22 October 2015

Unleash the Hydra


Over a year ago, I joined Synack and was asked a simple question: “How do we help our researchers scale?”. The answer has taken us a tremendous amount of learning and growing, and in the process, the Hydra team has grown from a team of one to a strong integrated engineering group that works closely with a supportive R&D org.

Today, we launch the result of those efforts in the Synack Hydra Technology Platform ™.

Our solution so far is still humble, but I am proud of it.

Forget the fancy marketing language — the goal of Hydra is to improve a researcher’s ability to make money. Hydra collects, tracks, structures and catalogues information from multiple data sources to provide the researchers, our Synack Red Team, with an advantage over the adversary. We probe IP Addresses, Mobile Applications, DNS Records, SSL Certificates, Cloud Managed Infrastructure Resources and more to form a complete picture of the perimeter-less enterprise. And we take every ounce of this information and feed it back into the hands of the SRT, so they can leverage this information to discover paths of exploitation faster.

Pulling together all of the necessary open source tools and technologies has been a huge learning experience. We’ve learned to use Go, Vagrant, Docker, Mesos, Kafka, Python, multiple databases and entire network stacks. We’ve poured through tons of code, submitted open source pull requests and learned more than a few “query languages” and along the way we’ve built a team that makes us proud. I feel that we have the legs to go much further.

By enabling a human powered approach to the cyber security problem with a powerful technology platform, we believe that we can create the ideal tool for the job — the ultimate hacker toolkit. As it stands the industry has a tremendous problem — there simply aren’t enough security researchers in the world to get the job done. By supporting those select few individuals who have a specific talent for security, we believe we can help secure businesses and humans against cyberattacks continuously and more effectively than ever before possible.

From this technology foundation we aim to continually expand and improve the actual security we can provide. By learning what our researchers find most important, that is, which tools they rely on and which techniques they prefer we can continue to build technology that better supports them. We’ve really invested in knowing our red team, and in some cases, have spent hours just sitting with them while they hack and listening to their feedback. In doing so, we can enable our researchers to reach the bleeding edge of what’s possible. And along the way we gain clarity into the exact art of cyber security, enabling our customers to understand where and how they are vulnerable.

I truly believe that this approach pushes the limits of today’s security testing model.

Reach out to me. Join the SRT. Join Synack Engineering (I’m hiring!).

Tracy Livengood – Hydra Lead Engineer