Security testing platform Synack raises $7.5M

Steven Loeb · April 24, 2014 · Short URL: https://vator.tv/n/3682

Synack recruits security experts, and pays them to find vulnerabilities and holes in client systems

With the heartbleed bug making headlines, and retailers like Target, Neiman Marcus and Michaels all have their system hacked, its a pretty unnerving time for most people. We have to think twice before trusting websites with our information, and brick and mortar stores with our credit cards.

This is also becoming a pretty heady time for anyone in the security space. Our loss is their gain, and multiple companies in the security space have begun raising money as the world becomes hyper aware of the need for their services.

The latest company to raise funding is Synack, a startup that has created a system to safely crowdsource security testing, has raised $7.5 million in Series A funding, it was announced on Thursday.

The round was led by Kleiner Perkins Caufield & Byers (KPCB), with new participation from Google Ventures and existing investors Greylock Partners, Allegis Capital, and Derek Smith, the CEO of Shape Security. 

Synack has previously raised a $1.5 million seed round financing from Kleiner Perkins Caufield & Byers, Greylock Partners, Wing Venture Partners, Allegis Capital, and Derek Smith in August of last year, bringing its total raised to $9 million.

Founded in March of last year, Synack takes a unique approach to trying to prevent security attacks: it recruits top security experts from around the world, brings them together onto a centralized platform and pays them on a bounty basis to find vulnerabilities in the security systems of its clients.

"There was a huge need for a new model for performance assessment. When it came to Web apps, mobile apps, host based infrastructure, it was perfectly clear that the current models were not scaling, and where the fundamental security holes are," Jay Kaplan, CEO of Synack, who also spent four years focusing on offensive cyber security at the NSA, told me in an interview.

The company currently employs hundreds of researchers, many of whom are moonlighting, to comb through the system, getting paid anywhere between hundreds and thousands of dollars to find risks and holes. They only get paid if they find a security issues, and the bigger the issue the more they get paid.

For example, if they find a problem that compromises a customer database that will pay higher than more basic security holes. This system, Kaplan, said, forces them to "think creatively when looking at different problems."

Of course, the company does not let just anyone gain access to these systems. There is a vetting process, Kaplan explained, where the company assess their skills,  and performs background and identification checks. Plus Synack is able to monitor all traffic through the infrastructure, and can shut the researcher down if anything goes wrong. 

From the customer perspective, you might think that they would be weary of opening up their systems, but Kaplan says that many are happy to because "they are being attacked all the time anyway," plus they get to gain leverage that they would not have been able to if they did security checks in house.

In fact, according to Kaplan, customers have been so happy with the results of these findings that many have actually asked if they could hire the researcher who found the holes in their system. Synack, however, keeps everyone's name anonymous.

"We find severe vulnerabilities within minutes, including compromised databases, compromise customer networks," said Kaplan. "The innovation of researchers to find problems allows them to react quickly, and offer them mechanisms to react, assistance, and recommendations to mitigate those problems."

The company will use its new funding to build out its technology to supplement its engagements and combine it with the human touch that the company brings.

It will also go toward doubling the number of employees the company has from 15 to 30, with roughly half of those being engineering talent, and the rest in sales and marketing, and community management.

"It's Important to not that there is never going to be silver bullet that solves every issue, so we have to innovate," Kaplan said. "Our solution is a fundamentally needed service that is essential for any holistic security program." 

The security space

As I said above, the security space has seen a lot of movement in the just the last few months alone, with numerous companies in the space raising new money.

In February, cyber security company Shape Security raised $40 million in Series C funding; Cybereason, a platform that proactively detects, and stops, security threats emerged from stealth mode with $4.6 million;  cloud security company Elastica came out of stealth with $6.3 million; and cloud security company Apparity raised $8 million in an oversubscribed Series A round.

In March, Wickr, a communications app that focuses on security, raised $9 million in Series A funding. The company also began selling its security technology to app developers.

In addition, smart home security system Canary raised a $10 million Series A; Niara, a stealth enterprise security company, raised $9 million in funding; Verdasys, a security firm that specializes in endpoint data protection, raised $12 million; TrueVault, a healthcare app data security startup, raised $2.5 million in funding; and Network security startup Vectra Netoworks raised $17.8 million in funding.

Also, software security company Palo Alto Networks entered into an agreement to purchase Cyvera, a privately held cybersecurity company, for the price of around $200 million.

Support VatorNews by Donating

Read more from our "Trends and news" series

More episodes

Related Companies, Investors, and Entrepreneurs

Cybereason

Startup/Business

Joined Vator on

Cybereason delivers a proprietary technology platform that automatically uncovers malicious operations (Malops™) and reconstructs them as a clear image of a cyberattack in context. This enables enterprises to discover sophisticated targeted threats at a very early stage, disrupt them at the stem and significantly reduce the costs and damages caused by such attacks. Cybereason is headquartered in Cambridge, MA with offices in Tel Aviv, Israel. For more information, please visit www.cybereason.com, www.twitter.com/Cybereason, www.facebook.com/Cybereason, and www.linkedin.com/company/Cybereason.