The best defense is a good offense, so goes the old saying. Redwood City, Calif.-based cybersecurity startup Synack believes that it takes white hat hackers with an intimate knowledge of the methods used by black hats to shield enterprises from attacks and stage a crushing offense.
Today, Synack announced it had raised $21.25 million in a Series C round of funding. New backers include Microsoft, Hewlett Packard Enterprise (HPE) and Singtel. Existing investors GGV Capital, Icon Ventures, GV (formerly Google Ventures) and Kleiner Perkins Caufield & Byers also participated. To date, the company has raised more than $55 million.
Synack uses a crowdsourced approach to threat intelligence, capitalizing on the expertise of ethical hackers to help keep enterprise security teams one step ahead of cyber-attackers. The company blends proprietary technology that sniffs out vulnerabilities with a vetting process conducted by security professionals. The result is a system that can detect critical, often overlooked vulnerabilities with a "signal-to-noise ratio" of over 95 percent.
Can business put their trust in folks who like to poke holes in IT environments? Yes, says Jay Kaplan, co-founder and CEO of Synack.
"We have an extremely rigorous approach to vetting our researchers (called the Synack Red Team), using interviews, background checks, skill-based assessments and more," Kaplan told eSecurity Planet. "We review applications and resumes, then set up video interviews, and test their technical skills to ensure what programs they'd be a fit for, then run background checks and ID verification -- we have identification documents for every researcher in our Red Team network on file, a far cry from the open, public bug bounty programs where all you need is an email address to sign up."
Human know-how is supplemented with Hydra, "which is equal parts a management system for our customers and an automation enabler for our researcher network, allowing tracking over time,
explained Kaplan. "The Synack platform tracks all researcher activity, which addresses risk for both the customers and researchers, as well as provides valuable analytics such as number of page hits, attack classifications attempts, and time on target. As a result, our customers are able to measure their asset's attack resistance over time, backed up by customizable reporting features."
Those customers include Fortune 500 heavyweights, financial services firms, retailers and U.S. government agencies like the IRS and Department of Defense. And business is looking up. Over the past four quarters, bookings have increased 300 percent on a year-over-year basis.
Synack plans to use the fresh funds to bulk up its European operations and expand into the Asia-Pacific region. Kaplan added that his team will also "use the investment to further our efforts to recruit the top hackers from around the world, as well as develop our intelligent technology platform, which combines the ingenuity of man with the automation of machine. I'm especially excited for our alignment with Microsoft Ventures, HP Enterprise and Singtel Innov8, which brings product development expertise, customer awareness and relationships, and scale."