20 October 2016

Department of Defense Awards Synack Contract to Continue “Hacking the Pentagon”

Jay Kaplan

A few years ago, Mark and I left the NSA to pursue an idea. Through our daily efforts penetrating some of the most sophisticated security apparatus in the world in order to successfully enable intelligence missions, we realized that the largest commercial and government enterprises were in bad shape. They simply were not equipped to defend against the persistent onslaught and complexity of advanced adversarial attacks targeting them day-after-day. That’s when we had a breakthrough: the only way one could get ahead of this level of attack was to mimic the adversary against which they are struggling to defend.

Synack was founded with that goal in mind. We have worked relentlessly to develop a solution that incentivizes a global community of the industry’s most highly-vetted and skilled ethical hackers (the Synack Red Team) through a bounty payment model, and pairs them with proprietary purpose-built vulnerability intelligence technology to best mimic attacks and discover vulnerabilities that malicious hackers could leverage to gain access to enterprise IT systems. Since launch, we’ve seen incredible adoption – Synack’s growing, but confidential, client base is now comprised of over one-hundred of the largest enterprise organizations, including a vast majority of F500/G500 customers across the banking and financial services, healthcare, consumer goods and retail, manufacturing, technology-focused industries, as well as the U.S. Federal Government.

Today, the U.S. Department of Defense (DoD) has officially joined this impressive list of forward-thinking global enterprises, recognizing that the only way they can stay ahead of the over 77,000 annual cyber incidents with which U.S. Federal Government agencies face each year, is to adopt a model that can scale to the threats. The DoD has announced that through a newly created contract vehicle following the success of the initial Hack the Pentagon pilot effort, the DoD will leverage Synack’s private, managed approach to running a crowdsourced security testing program for the DoD’s most critical and highly sensitive IT assets – the largest government contract ever awarded in this space. We look forward to working alongside our fellow pioneer in the crowdsourced security space, HackerOne, as they continue to operate their independent bug bounty-like program in the DoD’s public domain.

Here at Synack, the foundation of our Crowd Security Intelligence model has remained the same since day one – a trusted, private, fully-managed crowdsourced security testing product that provides an accurate adversarial perspective, but with the auditability and controls necessary for critical enterprise IT environments. For Synack, having the DoD acknowledge the benefits of Crowd Security Intelligence by adopting Synack’s proactive approach is a huge achievement. We are excited to play such an integral role in building this partnership between leading crowdsourced security companies in Silicon Valley, and a leading innovator in Washington. We strongly believe this initiative is an instrumental step forward for the DoD as they continue to adopt transformative measures to best protect our nation’s most critical systems.