Cybersecurity is a very pertinent aspect of any business and cannot be overlooked lest risk crippling the company from a costly and brand damaging cyber attack. Traditionally, penetration testing has been widely used for vulnerability assessments, but over the years this conventional method is proving to fall short of achieving its goal of securing a company’s digital assets. As application development processes speed up and we witness an incremental rise in the number and severity of data breaches, organizations need a different solution. Point-in-time testing performed by a few personnel does not cut it anymore.
Crowdsourced testing is paving the way for the future for more efficient and effective risk reduction in the application layer. It offers more insight than internal testing can ever offer, bringing to surface any crucial issues that exist. However, the trend of crowd-sourced security has yet to gain full traction with only a few vendors having penetrated this market with the right human resources and technology. Perfectly poised in this domain and one of the pioneers in the crowdsourced security testing sector, Synack (headquartered in Silicon Valley, California) leverages its leading-edge crowdsourced security testing platform and its team of highly vetted and trusted hackers to conduct vulnerability scanning, vetted red-teaming with bug bounty incentives, risk scoring analytics, insightful reports to ease remediation, and compliance checks.
The company deploys anywhere between 50 to 80 ethical hackers from over 60 countries on a single web app test, providing an organization with rich diversity in security expertise. “The way we work is that we recruit and bring onboard the world’s best and most trusted hackers. We limit our actual number of active hackers to 1000 and have a waiting list. Only 5 to 6 percent of hackers that have applied get on the Synack’s platform,” reveals Aisling MacRunnels, CMO/Business Executive & Board Member, Synack.
Portfolio of Offerings
Incepted in 2013, the company offers a gamut of crowdsourced security solutions. Managed Responsible Disclosure equips the customer with triaged vulnerability reports from outside researchers, a completely managed service. Another core Synack offering is Crowdsourced
Vulnerability Discovery which is essentially a private two-week test conducted by their crowd of stringently vetted hackers and produces triaged and prioritized vulnerabilities. Synack generates testing metrics, assists customers with patch verification, and tracks every step and keystroke taken by their hackers so that the customers have full visibility into and control over the testing. Crowdsourced Vulnerability Discovery (CVD) finds severe security vulnerabilities and weakness patterns that are often left undetected by other methods.
Synack’s Crowdsourced Penetration Testing solution is CVD plus compliance checklist and a customer Attacker Resistance security score. Crowdsourced Penetration Testing (CPT) delivers top-notch vulnerability discovery with the required documentation for compliance. At the top of the offering menu is Synack’s continuous testing model that combines CVD and CPT around-the-clock with 24/7 protection for real risk reduction. This Continuous Crowdsourced Testing (CCT) offering moves testing from an intermittent cadence to an agile flow, matching the customer’s DevOps journey. An organization’s security and development teams can integrate seamlessly for their mutual convenience.
As a leader in the crowdsourced security domain, Synack caters to a host of industry verticals and organizations such as leading Fortune 500 companies, Global 2000 enterprises, 1/3 of America’s largest banks, 75% of major credit card companies, 1/3 of the well-renowned retail brands, and so on. The team also works towards protecting DoD critical systems, the majority of US Cabinet Agencies, and every US taxpayer (via the IRS).
One of Synack’s favourite success stories is their work with Domino’s, a well-known pizza delivery chain. Five or six years ago, Domino’s created an online ordering and delivery platform to outpace their competition, and reinvented themselves as a technology company. When the company had an app that they were about to launch, they called on Synack to scan it with their AI-enabled Hydra scanning technology and then unleash the Synack hackers for deep and comprehensive human testing. If anything was found by the hackers as they waded through scores of code, processes, and data, they used to report through the platform. “Everything, all testing traffic, is being dynamically tracked through our testing platform. Once one of our hackers finds a vulnerability, he/she submits a report which is verified immediately by other ethical hackers and by our operations team; so usually it is all within hours that we come back to the customer and tell them that we’ve found something suspicious,” explains Aisling. It is not just the crowd-sourcing and AI that benefits the customer, but it’s the data in the end. The Synack model doesn’t only surface vulnerabilities, but the platform draws out the path to finding vulnerabilities, tracking and logging the keystrokes and what exactly the hacker did with what piece of information, making the entire process of finding, prioritizing, and fixing much faster and more efficient.
Combining AI and crowdsourced human intelligence is a very novel and innovative tactic in the security industry. With its seamless integrations and optimization from Synack’s operations team, the Synack platform will continue to be highly scalable.
