An astounding 82% of organizations believe they have experienced at least one data breach due to digital transformation, according to a recent survey. Fast paced cloud migrations have created new risks and challenges that require continuous monitoring of your digital assets. Attackers are now scanning for vulnerable endpoints within 15 minutes. Zero day vulnerabilities like Log4j are more frequent and difficult to address. Though the likelihood of a breach has never been higher, security teams still may be unable to commit to a full year of security testing due to a need for flexibility in developing and implementing a continuous testing strategy.

Synack is now offering Synack90, a 90-day pentest, as a new way for organizations to make meaningful progress toward implementing a continuous pentesting strategy.

What is Synack90? 

Synack90 includes 90 days of Synack Red Team (SRT) open vulnerability discovery (OVD) penetration testing combined with the machine power of SmartScan, a scanner that sniffs out vulnerabilities. The offering also includes access to the Synack Platform for the duration of their contract, which means the ability to launch on-demand security tasks such as OSINT, zero day response and compliance checklists like NIST 800-53 or OWASP at the click of a button. 

How does Synack90 work? 

Synack provides a customer success resource that leads a kick off call. After an initial kickoff call, SRT testing and DAST scanning will kick off for a 90-day period. All SRT vulnerability reports are triaged by our Vulnerability Operations team. Synack provides reporting on actionable, exploitable vulnerabilities in real-time through the client portal, which customers can easily operationalize through the API, RBAC and ticketing integrations. Synack90 also includes patch verification for 90 days, which can drastically reduce time to remediate vulnerabilities during the testing period. 

The benefits of continuous pentesting with Synack90

Many security teams are evolving toward a continuous pentesting model. There’s a number of reasons for the shift:

  • Flexibility – Synack90 can only be purchased with credits, which means it can be launched at any time in the one-year window of the contract. Additionally, any customer that has existing credits can launch a Synack90 with their credit balance without starting a new contract.  
  • Cloud security – Digital transformation and new hybrid, multi-cloud environments expand and complicate your attack surface. Synack can test dynamic IPs across most major providers to make sure you are on top of any risks. 
  • Discover shadow IT –  Synack also offers OSINT and threat modeling to help inform your testing plans. Attack surfaces are changing and shadow IT is a concern. Testing continuously allows you to discover risks on unknown assets before your adversaries.
  • Security and compliance – Synack90 still meets regulatory requirements while providing more coverage than a 14-day pentest. For a limited time, customers can purchase a web checklist at a 50% discount and run it during the 90-day testing period for a more structured testing experience. 
  • Catch exploitable vulnerabilities before attackers – Unlimited re-testing of vulnerabilities ensures that vulnerabilities actually get patched and aren’t exploited by nefarious actors.

Launch Synack90 Today 

Synack customers are interested in Synack90 for a number of reasons, including testing high priority applications, fulfilling compliance obligations, discovering the value of continuous testing, and testing cloud services. Synack is providing an extra incentive with the launch of Synack90 that includes our Digital Reconnaissance or Web Premium checklist at a 50% discount when purchased with Synack90. Interested in Synack90? Read the full data sheet or contact us

Posted by Charlie