Last Updated: September 1, 2024
Synack Platform: Product Offering Comparison Guide
SYNACK14
On-Demand Vulnerability Discovery (OVD)
SYNACK90
Continuous Penetration Testing
SYNACK365
Continuous Penetration Testing
HEADLESS API
Penetration Testing
Time of Engagement
2-Week Test
90-Day Test
Year-Round Testing
Testing and proof-of-coverage reports on headless API endpoints
SmartScan with Triage by Synack Red Team
7 days of scanning
90 days of scanning
1 year of scanning
N/A
Synack Red Team Top Security Talent performing OVD*
7 days of human-led OVD
90 days of human-led OVD
365 days of human-led OVD
SRT Test each endpoint to produce a proof-of-coverage report
Compliance and Industry Standards Testing
Not included – premium checklists (OWASP & NIST 800-53) available as add-ons
Not included – premium checklists (OWASP & NIST 800-53) available as add-ons
Includes 2 premium checklists (OWASP or NIST 800-53)
Proof-of-coverage report can be shared with compliance auditors
Synack Platform Tiers
STANDARD
PREMIUM
DISCLOSURE
PREMIUM
DISCOVERY
ELITE
Tracking for Researcher Testing Hours
Real-Time Reporting on Exploitable and Suspected Vulnerabilities
Attacker Resistance Score
Coverage Analytics
Testing Data History & Retention
Asset List That Catalogs All Tested Assets
Fingerprinting of External Assets to Inform Further Testing
Asset Details Highlighting Previous Testing Results
Synack API
Synack Basic Integrations (Jira, ServiceNow, Microsoft, Splunk, etc.)
Researcher Vetting
Proactive Researcher Rotation
Access to Researchers and Vulnerabilities
Fully Managed Researcher Payouts
Single Sign-On (SSO)
Role Based Access Control (RBAC)
Self-Service Pentest Creation
Pause Testing at the Click of a Button
Synack-Owned Virtual Security Researcher Workspaces
Enhanced Security with Testing Data Stored in Synack-Owned Endpoints
Data Cleansing Available on Customer’s Request
Synack Command and Control Infrastructure to Contain Traffic Stemming from Exploits Requiring Callbacks
Active Communication with Researchers
Patch Verification
3 per a vuln (5 credits for a PV for additional re-testing)
Included
Included
Included
Synack On-Demand Security Testing Catalog Access
Internal and External Testing
External testing only
External & internal
External & internal
External & internal
Number of VPN Connections
3
3
5
Vulnerability Disclosure Program Webform
Triage for Vulnerability Disclosure Program
200 submissions per a year (each additional submission is 1 credit)
Included
External Researcher Negotiation
Real-Time Reporting for Corporate Boards and CISA
Self-Service Discovery of New Assets
Seed Groups to Help Organize Assets and Control Access
Continual Discovery of Assets to Surface Testing Candidates
Discovered Asset Reporting Dashboard
Proactive Identification of Test Issues
Customer Success Personnel
Pooled CSS
Named CSS
Named CSS
Named CSS & TAM