August Edition 2019

Human and machine intelligence that is transforming security: Synack


Constant connectivity is defining our way of life as we use the internet for an increasing number of tasks from doing our daily work, finding and paying for services, planning vacations, paying bills, grocery shopping, etc. Every internet-based service requires user information such as names, social profiles, credit card information, banking details, and so on, which presents attractive and lucrative opportunities for criminal hackers to exploit them. Cybercrime is one of the biggest threats of our time, and the damage affects consumers and businesses alike. Cyber attacks don’t only result in the theft of sensitive user information and mission-critical business data, but it also causes significant and costly business downtime. According to the World Economic Forum, economic loss due to cybercrime is predicted to reach $3 trillion by 2020.

Cybercrime is a growing threat to organizations of all sizes and across all industries. Penetration testing is one of the most common traditional methods utilized by security teams to help them identify and fix vulnerabilities quickly and effectively before a criminal can exploit them. However, there are many problems with traditional penetration testing, including infrequent testing cadences, lack of control in timing and implementation, limited visibility into the testing, limited diversity in talent, and no incentives for testers to look for vulnerabilities that have the potential to cause a lot of damage. Today’s security leaders are looking to go beyond traditional preventive cybersecurity measures in order to protect their businesses.

Synack is one cybersecurity company that stands out in providing innovative, state-of-the-art protection against a wide range of threats. Founded six years ago by two experts who worked for the National Security Agency (NSA) of the United States, Synack aims to transform the way organizations conduct their security testing. Co-founders Jay Kaplan and Mark Kuhr realized that there was a growing talent gap (there will be 3.5 million cybersecurity jobs left unfilled by 2021 according to Cybersecurity Ventures) that limited the effectiveness of organizations’ security. However, Kaplan and Kuhr knew that there was exceptional security talent that existed around America and the world; it just needed to be utilized creatively. They decided to crowdsource the best talent from around the world and build an innovative and effective security testing solution around them.

The power behind Synack is their network of crowdsourced ethical hackers, the Synack Red Team (SRT), who come from middle-of-the-country America to India and represent over 60 countries from around the world. The Synack Red Team recruits and retains the world’s most skilled and most trusted ethical hackers: every Synack Red Team member has gone through an intensive 6-step vetting process to test their skills and trustworthiness. Less than 12% of all applicants make it through the full process to become part of the Synack Red Team.

All testing by SRT hackers is conducted securely and puts the customer in complete control. LaunchPointTM is Synack’s proprietary secure gateway technology through which all SRT testing traffic is routed. LaunchPoint offers testing data analytics (such as testing hours logged, attack type analysis, testing coverage maps) and pause/restart capabilities for all testing traffic. Customers also have the option to utilize LaunchPoint+, which is a hosted workspace that provides additional data privacy and security benefits.

The lack of talent isn’t the only concern of security leaders today. As organizations grow in technical sophistication and manage not only vast digital infrastructures but also a significant number of security vendors, scale is a huge problem. Many enterprises manage more than 70 security vendors and receive thousands of security alerts each month.

This year, Synack has been launching new technology features and products as part of their security testing platform, in order to enhance the work of their industry-leading global network of hackers and to help customers scale their security. SmartScan, a “smart” proprietary vulnerability scanner, works in tandem with the company’s crowdsourced network of ethical hackers to alert them of suspected vulnerabilities, while continuously learning the techniques of human testing, to provide cybersecurity testing support on a 24/7/365 basis.

Synack’s AI-enabled and human-powered crowdsourced security platform delivers the perfect combination of human creativity and depth with the speed and reach of a machine. Thanks to augmented intelligence from human and machine, the platform becomes more effective and efficient at identifying exploitable vulnerabilities over time. Synack’s crowdsourced testing solution offers >4x the efficiency compared to a traditional penetration test while maintaining the control and safety mechanisms needed in a crowdsourced model. Additional benefits of the Synack Crowdsourced Security Platform include:

  • Noise Reduction: 99.98% of total noise is reduced from platform technology and human triage.
  • Higher Value: The latest version of Synack’s platform with augmented intelligence gives customers a 159% ROI in comparison to a traditional penetration test and 262% ROI in comparison to a traditional scanner.
  • Efficiency: >4x the efficiency of a traditional penetration test.

In addition to SmartScan, Synack has also recently launched enhanced reporting features, Apollo (a machine learning and automation engine), and LaunchPoint+ (an improvement to its secure testing gateway with added researcher endpoint control and enhanced workspaces) to its platform.

Meet the visionary behind Synack, Jay Kaplan

Jay Kaplan serves as CEO of Synack. Prior to founding Synack, Jay served as a member of the DoD’s Incident Response and Red Team and as a Senior Computer Network Exploitation and Vulnerability Analyst at the National Security Agency. He received multiple accolades for classified work at the NSA while supporting counter terrorism-related intelligence operations and was also a former member of the Commission on Cyber Security for the 44th President. Jay received a BS in Computer Science with a focus on Information Assurance and an MS in Engineering Management from George Washington University while studying under a DoD/NSA-sponsored fellowship.

“We deliver a continuous security scaled by the world’s most skilled ethical hackers and AI technology.”