Government departments tend to be seen as “top shelf” IT customers. They tend to use larger providers, use more traditional delivery mechanisms and have a conservative approach towards newer ways of working. So, when Synack, a crowdsourced cybersecurity vendor, told me it secured a contract with the IRS, I was intrigued.
+ Also on Network World: How the government can help businesses fight cyber attacks +
First, a little bit about what Synack does: The company is following something of an ongoing trend in the security space in that it wrangles a bunch of “ethical hackers” to essentially try and break a client's IT systems. The idea being that those hackers can ply their trade, but instead of intruding onto organizations' IT systems out of malice, they can do so as a service (and, it must be added, for a payment). Founded in 2013 by former NSA security experts Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO, Synack feels very similar to HackerOne, a company now headed by Marten Mickos of MySQL fame.
Anyway, Synack plays the intermediary role between hacker and large organization, and it provides a sort of a Chinese wall whereby the client pays for a top-shelf, robust and professional service, and Synack takes the lead in managing operatives who, it must be admitted, are sometimes not the most savory of characters.
And that shielding of the “riff raff” seems to be working, at least when it comes to making clients feel comfortable with their service. Synack claims customers across banking and financial services, healthcare, consumer goods and retail, manufacturing, and technology.
Synack Government unveiled
And today the company adds another market: the U.S. government. It unveiled Synack Government, a new line of business dedicated to serving the needs of federal, state and local agencies. This product announcement follows Synack’s winning the U.S. government’s largest, crowdsourced vulnerability-discovery contract ever through the Hack the Pentagon program.
Not just words, however, the company also unveiled its $2 million contract with the U.S. IRS to pioneer a model in the government that proactively protects sensitive government and taxpayer data on the irs.gov domain. Synack is now officially unveiling an optimized solution, Crowd Security Intelligence Federal, to provide an adversarial perspective on the security of agencies’ sensitive, mission-critical IT assets.
“We are excited to see vital government bodies, like the IRS and [Department of Defense], move even more quickly than many enterprises to implement our innovative crowdsourced security approach,” Kaplan said. “As attackers and threats become savvier, the federal agencies are recognizing that advanced security is paramount. We’re rolling out our Synack Government solution to protect some of the most sensitive transactional data and mission-critical IT assets in the country.”
Of course, many will ask how this is different from any of the other numerous bug-bounty programs out there. Synack says it is different in that its model consists of the most rigorous vetting and tracking in the industry, ensuring the customer has continuous visibility and management over all Synack Red Team activities.
It’s certainly a real vote of confidence that the IRS is going this way. I don’t think for a minute that Synack replaces more traditional approaches to hacker protection. But as an additional tool, it looks very useful.
This article is published as part of the IDG Contributor Network. Want to Join?