Synack’s Discover: Crowdsourced Vulnerability Discovery product deploys security researchers on an incentive-driven hunt for vulnerabilities to secure your most valuable web, mobile, and host/infrastructure assets. The unstructured testing methodology of Discover mimics actual attack attempts that adversaries use to exploit vulnerabilities, ensuring that your assets and applications are thoroughly hardened to improve security.
According to recent studies, a company faces an average of 22 security breaches in 2020, and damage related to data breach costs on average $3.86 million (Source: Accenture, IBM). So what does it take to keep up with the latest cyber threats? For starters, access to cybersecurity expertise with a deep understanding of the latest attack techniques.
How it Works
Synack’s Crowdsourced Security Testing Platform is the only testing solution to harness the best in augmented intelligence for more effective, efficient penetration testing. Our vetted crowd of top security researchers tests through a secure platform, giving the customer full visibility into testing activity. Synack Red Team researchers are incentivized to hunt for vulnerabilities in the way an adversary would and submit high-quality, detailed reports on their findings for verification and remediation.
Synack SmartScan runs 24/7/365 in parallel to the SRT to proactively discover potential vulnerabilities, and help Synack researchers avoid duplicate or blind alley research. Synack manages the entire process end-to-end to remove all operational burden from your team and ensures the engagement is executed with precision to achieve your security objectives. Actionable insights, analytics, and detailed vulnerability reports are available to you in real time through Synack’s Client Portal.
Test Kick-Off Call: You set the goals, scope, and rules of engagement. We get started and can deploy testing right away. All SRT working on your engagement are vetted for skills and trust.
Test Launch: Synack deploys SmartScan throughout the two-week human testing period to assist the SRT and continues to provide automated coverage throughout the year. The SRT uses a diversity of tactics, techniques, and procedures (TTPs) to creatively hunt for exploitable vulnerabilities beyond known CVEs.
Automated and Expert Triage: For the two week testing period, The SRT and Synack Operations team triage findings, removes noise and false-positives, and gives you detailed vulnerability reports and insights in the Client Portal.
Speed: Rapidly deploy tests and get real-time analytics on testing activity, coverage, and performance.
Automated Triage: For the remaining 50 weeks of the subscription period, SmartScan scans for vulnerabilities, and identifies risk to give you suspected vulnerabilities.
Actionable Comprehensive Report: As testing findings and analytics flow into the Client Portal, you can efficiently remediate vulnerabilities with detailed steps to fix from the SRT. You can also request Patch Verification through the Client Portal. At any time, it is possible to download a human-written, audit-ready report with all vulnerability details and an impact summary. Synack Operations will also provide a formal Outbrief to key stakeholders.
Incentive-Driven Vulnerability Discovery—Researchers are awarded bounties for the vulnerabilities they find instead of using a traditional time and materials approach.
Assessment Control—The SRT work through through a secure gateway called LaunchPoint, which gives the customer additional controls over testing activity. Synack also offers LaunchPoint+, an additional security offering with Synack-owned endpoints.
Patch Verification—Synack researchers will re-test to verify that a patch is effective and can no longer be exploited.
Real-Time Reporting—The Synack portal provides real time findings on vulnerabilities found (CVSS score, steps to remediate, evidence), remediation timelines, and patch efficacy.
Vulnerability Triage—The Synack Operations team reproduces, validates, and prioritizes vulnerabilities to make sure your signal-noise ratio is as high as possible.
Program & Researcher Management—SAs and SPMs help you to manage and scope the test from end to end.
Managed Vulnerability Disclosure Program—Synack fully manages the process of vulnerability disclosure with researchers.
Attacker Resistance Score (ARS)—Synack’s Attacker Resistance Score provides a risk score for your web assets.
APIs and Integrations—Syanck offers integrations with ServiceNow, Splunk, and Jira.