Synack, the most trusted leader in crowdsourced penetration testing, announces the availability of the market’s first comprehensive crowdsourced penetration test designed specifically for government, by offering a bug bounty-based vulnerability discovery model coupled with NIST 800-53 guidelines.
Synack co-founders and technical security experts Jay Kaplan and Mark Kuhr came out of the NSA and the US Department of Defense with a shared vision to create a scalable, effective, and trusted security solution for the government.
Synack is the first crowdsourced security company to test critical federal government assets through the highly successful Hack the Pentagon project, the first to deliver a comprehensive crowdsourced penetration test to federal government customers, the first to scale their hacker-powered platform with artificial intelligence, and now the first to offer crowdsourced penetration testing via NIST 800-53.
Over the past year, crowdsourced security testing methodologies have been endorsed by the White House, the DoD, and most recently Congress, as they passed the National Defense Authorization Act for fiscal year 2020, to encourage US federal government departments to widen their implementation of crowdsourced testing in order to scale security effectively and reduce risk organization-wide.
The 2020 House and Senate NDAA reports state that “…in order to better secure the Department [Department of Defense] from cyberattacks and vulnerabilities, the committee encourages the Department to broaden its use of third party crowdsourced security platforms.”
Synack’s Crowdsourced NIST 800-53 Penetration Test can contribute to FISMA compliance without compromising on effective security. Synack’s audit-quality reports will simplify the security testing process, and as the NDAA states, help address the “sheer size and scope of potential vulnerabilities.”
Already deployed in four government agencies and with several government contractors, Synack’s on-demand Crowdsourced Penetration Testing Platform – created by ex-government offensive analysts from the NSA to specifically meet government needs – enables rapid deployment, testing at scale, customer controls, real-time results, and smart, prioritized analytics.
Adding NIST SP 800-53 Rev 4 allows departments with strict compliance standards to meet those requirements while still enjoying the benefits of a highly effective testing platform.
“A number of federal agencies trust Synack with their penetration testing and security compliance efforts due to the ease of implementation, the efficiency of the work, and the controls built into our model.
“We take a ‘no compromise’ approach to security testing. Synack can deploy these tests within 72 hours, centralize results, and produce an audit-quality report,” Synack CTO Mark Kuhr said of the company’s capabilities.
Synack’s crowdsourced penetration test offers >4x ROI compared to a traditional penetration test while maintaining the control and safety mechanisms that bug bounty testing options lack. Last month Synack announced LaunchPoint+, an enhanced secure testing gateway that offers customers the option for greater data privacy through full endpoint control.
As more CISOs at the federal government level look not only to fulfill compliance requirements but also to implement effective, risk-mitigating security, Synack’s Crowdsourced NIST 800-53 Penetration Test is the only offering on the market to realistically mimic an attack with the rigor of the world’s best security talent and proprietary technology while also achieving compliance.