Last Updated: March 31, 2025

Synack Platform: Product Offering Comparison Guide

SYNACKLT
Penetration Test

SYNACK14
Penetration Test

SYNACK90
Continuous Penetration Testing

SYNACK365
Continuous Penetration Testing

API

Time of Engagement

5 days

14 days

90 days

365 days

Testing and proof of coverage reports on headless API endpoints

Synack Red Team Vulnerability Discovery

Guided

Open

Open

Open

API endpoint testing and reporting

Smartscan

N/A

Tester Rotation

N/A

COMPLIANCE

Compliance and Industry Standards Testing

Optional – premium checklists (OWASP & NIST 800-53)

Optional – premium checklists (OWASP & NIST 800-53)

Optional – premium checklists (OWASP & NIST 800-53)

Includes 2 premium checklists (OWASP & NIST 800-53)

Proof of coverage report included

Synack Platform Tiers

STANDARD

PREMIUM
DISCLOSURE

PREMIUM
DISCOVERY

ELITE

REPORTING AND ANALYTICS

Tracking for Researcher Testing Hours

Real-Time Reporting on Exploitable and Suspected Vulnerabilities

Attacker Resistance Score

infoTrack holistic security performance overtime with a risk score

Coverage Analytics

infoProvides real-time information on what, when and how assets are tested

Testing Data History & Retention

Asset List That Catalogs All Tested Assets

Fingerprinting of External Assets to Inform Further Testing

Asset Details Highlighting Previous Testing Results

API AND INTEGRATIONS

Synack API

Synack Basic Integrations (Jira, ServiceNow, Microsoft, Splunk, etc.)

MANAGED COMMUNITY ACCESS

Researcher Vetting

Proactive Researcher Rotation

Access to Researchers and Vulnerabilities

Fully Managed Researcher Payouts

infoSynack has an incentive-based model, which means Synack compensates researchers for high quality findings for clients
AUTHENTICATION & AUTHORIZATION

Single Sign-On (SSO)

Role Based Access Control (RBAC)

PLATFORM TEST CONTROLS

Self-Service Pentest Creation

infoUse Synack’s self-service assessment creation tool to launch pentests on your schedule

Pause Testing at the Click of a Button

infoPause testing on a single assessment at any time using a button in the client portal

Synack-Owned Virtual Security Researcher Workspaces

infoSynack provides each Synack Red Team member with a virtual workspace hosted in GCP

Enhanced Security with Testing Data Stored in Synack-Owned Endpoints

infoAll researcher testing data is stored in the virtual, Synack-owned workspace

Data Cleansing Available on Customer’s Request

infoCustomers have the option to ask Synack to delete their data.

Synack Command and Control Infrastructure to Contain Traffic Stemming from Exploits Requiring Callbacks

VULNERABILITY MANAGEMENT

Active Communication with Researchers

infoChat directly with members of the SRT through the platform

Patch Verification

3 per a vuln (5 credits for a PV for additional re-testing)

Included

Included

Included

Synack On-Demand Security Testing Catalog Access

infoLaunch security testing at any time, including OWASP vuln checklists, zero day tests, and other targeted testing

Internal and External Testing

External testing only

External & internal

External & internal

External & internal

Number of VPN Connections

infoSynack provides site-to-site VPN setup for internal testing
0

3

3

5

MANAGED VULNERABILITY DISCLOSURE PROGRAM

Vulnerability Disclosure Program Webform

Triage for Vulnerability Disclosure Program

infoSynack will triage vulnerabilities the public submits through your program

200 submissions per a year (each additional submission is 1 credit)

Included

External Researcher Management

infoSynack will manage relationships with members of the public that submit vulnerabilities

Real-Time Reporting

infoSynack provides a client portal for customers to view vulnerability data and generate PDF reports
ATTACK SURFACE DISCOVERY

Self-Service Discovery of New Assets

Seed Groups to Help Organize Assets and Control Access

Continual Discovery of Assets to Surface Testing Candidates

Discovered Asset Reporting Dashboard

CUSTOMER SUCCESS

Proactive Identification of Test Issues

Customer Success Personnel

Pooled CSS

Named CSS

Named CSS

Named CSS & TAM

Additional Details

*Subscription Period: except as otherwise stated above, all services will be provided during the subscription period set forth in the customer’s order form.
*OVD: incentive based open vulnerability discovery testing performed by the Synack Red Team (SRT) on in-scope test assets pursuant to agreed upon rules of engagement and testing timeline.
*Synack Catalog: with the purchase of Synack Credits, customers can launch additional tests and checklists within the Synack Platform. Synack Credits must be purchased separately.
*Attack Surface Discovery: New assets are discovered weekly and fingerprinted daily. Discovered assets are limited to 25,000 assets. Additional assets can be added for an additional fee.

Additional Offerings

*Synack Credits: Synack Credits are redeemable for the services listed in the Synack Catalog available in the Synack Platform. Catalog offerings and credit prices are subject to periodic change. Synack Credits are redeemable only for Catalog offerings. Synack Credits have no cash value, are non-transferable and non-refundable. Synack Credits are only valid during the customer’s subscription period and any unused credits will expire at the end of the subscription period.