Menu
Synack builds intel platform for its penetration testers

Synack builds intel platform for its penetration testers

Hydra will help Synack's analysts quickly find exploit vectors during penetration tests

Synack, a security company that uses crowdsourcing for penetration testing, has built an intelligence platform that it says will narrow down weak points in a company's network.

Based in Redwood City, California, Synack uses a network of freelance security analysts in 35 countries to probe the networks of companies who've signed up to its subscription service.

The analysts, who are closely vetted by Synack, get paid based on the vulnerabilities and security problems they find, ranging from $100 up to thousands. The subscription offering means companies are continually analyzed.

Jay Kaplan, Synack's co-founder and CEO, said they wanted to build platform that would help its analysts quickly focus their attention on potential trouble spots. Called Hydra, the platform spots vulnerabilities in networks and applications, looks for out-of-date software and other issues.

Previously, analysts had a very open-ended approach when given a project and used their own methodologies. It was largely up to the analysts to decide what to look at.

But large, complicated works can have lots of places to look for problems. Hydra decreases "the amount of time it take to find these exploit vectors," Kaplan said.

Synack's researchers don't work from inside companies but instead act like attackers, looking at externally-facing IP addresses and applications.

"If someone from the outside was trying to break in or trying to steal information from an organization, these are the areas they'd look at first," Kaplan said.

For analysts using Hydra, it could potentially make them more money since they can spend more time looking at areas where there could be problems. If Hydra finds something, the alerts are sent to the researcher, who can then perform a more manual investigation.

Synack plans to add modules that address mobile devices and web applications over the next few months, Kaplan said. For mobile, Hydra will look at a variety of things, from insecure cryptography to embedded passwords and keys. 

Kaplan said his company, founded about three years ago, has taken many cues from how the NSA conducts its vulnerability research. He worked at the spy agency for four years as a senior cyber analyst on offensive cyber operations.

"You can definitely draw a parallel to the way the NSA conducts business on the intel side" Kaplan said. "They very regularly leverage technology for scale --  that's scale on a whole other level -- but they also have a cyber operations workforce that is responsible for intelligence purposes."

The first phase of Hydra has been pushed to Synack's researchers, and it will go live today, Kaplan said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
Show Comments