Security

Platform Security Overview

Our operations are designed with security in mind, from our handling of sensitive customer data such as vulnerabilities, to the code release, upgrade, patch management, and operational security practices incorporating relevant security, policy, and evaluation frameworks such as OWASP, ISO 27001, NIST 800 series, and other best practices and meaningful standards.

security

Secure Hosting

We are hosted across multiple, independent PCI DSS Level 1 and ISO 27001-certified, SSAE 16-audited service providers with strong physical security (and no public datacenter access) such as Amazon Web Services.

security

Confidentiality

Data is protected using encryption in transit with high-grade TLS and encryption at rest with 256-bit AES. Encryption keys are securely stored in separate locations.

security

Availability

Services are provided from multiple geographic regions with automatic failover between sites.

security

Data Integrity & Backup

Backups are maintained in encrypted form only.

security

Authentication

Multi-factor: Our SaaS platform provides multi-factor authentication capabilities to our clients as an enhanced security measure. Single-sign-on (SSO) integration is available to integrate with enterprise identity providers via SAML 2.0.

security

Continuous Monitoring
& Offensive Management

The Synack Red Team (SRT) provides a continuous offensive assessment of our applications and infrastructure. We leverage a combination of SRT, third-party providers, and technology platforms to maintain situational awareness.

Certifications & Third-Party Attestations

ISO 27001 is the international standard that describes best practice for an information security management system (ISMS) to take a systematic approach to managing confidential information so that it remains secure.

Safe Harbor

Synack complies with the U.S.-E.U. and U.S.-Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce (the “Safe Harbor”) regarding the collection, use, and retention of personal data (as defined by the Safe Harbor) from the European Union and Switzerland. To learn more about the Safe Harbor principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, please visit. http://www.export.gov/safeharbor.

See our Safe Harbor certification by clicking here.

Responsible Disclosure

To report a security vulnerability, please contact security@synack.com.
A successful submission may result in an invitation to join the Synack Red Team.