The Silicon Review
“We’ve helped some of our largest clients augment their own security teams, and in some cases, allowed for 250 percent more testing activity on a target than a traditional pen test.”
Synack, a Silicon Valley-based technology company, is a leading crowdsourced security testing platform. It delivers smarter penetration testing to security teams that need a scalable, continuous way to test their attack surfaces and get actionable results.
Over 1,500 of the world’s best security researchers from 82 countries are part of the Synack Red Team community that hunts for critical vulnerabilities. Their smarts combined with the company’s powerful software helps safeguard leading global banks, federal agencies, DoD sensitive assets, and more than $1 trillion in ‘Global 2000’ revenue.
The company was established in 2013 and is based in Redwood City, California.
Jay Kaplan (CEO) and Dr. Mark Kuhr (CTO), Synack Co-founders, spoke exclusively to The Silicon Review. Below is an excerpt.
Crowdsourcing Making Inroads into Advanced Security
Synack is the most trusted crowdsourced security testing platform. It crowdsources ethical hackers and augments them with AI-enabled technology to help enterprises understand how the attackers could breach their systems. The platform’s hacker-powered, AI-enabled pen test provides new security insights continuously to its customers about minimizing security risk from a hacker’s point of view.
“These insights secure our nation’s critical infrastructure and leading brands and businesses. We have helped the Pentagon defend its highly sensitive systems from foreign attackers. We have also safeguarded Domino’s against downtime that could deprive the world of its pizza delivery service.” — Mr. Kaplan
Synack has raised over $112.5M in funding and made the ‘CNBC Disruptor 50’ list four times since its founding in 2013.
The Interdependence of Intelligent Machines and Human Thinking: Promise Potent Defense System
The power of AI and Machine Learning is just being realized in cybersecurity. The real utility of these tools is aiding in quickly finding and fixing much of the low hanging fruit in cybersecurity—the common vulnerabilities that still lead to too many costly breaches—and detecting other automated attacks coming from the adversaries. These technologies are incredibly powerful when paired with the best human talent. That way, smart, ethical hackers can focus on finding the most critical vulnerabilities.
“Criminal hackers are always looking for the advantage and will continuously work to overcome ever stronger cybersecurity defenses. Therefore, we need to ensure we’re innovating faster, smarter and helping customers put up stronger defenses to stay well ahead of the digital fraudsters and crooks.” — Dr. Kuhr
Automation: Emerging as a Vital Tool for Cybersecurity
Automation is critical for good defenses. It just makes sense to create programs that can detect the most common software vulnerabilities and get them fixed as soon as possible. At scale, automating the discovery process will go a long way in protecting organizations that don’t realize just how vulnerable they are to all sorts of costly cyberattacks. Besides, automation lowers the cost of cybersecurity for many organizations. Simply put, it gives smaller businesses the ability to have baseline security protections without big security budgets.
“It’s a tragedy that so many attackers are easily exploiting the vulnerabilities that have long been identified but remain unpatched.” — Mr. Kaplan
Achieving a Rare Feat
Organizations must prioritize and focus their security efforts to patch the most critical vulnerabilities first. That said, Synack augments and supports internal operations by giving customers access to more than 1,500 of the world’s best ethical hackers—a collective force that brings to bear the best security mind trust in the business today.
“Through their work on testing customers’ assets, we’re able to help them prioritize and patch the most dangerous vulnerabilities first. We’ve helped some of our largest clients augment their own security teams, and in some cases, allowed for 250 percent more testing activity on a target than a traditional pen test.”
“For some government customers who need to mimic realistic cyber threats to assess how hardened their critical systems were to attack from nation-states, we set up a scenario in which 100 highly vetted security researchers dedicated around 7,000 hours of testing on five sensitive systems. That allowed the government client to augment their internal teams with external expertise from hundreds of security experts across the country and the globe.” — Dr. Kuhr
Outrunning the Competition
The combination of smart technologies such as Machine Learning and the smartest ethical hackers working together to carry out deep and thorough security testing is the real market differentiator. It’s also the scale of the crowdsourced platform that makes the Synack approach genuinely unique. Additionally, all of its researchers are vetted before joining the Synack Red Team, the network of ethical hackers, to ensure that customers can access the most trusted global talent.
“It’s that combination of smart technology, a community of trusted ethical hackers, and the scale that we offer that sets us apart from competitors who run traditional bug bounty programs or offer pen testing services.” — Mr. Kaplan
Going Above and Beyond
The Synack platform is designed to scale. The distributed nature of the crowdsourced model, with ethical hackers based in 82 countries, means that it’s hacking around the clock and can harness human talent when necessary.
“We were purpose-built to accommodate the biggest organizations’ growing number of digital assets and applications. For instance, when customers needed to test apps related to the COVID-19 effort quickly, we could expedite security testing to make sure these critical apps underwent the most rigorous testing. This was also the case for numerous government customers involved in the recovery efforts.” — Dr. Kuhr
Besides, Synack makes it possible to spin up penetration tests quickly. The combination of smart technologies and human hacking talent ensures the platform is finding the most common vulnerabilities and the most dangerous zero days.
The Leaders at the Helm of Synack
Jay Kaplan: Jay Kaplan, a trained NSA hacker, is the CEO of Synack. The company’s security testing is powered by a network of top ethical hackers worldwide; they protect leading global banks, federal agencies, DoD classified assets and over $1 trillion in Fortune 500 revenue. Backed by investors such as B Capital Group and C5 Capital as well as tech giants including Microsoft, Google, Intel, and HPE, Synack has raised more than $112 million in funding since its founding in 2013.
Dr. Mark Kuhr: Synack CTO Dr. Mark Kuhr co-founded the company after focusing over nine years on cybersecurity in academia and government, where he served at the National Security Agency (NSA) and Defense Information Systems Agency (DISA). Dr. Kuhr received a Ph.D. in Computer Science from Auburn University under a DoD/NSA-sponsored fellowship. His research expertise includes information security, network analysis, and jam-resistant network communication protocols.