Let the Red Team protect you from black hat hackers

The days of static, reactive approaches to cybersecurity are over

Businesses are becoming increasingly digital and agile to deliver products and services easily and conveniently to their consumers. However, these benefits come with a caveat. A recent study by IDG revealed that 78 per cent of consumers would stop engaging with a brand online if the brand experienced a data breach.

Protecting the brand and business in a digital world threatened by damaging cyberattacks is just as important as running that business in the first place. Cybersecurity has become an endeavour of building consumer trust.

Leading crowdsourced security-testing platform Synack has pioneered a model that combines the best of artificial intelligence (AI) and human intelligence to beat hackers at their own game and deliver not just security, but trust to their customers.

Cybersecurity has become an endeavour of building consumer trust

Synack was founded in 2013 when former US National Security Agency employees Jay Kaplan and Mark Kuhr recognised cyberattacks were evolving far more rapidly than organisations’ defences could handle. The pair launched the industry’s first solution to crowdsource hackers safely and effectively for vulnerability intelligence.

Six years later, the Silicon Valley-based pioneers have an expansive network of ethical hackers, the Synack Red Team (SRT), in more than 60 strategic locations around the world with the task of remaining a step ahead of their criminal counterparts, 24/7, 365 days of the year.

“By deploying a team of extensively vetted and superiorly skilled ethical hackers within the confines of an agile, continuous model, it gives our customers the ability to launch and sustain their own trusted applications and digital infrastructures,” explains Synack’s chief marketing officer Aisling Scallan MacRunnels.

“When we recruit and assess ethical hackers, we have the most stringent vetting model of any security company out there. It’s not static either. It’s a continuous process to ensure we always have the best and most trustworthy researchers in the world.”

These researchers, or ethical hackers, are at the heart of the crowdsourcing business model first put forward by Synack in 2013. But the technology behind the crowd of hackers is just as important to ensure around-the-clock capabilities to stay on top of the most pertinent threats that organisations face.

According to Callum Carney, one of Synack’s British Red Team hackers: “Every day, SRT members like myself work to protect a wide variety of Synack customers. Even though each customer has their own unique application stack, there will always be some SRT members on hand with the expertise and knowledge to find the critical vulnerabilities that customers are looking for.

“To aid the SRT member in discovering these vulnerabilities, Synack created Hydra, a tool for categorising a company’s digital assets. In my experience, Hydra massively decreases the amount of time required during the recon phase of working on a new engagement, allowing myself and other SRT members to begin locating vulnerabilities faster and more efficiently.”

Ms MacRunnels continues: “Synack delivers integrated, continuous protection for organisations by seamlessly deploying their crowd with this AI-enabled technology that tracks all hacking activity for auditability and metrics, and even alerts the Synack Red Team of potential vulnerabilities to make them more efficient. Such diversity and scalability can only be realised via this optimal combination of human and machine intelligence that drives Synack’s comprehensive crowdsourcing model.”

Synack’s platform produces valuable hacker-powered data and metrics that are accessible through the customer portal. “Our portal delivers powerful insight and intelligence to the customer.  We can speed up or slow down this delivery of information to align with the customer’s internal resource capabilities,” says Ms MacRunnels.

“We’re not an outsourced function or an afterthought brought in every now and then to monitor their security. We are entirely integrated into how these companies develop secure product, created with flexibility to fit each customer’s needs, with complete transparency in terms of knowledge-sharing and education.”

The data and metrics play a huge role in security that is practical and results-focused. Not only does the Synack Red Team uncover vulnerabilities and help customers fix them, but customers are getting a real-time score that tells them how resistant they are to attacks and how that score changes over time. Experience has proven that Synack customers increase their attacker resistance scores up to 200 per cent when they utilise Synack’s crowdsourced security platform consistently over the course of two years.

“We have swung the pendulum from traditional human-based models to an intelligent, diverse and flexible model, which ensures trust between researches and customers, trust between security and DevOps teams, trust between DevOps teams and C-Level executives, and trust with their own end-customers,” Ms MacRunnels concludes. “All of that comes from trust delivered by Synack.”

For further information please visit www.synack.com