The Silicon Review
Digital transformation is raising the bar for security. The risk of a cyberattack that can disrupt new digital initiatives has become untenable for organizations around the world. And yet, it is becoming increasingly cost-prohibitive for security teams to scale their defenses to the magnitude of the threat by continuing to hire more people or invest more dollars. They need an efficient solution for security on demand. That’s where the crowd comes in. The crowdsourced approach to security gives organizations the ability to fight the adversaries even in today’s complex and ever changing technical landscape.
Through its integrated crowdsourced SaaS platform, Redwood, CA-based cybersecurity company Synack provides end-to-end vulnerability management and security testing, beginning with discovering assets in your attack surface, finding exploitable vulnerabilities, providing steps for remediation, re-testing, and consolidating findings and analytics in real time in the Synack Portal. Synack combines multiple testing methodologies in a single platform to help organizations consolidate vendors and centralize control over and visibility into vulnerability risk. These methodologies include penetration testing, vulnerability assessment and application security testing, private bug bounty, managed vulnerability disclosure, and compliance.
The company was founded in 2013 by highly-regarded security connoisseurs and NSA veterans Jay Kaplan and Dr. Mark Kuhr.
“We work with major businesses, smaller growth enterprises, as well as massive federal departments such as the Department of Defense. We can conduct single tests that are less expensive and limited in scope – such as testing a new web app before a company releases it to the public – or offer more extensive continuous testing that is much more involved on targets such as ecommerce platforms that handle millions of transactions,” more said Kaplan, CEO and Co-Founder
Testing on the Synack platform combines smart technology along with the Synack Red Team (SRT), a network of more than 1,500 ethical hackers from around the world. This is a community of freelance security researchers who provide customers with an offensive approach to security by hunting for the vulnerabilities that could be used to compromise their systems or digital assets.
Crowdsourced Security Redefined
Synack has demonstrated to the industry the importance of having different researchers – each with unique talents – test an organizations’ digital assets with an offensive mindset. That type of testing is really the only way to ensure organizations are as secure as possible.
Many of those early jitters about crowdsourcing went away quickly as soon as the Synack Red Team (SRT) began finding serious vulnerabilities in its customers’ systems – problems that traditional pen testers would often miss. “We were also able to explain the vetting process that researchers undergo before they are admitted to the Synack Red Team. We only allow the most trusted and most skilled researchers. The vast majority of those who apply for the SRT don’t meet our rigorous standards,” said Kaplan.
The Synack platform is designed to accommodate many different types of organizations. While the company works with many of the biggest brands in the world, the platform is flexible enough so that smaller enterprises, startups, and medium-sized businesses will be able to test their digital assets. “We want to ensure that every organization that needs security testing will be able to take advantage of crowdsourced security testing,” explained Kuhr, CTO and Co-Founder. The company’s crowdsourced platform protects many of the world’s biggest financial organizations, 22 federal agencies, global banks, DoD classified assets, and more than $6 trillion in Fortune 500 and Global 2000 revenue.
Making the World More Secure
The pandemic has forced all businesses to think differently about how they work, how they innovate and what they could do to support their employees – and their employees’ families – through a global crisis. It has tested all of us. For Synack, it proved the value of its culture of collaboration, creativity and relentless innovation. In many ways, the company was truly built to survive the transition to a remote work environment with its massive network of 1,500 ethical hackers who live and work around the world.
“Thankfully, we are aligned in a mission that unites our managers and team members around a common purpose: We want to make the world a better and safer place by helping defend customers against cyberattacks,” said Kaplan.
The mission to make the world more secure has driven Synack’s business to new heights in 2020 as organizations on the frontlines of COVID-19 relief looked to the cybersecurity company to test their most critical applications. “Now, we’re hiring more than ever so we can protect even more organizations around the world. Our $52 million series D round has fueled our growth to better serve our customers. After 2020, we feel like the company is stronger, taking on new business missions as well as social challenges such as inclusion and diversity issues,” explained Kuhr.
Helping protect the world against increasingly sophisticated and punishing cyberattacks is a challenging task. But Synack has the support of smart and dedicated investors, an amazing group of employees and the world’s best ethical hackers working for it to make it happen.
Jay Kaplan, CEO and Co-Founder
Prior to founding Synack, Jay served as a member of the DoD’s Incident Response and Red Team and as a Senior Computer Network Exploitation and Vulnerability Analyst at the National Security Agency. He received multiple accolades for classified work at the NSA while supporting counterterrorism-related intelligence operations and was also a former member of the Commission on Cyber Security for the 44th President. He received a BS in Computer Science with a focus on Information Assurance and a MS in Engineering Management from George Washington University while studying under a DoD/NSA-sponsored fellowship.
Dr. Mark Kuhr, CTO and Co-Founder
Dr. Mark Kuhr co-founded Synack after focusing over nine years on Cyber Security in academia and government, where he served at the National Security Agency (NSA) and Defense Information Systems Agency (DISA). Dr. Kuhr received a Ph.D. in Computer Science from Auburn University under a DoD/NSA-sponsored fellowship. He has published several papers on enterprise cybersecurity and performed research under DoD contracts related to information security, network analysis, and jam-resistant network communication protocols. He holds a number of security related certifications from CNSS and ISC(2).
“Synack combines multiple testing methodologies in a single platform to help organizations consolidate vendors and centralize control over and visibility into vulnerability risk.”
“The company’s crowdsourced platform protects many of the world’s biggest financial organizations, 22 federal agencies, global banks, DoD classified assets, and more than $6 trillionin Fortune 500 and Global 2000 revenue..”
“Testing on the Synack platform is carried out by the Synack Red Team (SRT), a network of more than 1,500 ethical hackers from around the world.”