October 19, 2017 | 7 Min. Read

Tech Giants Embrace Ethical Hackers – Why HPE, Intel, Microsoft & SAP Zero in on the Crowdsourced Security Testing Market with Synack

Normally an article like this grabs your attention with a new newsworthy hack….but with the latest Equifax incident, the majority of Americans haven’t just heard about a recent breach; they’ve felt one, as 143 million of them had names, social security numbers, birthdates, addresses and driver’s license numbers compromised.

This breach is just the most recent in what has become a cyber frenzy, with Russians being blamed for creating fake American social media accounts to spread fake news and influence the 2016 presidential election; hackers manipulating Wall Street by compromising the SEC to get early information on earnings; and Deloitte, a trusted cybersecurity consultant, being breached in the last month. The list goes on.

These headlines point to the growing problem that our security solutions, built only to achieve compliance, have failed us. They’re proving to be totally inadequate attempts at stopping criminal hackers from navigating through networks with ease. It’s a waste of time and money to utilize old solutions and comply to old standards when you know you’ll still probably get breached.

HPE, Intel, Microsoft, and SAP, some of today’s most experienced innovators in the technology space, know exactly how critical it is to have real security at the core of every business. It truly takes a lot of dedicated organizations to change how the world approaches security, and that’s why we’re excited to announce new partners and investors to the Synack network. Having these tech industry giants collaborate with and invest in Synack’s innovative model of crowdsourced security stands as a commitment to helping organizations become more secure.

Together with HPE, SAP and Microsoft, Synack will provide holistic security solutions that scale to help customers protect their entire attack surface by integrating top talent, software, and processes.

HPE

HPE, an existing investor, now delivers the Synack solution to customers worldwide via its HPE Complete program and anticipates future offensive security solutions in partnership with HPE Pointnext. These solutions will help organizations across the globe procure and embrace crowdsourced penetration testing with the help of trusted advisors from HPE.

“Given the massive skills gap the cybersecurity industry faces, HPE Pointnext is promoting a crowdsourced approach in partnership with Synack. The shortage of cybersecurity expertise is one of the main reasons adversaries continue to breach big businesses and governments. By bringing Synack into our ecosystem of service solutions, we will help our customers enhance their cybersecurity defenses by leveraging white hat researchers from around the world.”

– Vishal Lall, SVP, Strategy and Ventures, HPE

“Synack finds and addresses a number of high severity vulnerabilities on every client engagement. These critical vulnerabilities have gone undetected by other solutions and penetration testers. In partnership with HPE we expect to add many new enterprise customers across a variety of industries,” Synack Co-Founder and CEO Jay Kaplan commented. “By utilizing Synack’s crowdsourced model to proactively and efficiently test, HPE-Synack clients are likely to identify and address more than 250 Equifax-caliber vulnerabilities in the first year alone, without one Equifax-type breach. With estimations on cost of breach to Equifax being $4 billion, offensive crowdsourced penetration testing could save the global enterprise over $960 billion next year.”

SAP

Synack and SAP have collaborated to develop a solution to address security needs. SAP has already developed several trusted security solutions and a supporting large security consulting and MSS practice; now the company is teaming with Synack to focus on the white space that exists when it comes to expertly testing both SAP and non-SAP web and mobile-based applications, infrastructure, and IoT with a scalable method.

“Synack‘s capabilities, which we resell by agreement within our comprehensive managed security services portfolio, are an important part of this offering. Especially with cloud, mobile and IoT deployments, the relevance of ongoing and sophisticated vulnerability management is higher than ever.”

– Uemit Ozdurmus, Global Head of SAP Security Practice

Microsoft

Microsoft has long been the IT backbone of so many business operations, and Synack plans to help secure these environments. Synack is officially a Microsoft co-selling partner, putting the Synack service in the hands of the Microsoft sales organization as well as directly into the hands of customers through the Azure Marketplace. As Microsoft continues to help companies transition to hybrid IT deployments, Synack will aim to help its customers scale security testing across these complex environments.

Intel

Intel Capital recently invested in Synack, joining Kleiner Perkins, Google Ventures, Microsoft and Synack’s other impressive investors.

Synack CEO, Jay Kaplan commented on Intel Capital’s investment. “The Synack brand stands for quality and trust, attributes that Intel has lived for many years. We firmly believe the addition of Intel will help unlock new markets and business opportunities, further solidify our brand, and help shape our product,” said Kaplan.

“Intel’s approach to security starts with hardware, the root of trust. We are always looking for opportunities to engage with industry innovators to expand our capabilities and help protect our customers against today’s modern threats. We’re pleased to invest in Synack in this shared pursuit.”

– Rick Echevarria, Vice President, Software and Services Group and General Manager, Platforms Security Division, Intel Corporation


As these trusted tech leaders align themselves with Synack and hacker-powered security, it says something about where the market is headed: providing enterprises with a real-world perspective on how vulnerable they are to attack. The future of security testing is on-demand, offensive, and pragmatic; it’s just as relentless as the adversaries themselves.

These new strategic partnerships will:

  • Promote a high-quality, high-value product to the market that emphasizes risk mitigation and security health. The ROI of a Synack crowdsourced penetration test is estimated to be 53% higher compared to traditional pen tests due to increased effectiveness and efficiency.
  • Help Synack crowdsourced security testing gain traction in the global market. As SAP, HPE, and Microsoft serve virtually 100% of the Fortune 500 and have a customer base of 180+ countries around the world and as crowdsourcing gains traction, Synack will be positioned to achieve 300% growth in its market share by 2019.
  • Enable more customers to button up their security by moving away from compliance and volume-based metrics and moving towards severity and overall risk metrics to judge the success of their programs. 32% of the vulnerabilities reported by Synack to our clients this year were considered high severity, and Synack consistently delivers an average of 12 high severity vulnerabilities per asset tested.

For Synack Co-Founders CEO Jay Kaplan and CTO Mark Kuhr, their vision was to build a modern cybersecurity platform combined with security intelligence from the most skilled and trusted researchers around the world to help organizations understand and address their security risk. When more organizations start utilizing on-demand, scalable security solutions that prioritize finding and patching high severity, high risk vulnerabilities, we can mitigate the destruction that results from large-scale, Equifax-caliber breaches.


About Synack

Based in Redwood City, California, Synack is a security company revolutionizing how enterprises view cybersecurity: through a hacker’s eyes. Synack’s hacker-powered security platform arms clients with hundreds of the world’s most skilled, highly vetted ethical hackers who provide a truly adversarial perspective of clients’ IT environments. Synack’s confidential client base is comprised of some of the largest F500/G500 enterprise organizations across banking and financial services, healthcare, consumer goods and retail, manufacturing, technology and the U.S. Federal Government. All engagements are conducted by Synack’s vetted skilled professionals and are treated with absolute privacy. Synack was founded in 2013 by former NSA security experts Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO.


Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as “anticipate,” “believe,”“estimate,” “expect,” “forecast,” “intend,” “may,” “plan,” “project,” “predict,” “should” and “will” and similar expressions as they relate to SAP are intended to identify such forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. The factors that could affect SAP’s future financial results are discussed more fully in SAP’s filings with the U.S. Securities and Exchange Commission (“SEC”), including SAP’s most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates.