Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

5/28/2020
02:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Synack's $52 Million Investment Fuels Future of Remote Security Testing from World's Elite Hackers

Synack advances the only crowdsourced penetration testing platform that pairs ethical hacking skills with artificial intelligence to confront new and evolving cyber threats.

REDWOOD CITY, Calif.--(BUSINESS WIRE)--Synack, Inc. (“Synack”) today announced that it raised $52 million in Series D funding to transform security testing through its crowdsourced platform powered by the world’s most skilled ethical hackers who work with proprietary Synack technology to accelerate the hunt for critical software vulnerabilities.

New investors B Capital Group and C5 Capital co-led the round, bringing total funding to $112.1 million. Previous investors GGV Capital, GV (formerly Google Ventures), Hewlett Packard Enterprise (“HPE”), Icon Ventures, Intel Capital, Kleiner Perkins, Microsoft’s venture fund M12 and Singtel Innov8 (the corporate venture arm of the Singtel Group) also participated in the round.

In 2013, Synack set out to leverage the best cybersecurity talent so organizations could swiftly discover critical vulnerabilities that left them dangerously at risk. Today, more than 1,500 of the world’s most skilled ethical hackers from 82 countries are active members of the Synack Red Team (“SRT”). Synack augments their talents with continuous security monitoring technology that utilizes machine learning and AI to quickly and more efficiently root out vulnerabilities.

Global 2000 companies — the world’s leading banks, retailers and healthcare companies representing over $1 trillion in assets — as well as major federal government agencies such as the Department of Defense (and the “Hack the Pentagon” program) and cutting-edge defense and aerospace companies such as General Dynamics Information Technology (“GDIT”) already trust some of their most critical assets to Synack.

"GDIT upholds a continuous cyber commitment to our customers," said GDIT Chief Information Security Officer Michael Baker. "It's a core part of our mission to ensure the cyber protection for today while anticipating the threats of tomorrow. During today's remote working environment, crowdsourced security has enabled us to continuously operate in a distributed model with confidence."

This $52 million funding round will allow Synack to invest even more in the SRT community, further advance its SmartScan® technology that continuously monitors for vulnerabilities and enhance data analytics and research to demonstrate the value of Synack’s hacker-driven approach.

Additionally, Synack will use the money to:

  • Expand internationally. Organizations throughout the U.S., Europe and in parts of the Middle East and Asia have already adopted Synack’s platform. Now, Synack will expand its international reach by forging new relationships with businesses and agencies in critical need of advanced, continuous vulnerability testing. Much of this will be done through Synack’s expanding global partner network. Synack will also extend its offering beyond the Global 2000 to accommodate medium sized and smaller enterprises.
  • Continue innovating. Synack will invest in its core products that combine hacker talent with AI and machine learning to find and fix exploitable vulnerabilities at scale.
  • Improve security for everyone. The investment will give Synack greater flexibility to invest in new products and offerings that can expand its crowdsourced cybersecurity model at a critical time when all organizations are relying on an increasingly remote workforce.

“For years, remote work has become more and more desirable. Now, it’s essential. Companies of all sizes are leaning on the platforms and services that enable a more nimble, dispersed workforce,” said Synack CEO Jay Kaplan.

“The only way to guarantee trust and control in cybersecurity used to be through on-site work. That’s simply no longer the case. Synack can maintain trust and visibility all while giving customers access to an army of the most talented ethical hackers to defend against today’s relentless cyberattacks. Over the past seven years, we’ve proven this model has kept critical organizations safe.”

Premier investors B Capital Group and C5 Capital will partner with Synack to add value through its next stages of growth. As a global investor specializing in growth-stage firms, B Capital Group provides hands-on support in areas such as business development, operations, talent management and capital formation through a dedicated in-house team and a strategic partnership with The Boston Consulting Group.

“Synack offers a market-leading and unique augmented intelligence cybersecurity platform to secure mission-critical applications for some of the world’s largest banks, retailers, technology vendors, and federal agencies,” said Rashmi Gopinath, General Partner at B Capital Group. “The remote, crowdsourced model is incredibly vital for organizations to fast track security testing especially in the current environment. Synack’s approach will become the default way for all organizations — regardless of their size — to test vulnerable digital assets. I am really excited to back the Synack team for a second time through B Capital.”

C5 Capital is a leading investor specializing in technologies that can establish a more secure digital future. They recognized the critical role Synack plays in solving the cybersecurity talent gap, which has become glaringly apparent during the current health crisis. Throughout this period, the SRT was a collective force for good, working to secure Covid-19 related apps from key government agencies. In March, when the initial stay-at-home orders took effect in the U.S., the SRT spent 70 percent more time hunting for vulnerabilities and found 250 percent more flaws than the same period last year.

“This is a model that can resolve the widening cybersecurity skills gap,” said William Kilmer, managing partner of C5 Capital, “The combination of crowdsourced penetration testing with hackers from more than 80 different countries and insights from artificial intelligence enables sustainable security at scale, giving organizations the ability to take advantage of the world’s best ethical hackers to protect critical information and customer data. We believe this powerful combination has the potential to solve many current and future cybersecurity issues.”

For more information about how Synack helps organizations defend themselves against cyberattacks, how the crowdsourced cybersecurity model works or what it's like for the ethical hackers working on the platform, please visit www.synack.com.

About Synack

Synack is the most trusted crowdsourced security platform on the market continuously protecting organizations with unparalleled ethical hacker talent and proprietary scanning technology. More than 1,500 of the world’s best security researchers from 82 countries are part of the Synack Red Team community that hunts for critical vulnerabilities. Their smarts combined with Synack’s powerful software safeguards leading global banks, federal agencies, DoD sensitive assets, and close to $1 trillion in Global 2000 revenue. A 4-time CNBC Disruptor 50 company, Synack was founded in 2013 by former NSA security experts Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO. The company is located in Silicon Valley with regional offices around the world.

About B Capital Group

B Capital Group is a global firm specializing in equity investing in venture and growth-stage companies that have achieved traction with customers. Through our extensive global network and exclusive partnership with The Boston Consulting Group, B Capital helps high growth startups navigate business challenges, raise capital and attract talented leadership at key points of their journeys to scale. With offices in San Francisco, New York, Los Angeles and Singapore, B Capital believes innovation can come from anywhere. Our unique multinational presence and deep industry knowledge have enabled us to build a portfolio of startups in Enterprise application software, Infrastructure, Security and AI/ML, Fintech and Insurtech and HealthcareTech and Bio IT that are transforming large traditional industries across borders and geographies. Portfolio companies include AImotive, Atomwise, Blackbuck, Bounce, Bright.md, CXA, Evidation Health, Icertis, INTURN, Plastiq, Ninja Van, Notable Labs and SilverCloud Health. For more information, visit http://www.bcapgroup.com/.

About C5 Capital

C5 Capital Limited (C5) is a global specialist investment firm that exclusively invests in the secure data ecosystem, including cyber security, cloud, AI and space. The firm is dedicated to nurturing a secure digital future with an investment strategy that is based on building long-term relationships with innovative companies that share in our mission. For more information, visit: www.c5capital.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17452
PUBLISHED: 2020-08-09
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
CVE-2020-17451
PUBLISHED: 2020-08-09
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
CVE-2020-17447
PUBLISHED: 2020-08-09
MyBB before 1.8.24 allows XSS because the visual editor mishandles [align], [size], [quote], and [font] in MyCode.
CVE-2020-16248
PUBLISHED: 2020-08-09
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability.
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.