Issue 7 2019
Acquisition International - Issue 7 2019 49 optimize the integration of humans and technology during security testing. LaunchPoint+ is an iteration on the company’s secure testing gateway with added researcher endpoint control and enhanced workspaces to support privacy for highly regulated environments. Synack customers also now receive superior analytics and reporting to understand their security testing metrics. Along with delivering ROI to executive boards, CISOs often have to convince the organization to adopt methods such as crowdsourcing and innovative technology platforms. Gartner predicts that by 2021, over 50% of organizations will be using crowdsourcing and automation to secure their assets. Security leaders know that their jobs aren’t just to be compliant when it comes to penetration testing; they need to be able to truly protect their businesses, their brand reputation, and their customers. Amongst more than 1000 American contributors to the 2018 Edelman Trust Barometer report, trust in businesses came in at a paltry 49%. None of the top brands in a poll of 1000 American consumers scored more than 6 out of 10 in terms of trust. In a world where trust in even the most well-regarded brands is so low, what happens when companies start thinking about trust as their key differentiating strategy, and put security at the center of their value proposition? There is a huge opportunity for trust-minded companies to capture market share, increase customer loyalty, and up their brand value, using security as the fulcrum. Today’s digital business environment requires trust be built into an organization from the ground up, starting with the individual digital assets that makes up a company. Building secure assets ensures that the business can create trusted products and deliver on their brand promise, and by extension, that the customer will trust the business. For a defense company, this could mean delivering cloud services that host and protect data on behalf of their national security clients, and no one else. For a consumer company such as Domino’s, this could mean building pizza delivery apps and infrastructure that uphold the brand’s “30 minutes or less” delivery promise. Synack helps CISOs ensure trust by showing them how their security is performing and whether their investments are paying off through powerful “Trust metrics” measured by their Attacker Resistance Score. “It’s all about measurement,” says Home Depot CISO Stephen Ward, in remarks quoted in “The 2019 Trust Report,” released by Synack. “CISOs need a way to present security to their executive team and board in a way that clearly demonstrates and measures business risk to the organization. The executive team doesn’t want to talk about security — they want to talk about risk.” To accompany this new mindset shift towards trust, Synack released their 2019 Trust report earlier this year, saying “Trust has a Number.” The report is the first of its kind to actually quantify organizations’ trust at the asset level, from a hackers’ perspective, and measure security performance over time. Synack gathered and analyzed our unique crowdsourced penetration testing data based on thousands of tests on assets owned by hundreds of companies across nine industries over several years to generate this report. Synack’s penetration testing data and interviews with dozens of executives clearly argued that getting to trust is critical for business success. Here are some of the 2019 Trust Report highlights: • Manufacturing & Critical Infrastructure and Financial Services lead the way as most Trusted Industries. • Security teams are making progress! They are enhancing the trust of their organizations, but it requires dedicated practice – Up to 200% higher Attacker Resistance Scores among those • organizations that work to improve their attacker resistance for 2+ years versus <1 year. • Continuous, rather than point-in-time, penetration testing has a greater impact on security – 43% higher Attacker Resistance Scores on average among organizations that practice continuous vs. point-in-time penetration testing. • Organizations with the highest Synack Attacker Resistance Scores are: 1) making it harder for attackers to find vulnerabilities, 2) integrating security testing into the SDLC to reduce the cost of vulnerabilities, and 3) remediating security issues quickly. Synack’s innovative crowdsourced penetration testing platform recognizes that the intersection of a crowd and technology is a critical part of smart security testing. Neither machines nor humans are as effective on their own as they are together – it is important to couple the two together in a trusted way. Synack’s enhanced tests are building trust between humans and machines and providing smarter security to customers. The more examples we see of humans trusting machines to augment their capabilities, the wider the scope of problems we can solve. Synack helps customers secure their apps just as often as they update and create new code, by implementing security on a continuous cadence through the optimization of the Synack Red Team and smart technology. Innovative Crowdsourced Penetration Testing
Made with FlippingBook
RkJQdWJsaXNoZXIy NTY1MjI4