-Founder

Description
Synack’s hacker-powered platform provides organizations with the efficiency, effectiveness, and control they need to address their vulnerabilities and reduce their cybersecurity risk

Synack