an image of clouds by Dallas Reedy
13 September 2022

Synack Strengthens Integration to Microsoft Azure to Help Protect Hybrid Clouds

Synack

Synack Joins the Microsoft Intelligent Security Association (MISA)

Synack has recently joined the Microsoft Intelligent Security Association (MISA) and integrated with Microsoft Sentinel. This means that Microsoft Sentinel users can now easily access Synack’s global team of security experts for on demand testing of cloud assets. MISA is an ecosystem of independent software vendors and managed security providers who integrate their security solutions with Microsoft platforms and technology to increase visibility and minimize threats.

This announcement is only one component of this growing partnership and is a testament to the commitment both Synack and Microsoft have to providing flexible and scalable security solutions. Extending Microsoft’s security capabilities through partnerships and integrations like that with Synack, reduce cost and complexity for enterprises looking for end-to-end cloud security solutions.

Synack Helps Secure Microsoft Azure Hybrid Clouds

Keeping your hybrid cloud safe and secure from cyber criminals is a daunting task. Hackers are constantly searching for vulnerabilities in your cloud that they can exploit to gain access. You need to be constantly vigilant and discover and resolve all the vulnerabilities in your system while they only need to find one to be successful in penetrating it to perpetrate their cybercrime activities.

To help you more effectively protect your network from cybercriminals, Synack is now providing integrations to two key Microsoft cloud security solutions: Microsoft Defender for Cloud and Microsoft Sentinel. Additionally, new cloud-oriented services are available through Synack Campaigns, which provide on-demand access to members of the Synack Red Team for completing targeted security objectives.

Synack Provides Critical Information for Remediation of Exploitable Vulnerabilities

Microsoft Sentinel and Microsoft Defender for Cloud play a significant role in improving security operations. Microsoft Defender for Cloud provides recommendations, alerts and diagnostics to Microsoft Sentinel to provide better analytics and incident response. Microsoft Sentinel provides an overall picture of what is happening in your network taking in data from multiple sources to give security analysts a powerful tool to detect and respond to cyberattacks. Together these two solutions help provide seamless and effective security operations.

But there is a critical piece missing in this security view. You need to be able to validate misconfigurations and create attack vectors to search for and report exploitable vulnerabilities at the network layer as well as internally in your cloud. Synack, the premier security testing platform powered by the most skilled and trusted community of global security researchers provide continuous penetration testing and vulnerability discovery with actionable data and report the results to Microsoft Defender for Cloud and Microsoft Sentinel where the vulnerabilities can be investigated, analyzed, and resolved. You can run a one-time assessment, or sign up for continuous testing of your system.

View Synack Vulnerability Assessment Results in Microsoft Defender for Cloud and Microsoft Sentinel

When it comes to exploitable vulnerabilities in your cloud, time-to–resolution is critical. Synack’s new integrations to Microsoft Defender for Cloud and Microsoft Sentinel automatically sync the results of Synack vulnerability assessments to those security solutions to help decrease time-to-resolution. There is no need for human intervention or cumbersome transfer of information. You have all your vulnerability information in one place in screens that your security teams are used to working with.

Automatically Create Vulnerability Entries in Defender for Cloud

With Synack’s new integration to Microsoft Defender for Cloud, customers can create a Synack Vulnerabilities custom workbook in Defender for Cloud. The Microsoft Defender for Cloud workbook displays the exploitable vulnerabilities discovered in the Synack vulnerability assessment along with a severity status and scoring. The data syncs automatically from the Synack Client Portal directly to Microsoft Defender for Cloud.

Automatically Create Incidents in Microsoft Sentinel

Similarly, Synack’s new integration to Microsoft Sentinel synchronizes vulnerability data from your Synack account to Microsoft Sentinel for further management and remediation. It automatically creates an incident in Microsoft Sentinel for each vulnerability and keeps the incident up-to-date with the latest changes in the vulnerability.

A Holistic View of Your Cloud Security

Syncing vulnerability results from Synack to Microsoft Defender for Cloud and Microsoft Sentinel puts all of your vulnerability information in one place in a format that Microsoft Azure users are accustomed to seeing. There’s no need to log into another tool or become familiar with another report format in order for security engineers and managers to determine the health and security of their networks. Security teams can take appropriate action and update vulnerability status right in the Microsoft tool.

This capability becomes even more critical as Synack continues to expand its Microsoft Azure-specific testing portfolio, including continuous testing for Microsoft Azure and the Microsoft Azure Security Benchmark Campaign.

You can choose the sync cadence, and you can visualize your vulnerability data using Microsoft Defender for Cloud’s graphs and charts. You’ll get a high-level overview of vulnerability information, such as status, and can track these changes over time. For any assessment, you can see the associated vulnerabilities, and for more detailed information, you can link directly to the full vulnerability info provided in the Synack Client Portal. Any new vulnerabilities will automatically sync and populate into Defender for Cloud and newly discovered vulnerabilities will automatically sync and populate incidents into Microsoft Sentinel where they become part of a holistic security view. Executives or anyone else who wants to see this vulnerability or incident information can do so in Microsoft Azure display screens.

microsoft MISA

Integration Is Easy

Synack provides the custom Microsoft Azure Workbook with Synack Vulnerabilities data within your Microsoft Defender for Cloud. A backend application hosted on Synack premises provides a Custom Endpoint for the Workbook. Synack provides the default template for the Synack Vulnerabilities workbook. You can further modify the looks of your workbook, or use the endpoint to create new workbooks. It’s up to you how you want to view and manage the exploitable vulnerabilities.

Synack makes the integration easy. All you need to do is create a Synack API token and then deploy the Synack Workbook ARM template to Microsoft Defender of Cloud. After that you can access your workbook in Microsoft Defender for Cloud. Each time Synack performs a vulnerability assessment, the results will be displayed in the Microsoft Defender for Cloud workbook.

For Microsoft Sentinel, Synack provides a data connector to synchronize the vulnerability data from your Synack account. The data synchronization is performed by a Microsoft Azure Function that uses both Synack and Microsoft Sentinel APIs to pull the Synack data over to Microsoft Sentinel. Once you deploy the data connector you will start seeing new incidents in Microsoft Sentinel created from the Synack vulnerabilities. If the status of a Synack vulnerability changes, the status of the corresponding Microsoft Sentinel incident will be updated accordingly.

Now You Have a Holistic View of Your Network Security Posture

To help reduce time-to-resolution, Synack’s integrations to Microsoft Defender for Cloud and Microsoft Sentinel give you a holistic view of your network’s health and security posture encompassing all your exploitable vulnerability information, including the results of Synack penetration testing, in one place in familiar Azure screens.

On-demand Testing for Cloud Configuration with Synack Campaigns

Synack Campaigns provide on-demand access to the Synack Red Team for completion of targeted security tasks, augmenting internal teams while solving for the cybersecurity talent gap. The Azure Security Benchmark Infrastructure Campaign provides Synack researcher testing against Azure security controls. This Campaign will utilize a researcher with the right skills to provide a true adversarial perspective against your Azure services, and will validate your ASB status seen in Microsoft Defender for cloud.

For information on Synack’s partnership with Microsoft, learn more here.