06 June 2019

The Only Crowdsourced Security Testing with Endpoint Control Baked into the Platform: Introducing LaunchPoint+ for Trusted Testing

Synack

Privacy has become the topic du jour in technology circles. Apple now calls itself a privacy-as-a-service company and recently highlighted a move toward putting users in control in iOS 13. Similarly, the notions of trust and privacy in the crowdsourced security marketplace are quickly evolving, and for the better. Synack has offered our LaunchPoint VPN secure testing gateway on every engagement since its inception to protect researchers and customers. That’s why the DoD trusted the Synack crowd and technology to test mission-critical, sensitive assets during Hack the Pentagon program in 2016. We know that trust and privacy are always critical when it comes to security testing, and that continues to be true when you invite a much needed diverse crowd in to do the testing. That’s why we’re very excited to announce an enhanced secure testing gateway and introduce LaunchPoint+ to provide a managed workspace environment for trusted crowdsourced testing of enterprise and government assets. In short, Synack’s LaunchPoint+ now offers our customers the option for greater data privacy through full endpoint control.

What is Synack LaunchPoint?

Synack Red Team (SRT) researchers are required and have always been required to conduct all client asset testing through LaunchPoint, which gives customers control over their penetration testing traffic.

  • For Synack clients: LaunchPoint offers testing data analytics such as testing hours logged, attack type analysis, testing coverage maps, and pause/restart capabilities for all testing traffic.
  • For Researchers: Companies that require the most stringent testing security are willing to work with crowdsourced researchers with LaunchPoint controls in place. This brings income and opportunity to the Synack Red Team.

LaunchPoint continues to be the best in class VPN for crowdsourced security testing. For enterprises subject to increasing data privacy regulation, we have developed LaunchPoint+ to address these challenges.

Synack’s LaunchPoint+ Feature – How does it actually work?

  • Instead of using individual workstations for testing, researchers log into Synack-managed cloud workspaces to perform testing.

  • All research traffic flows through the LaunchPoint+ gateway, which provides full packet capture, real-time tracking and analytics.

These workspaces and work flow are specifically designed to help optimize for more hours on target through greater testing speed, more secure testing, and an overall better tester and customer experience. More benefits are outlined below.

What are the new benefits customers can expect through LaunchPoint+?

Consistent with the Synack focus on delivering uncompromising trust and privacy for SRT and customers alike, LP+ offers a number of new benefits that could work for enterprises or governments with especially stringent data privacy

  1. Data Privacy & Compliance Objectives – Compliance with regulatory frameworks such as the General Data Protection Regulation (GDPR),PCI-DSS, and ISO 27001 call for companies to provide enhanced transparency about how data is used.
  2. Secure Testing – Trusted, secure testing environment managed by Synack ensures researchers perform all of their security assessments from a Synack-managed trusted endpoint.
  3. Data Cleansing – Customers have the option to ask Synack to delete their data.
  4. Faster, Increased Bandwidth – Virtual workspaces provide increased bandwidth compared to what Synack’s SRT would normally use.
  5. Enhanced Malware Protection – Virtual workspaces come with malware detection installed providing an extra piece of mind to researchers and customers alike.
  6. Auditability – Complete visibility into the amount of researcher testing activity. All actions are time-stamped for audit purposes. All of the same features from Synack’s original LaunchPoint are available on LP+.

Getting Started with Synack’s LaunchPoint+

For Synack customers, please contact your Program Managers for further information. If your subscription supports LP+ (ask your Synack Program Manager for details), only an opt-in is required. Synack will do the work on the back end. You can use LP+ on web, mobile, host, and API tests.

If you would like to learn more about the most effective and trusted crowdsourced security testing available or would like further information, feel free to visit our help center or contact a Synack representative.