Security company Synack has a proposition for the hackers of the world.
The Menlo Park, Calif.-based company is putting a bounty out on the network and data security threats a business could face and will pay the best hackers to uncover them.
It’s a new approach to the omnipresent issue of how businesses can best secure their data and networks, and one that has netted the company $7.5 million in financing from investors led by Kleiner Perkins Caufield & Byers.
“Organizations have been ill-equipped to deal with their security challenges — especially in terms of locating and spotting security vulnerabilities. We bring together a global contingent of the top security experts worldwide and pay them on a bounty basis to discover security vulnerabilities in our customers,” says Jay Kaplan, Synack’s chief executive.
Kaplan and his co-founder chief technology officer Mark Kuhr previously worked at the National Security Agency as senior analysts, and have relied initially on their network of contacts to build out the first layer of security experts to test for vulnerabilities in corporate networks.
“We call them security researchers, but ultimately they’re ‘white hat’ hackers,” says Kaplan.”They’re hacking for good.”
Synack, named for one of the steps in the transmission control protocol, has developed a taxonomy for security breaches and pays out its bounties based on where a security threat that’s discovered falls within its classifications — basically discovering easy vulnerabilities pays less than rooting out more advanced threats.
“There are tools out there today that do automated scanning,” says Kaplan of the current crop of security offerings for businesses. “IT’s obvious that can only go so far. You need to get more creative than just trying to replicate what these attacks are.”
Not anyone can become one of Synack’s security experts. The company has a rigorous certification process, and has mainly been recruiting from inside the security community.
And the company is now finding a large talent pool coming from emerging markets, according to Kaplan. “[Security] is a pretty big space in underdeveloped countries and there are guys that are good at this stuff and the money that we’re paying is real money,” he says. Schlein even noted that the promise of making money legally through hacking might even make “some bad actors turn into good actors”.
Initially, the company’s ability to recruit widely enough was a concern for KPCB managing director Ted Schlein, who now sits on the Synack board. But given the company’s success in attracting a broad base of experts from around the world, Schlein says the only real hurdle for the business is wrapping up long-term contracts with big businesses. Schlein even noted that the promise of making money legally through hacking might even make “some bad actors turn into good actors”.
With the new Series A round from KPCB, new investor Google Ventures, and previous investors Greylock Partners, Allegis Capital, and Shape Security chief executive Derek Smith, Synack is aiming to further expand its network of experts and bring on a sales and marketing team to pitch its business to enterprise-class customers.
The company already has hundreds of experts in the network, Kaplan says, and would like to add hundreds more.
“I’m a big believer that crowdsourcing of information and intelligence is going to happen,” says Schlein. “In the enterprise the security profile changes every minute of every day.”
Photo via Flickr user Artiee