TL;DR New additions to the Synack Platform include asset discovery, asset insights and board-ready executive reporting to enhance its own offering and surpass legacy pentesting that doesn’t keep up with today’s threats.
Synack has added integrated attack surface discovery/analytics and advanced reporting to its Penetration Testing as a Service (PTaaS) platform, delivering an end-to-end and continuous testing process to cover attack surface discovery, analysis, penetration testing, vulnerability management and reporting.
These new features will allow organizations to finally justify more comprehensive testing of their environment, better understand the effectiveness of their current security controls and develop processes to continuously improve their security posture.
Leveraging testing results to improve security strategy and posture is a big missed opportunity for most companies. In fact, 75% of respondents in a recent ESG survey said they would consider a switch to the new generation of platform-based pentesting solutions.
In the era of prolific and continuous breaches, it’s disappointing that the same ESG analysis found only 32% of organizations leverage penetration testing to inform their security strategy. As pentesting is one of the best ways to understand the impact of attacker tactics on your attack surface, it’s a missed opportunity to reduce security risk.
A closer look at the limitations of legacy pentesting reveals why so few organizations leverage its results to inform their security strategy. Traditional testing cadence, transparency and methods are usually not aligned with fast development cycles and complex application architectures, other than for the needs of compliance.
In addition to being out of sync with today’s development cadence, the resulting test data is rarely integrated with other security data so it can be leveraged operationally. The misalignment makes it more difficult to justify any additional investment in pentesting to improve overall security posture.
To enter this new era of pentesting, Synack offers organizations a PTaaS platform and a broad suite of functionality, enabling a scalable security testing methodology and processes to keep pace with today’s rapid development and an increasingly sophisticated adversary. Here’s a closer look at Synack’s PTaaS capabilities.
What’s New in the Synack Platform
Maintain a Current Inventory of Your Attack Surface Assets
Synack can surface IP, web and FQDN assets continually, so that your inventory is never out of date. After running a scan on initial seed assets, confirm or reject newly discovered assets based on their relevance to your organization. Once newly discovered assets are confirmed, they are fingerprinted to identify potential risks like open ports or non-compliant cloud providers. You can also segment your assets into groups, which helps to see assets that are attributed to specific teams or business units.
Make Your Attack Surface Data Actionable
Asset insights provides a blended view of tested assets and newly discovered assets. It can help you answer questions like what percentage of assets have been tested, when an asset was last tested, what vulnerabilities have surfaced on specific IPs and whether your most critical assets are getting tested on an appropriate cadence. Tagging is another way to organize assets as part of your analytics dashboard.
Customize and Export Graphs Directly from the Synack Platform
Third-party security testing metrics are a widely adopted benchmark for security teams. After feedback from customers about the need for more granular, customizable data, Synack has launched a new reporting capability. This feature allows individual charts and the high-level metrics behind them to be downloaded as a CSV file or as a downloadable chart. This means Synack customers can pick specific metrics they want to share with a variety of audiences, including executives or the board.
Bringing It All Together: A Comprehensive Security Testing Platform
Previously, teams worked in siloed products on each piece of the security puzzle. Assets and vulnerabilities fell through the cracks. Teams spent hours on putting together presentations for the board or executives using disparate data sources.
By offering these additional features as part of the platform, Synack has created the most comprehensive, integrated PTaaS offering on the market. Customers can discover, investigate, test, manage and visualize assets and vulnerabilities all on one platform. For more platform details, learn more here.
