Morning session ‘How to detect and counter unknown threats?’ on the 5th of June 2018 →

Hacker-Powered Security Platform

Synack helps clients efficiently find and fix vulnerabilities before criminals can exploit them and inflict critical damage. Synack finds, assesses, and ranks these critical vulnerabilities in even the most sophisticated, compliance-driven companies. Synack is committed to partnering with you to achieve not just compliance, but real security. With our global crowd of security experts, we bring you a hacker-powered approach to security to resist attack and reclaim the upper hand against the adversary.

Synack

Synack

What’s wrong with penetration testing?

  • Combining human ingenuity with the scalability of technology
  • An adversarial approach to exploitation intelligence
  • Tapping into the highly-skilled talent pool of security experts
  • True visibility into the scope of your security testing
  • Assurance and audit logging provides transparency and trust

Standard penetration testing fails on three major fronts: visibility, scalability and process.

Visibility - with a standard penetration test, security experts complete a checklist of testing objectives and produce a single report of their activity as the final deliverable. As the customer, you get only the results without any visibility into the process. A penetration report lacks important testing information about how effectively your attack surfaces were evaluated. Synack solves this problem through its secure gateway technology, LaunchPoint, which captures all testing traffic data through the platform.

Scalability - with a standard penetration test, you rely on a very limited diversity of skills and approaches (1–2 people per team) to test your systems thoroughly. Many security organizations will contract multiple vendors in order to ensure diversity and thoroughness in their testing. This approach can’t scale to defend against growing attack surfaces and increasing complexity of attacks. Synack addresses this challenge by utilizing the Synack Red Team, a diverse crowd of hundreds of the world’s top researchers who are highly vetted for skill and trustworthiness. The Synack Red Team is enhanced by scanning technology software, Hydra.

Process - with a standard penetration test, the expected outcome is achieving compliance through regulatory standards and the compensation model is based off a tester’s time and materials. This system proves to be impossible in incentivizing testers to find exceptionally severe vulnerabilities that have significant business impact. At Synack, we prioritize finding and fixing business-critical vulnerabilities that could have major implications to your brand and operability. We utilize a dynamic, incentive-based model that pays our researchers only for vulnerabilities found.

Our offerings?

Crowdsourced Penetration Testing (CPT)

Synack’s Crowdsourced Penetration Testing finds vulnerabilities by setting creative hackers on an unstructured hunt in web, mobile, and host/infrastructure assets. Synack Red Team researchers are incentivized through a fast-paying bug bounty model to find vulnerabilities and submit reports on their findings for verification and remediation. The unstructured testing methodology of Crowdsourced Penetration Testing mimics actual attack attempts that adversaries use to exploit vulnerabilities.

Crowdsourced Continuous Testing (CCT)

The Synack Continuous Testing and Discovery (CT&D) solution combines vulnerability discovery and penetration testing but replaces a two-week test with continuous activity. This provides constant attention to harden your attack surface. CT&D offers the most dynamic security by utilizing software-based change detection, continual scanning from intelligent Synack scanning technology, and ongoing human analysis from the Synack Red Team.

What is part of the solutions?

Synack Red Team (SRT)

The Synack Red Team (SRT) is Synack’s private network of highly-curated, skilled and vetted security researchers from around the world. These security experts undergo the most stringent combination of screening, interviews, skills testing and vetting in the industry to offer our clients only the best, most trusted solution. Synack supports the SRT with purpose-built, patented technology that makes the researchers more efficient. Researchers are rewarded for successful vulnerability submissions and consistent contributions through bug bounty payments and SRT loyalty program status.

Hydra®

Hydra is Synack’s proprietary technology that provides automated scanning analysis to the Synack Red Team in order to help them find vulnerabilities. As the industry’s first hacker toolkit built at enterprise scale, Hydra was developed to cover a vast and rapidly-evolving collection of client assets. During an engagement, Hydra continuously scans all assets in scope and alerts the SRT to newly detected findings, such as change detection, suspected vulnerabilities, and defensive technologies.

LaunchPoint®

SRT researchers are required to conduct all client asset testing through LaunchPoint, Synack’s proprietary secure gateway technology. LaunchPoint captures all testing traffic data, providing trust, transparency and auditability to the crowdsourced testing model. For researchers, captured testing activity logs can serve as legal protection if accusations of misconduct are made against them. For Synack clients, LaunchPoint offers testing data analytics such as testing hours logged, attack type analysis, testing coverage maps, and pause/restart capabilities for all testing traffic.

Mission Ops

The Synack Mission Operations team is an internal Synack team that bridges the gap between clients and SRT researchers. Mission Ops remains actively engaged with the client and the SRT at all times, alleviating security teams from vulnerability validation, triage and bounty payments, allowing them to focus internal efforts on vulnerability remediation and risk reduction.

Reporting & Analytics

Synack takes vulnerability information and testing traffic and, in real time, converts the data into meaningful dashboard and platform metrics. Testing analytics include researcher hours logged, testing coverage maps, attack attempt classification and segmentation. Reports from Synack are tailored to each client, and can include testing methodology, details, high-level summaries, and custom-written assessments from Synack’s security experts.

For more information, call our security consultants at +31 (0) 345 506 105 or send an email to info@isoc24.com

Vendors

Sourcefire, Niksun, Netwrix, Redsocks, Rapid 7, Unomaly, Logpoint, Isight Partners