Last Updated: April 9th, 2024

Synack Platform: Product Offering Comparison Guide

SYNACK14 On-Demand Vulnerability Discovery

SYNACK90 Continuous Penetration Testing

SYNACK365 Continuous Penetration Testing

HEADLESS API Penetration Testing

Time of Engagement

2-Week Test

90-Day Test

Year-Round Testing

Testing and proof-of-coverage reports on headless API endpoints

SmartScan with Triage by Synack Red Team

7 days of scanning

90 days of scanning

1 year of scanning

N/A

Synack Red Team Top Security Talent performing OVD*

7 days of human-led OVD

90 days of human-led OVD

365 days of human-led OVD

SRT Test each endpoint to produce a proof-of-coverage report

COMPLIANCE

Compliance and Industry Standards Testing

Not included – premium checklists (OWASP & NIST 800-53) available as add-ons

Not included – premium checklists (OWASP & NIST 800-53) available as add-ons

Includes 2 premium checklists (OWASP or NIST 800-53)

Proof-of-coverage report can be shared with compliance auditors

Synack Platform Tiers

STANDARD

PREMIUM

ELITE

REPORTING AND ANALYTICS

Tracking for Researcher Testing Hours

Real-Time Reporting on Exploitable and Suspected Vulnerabilities

Attacker Resistance Score

infoTrack holistic security performance overtime with a risk score

Coverage Analytics

infoProvides real-time information on what, when and how assets are tested

Testing Data History & Retention

Asset List That Catalogs All Tested Assets

Fingerprinting of External Assets to Inform Further Testing

Asset Details Highlighting Previous Testing Results

API AND INTEGRATIONS

Synack API

Synack Basic Integrations (Jira, ServiceNow, Microsoft, Splunk, etc.)

MANAGED COMMUNITY ACCESS

Researcher Vetting

Proactive Researcher Rotation

Access to Researchers and Vulnerabilities

Fully Managed Researcher Payouts

infoSynack has an incentive-based model, which means Synack compensates researchers for high quality findings for clients
AUTHENTICATION & AUTHORIZATION

Single Sign-On (SSO)

Role Based Access Control (RBAC)

PLATFORM TEST CONTROLS

Self-Service Pentest Creation

infoUse Synack’s self-service assessment creation tool to launch pentests on your schedule

Pause Testing at the Click of a Button

infoPause testing on a single assessment at any time using a button in the client portal

Synack-Owned Virtual Security Researcher Workspaces

infoSynack provides each Synack Red Team member with a virtual workspace hosted in GCP

Enhanced Security with Testing Data Stored in Synack-Owned Endpoints

infoAll researcher testing data is stored in the virtual, Synack-owned workspace

Data Cleansing Available on Customer’s Request

infoCustomers have the option to ask Synack to delete their data.

Synack Command and Control Infrastructure to Contain Traffic Stemming from Exploits Requiring Callbacks

VULNERABILITY MANAGEMENT

Active Communication with Researchers

infoChat directly with members of the SRT through the platform

Patch Verification

3 per a vuln (5 credits for a PV for additional re-testing)

Included

Included

Synack On-Demand Security Testing Catalog Access

infoLaunch security testing at any time, including OWASP vuln checklists, zero day tests, and other targeted testing

Internal and External Testing

External testing only

External & internal

External & internal

Number of VPN Connections

infoSynack provides site-to-site VPN setup for internal testing
0

3

5

MANAGED VULNERABILITY DISCLOSURE PROGRAM

Vulnerability Disclosure Program Webform

Triage for Vulnerability Disclosure Program

infoSynack will triage vulnerabilities the public submits through your program

200 submissions per a year (each additional submission is 1 credit)

Included

External Researcher Negotiation

infoSynack will manage relationships with members of the public that submit vulnerabilities

Real-Time Reporting for Corporate Boards and CISA

infoSynack provides a client portal for customers to view vulnerability data and generate PDF reports
ATTACK SURFACE DISCOVERY

Self-Service Discovery of New Assets

Seed Groups to Help Organize Assets and Control Access

Continual Discovery of Assets to Surface Testing Candidates

Discovered Asset Reporting Dashboard

CUSTOMER SUCCESS

Proactive Identification of Test Issues

Customer Success Personnel

Pooled CSM

Named CSM

Named CSM & TAM

Additional Details

*Subscription Period: except as otherwise stated above, all services will be provided during the subscription period set forth in the customer’s order form.
*OVD: incentive based open vulnerability discovery testing performed by the Synack Red Team (SRT) on in-scope test assets pursuant to agreed upon rules of engagement and testing timeline.
*Synack Catalog: with the purchase of Synack Credits, customers can launch additional tests and checklists within the Synack Platform. Synack Credits must be purchased separately.
*Attack Surface Discovery: New assets are discovered weekly and fingerprinted daily. Discovered assets are limited to 25,000 assets. Additional assets can be added for an additional fee.

Additional Offerings

*Synack Credits: Synack Credits are redeemable for the services listed in the Synack Catalog available in the Synack Platform. Catalog offerings and credit prices are subject to periodic change. Synack Credits are redeemable only for Catalog offerings. Synack Credits have no cash value, are non-transferable and non-refundable. Synack Credits are only valid during the customer’s subscription period and any unused credits will expire at the end of the subscription period.