QA Financial Forum New York | 15 May 2024 | BOOK TICKETS
Close this search box.

Synack pairs external attack surface testing with PTaaS

Dr. Mark Kuhr, Synack CTO and co-founder
Dr. Mark Kuhr, Synack CTO and co-founder

California-based security testing firm Synack has developed and launched a new security testing platform that is aimed at preventing AI-enabled cyberthreats that banks and other financial services firms increasingly face.

The company shared with QA Financial that its new “Attack Surface Discovery offering and scalable AI penetration testing can help overtaxed security teams to stay ahead of evolving threats.”

When asked to elaborate, Dr. Mark Kuhr, Synack CTO and co-founder, explained the solution runs tests that can identify external attack surfaces and can make that data actionable, pairing any discovery with Pentesting as a Service (PTaaS).

“This includes the discovery of new assets as testing candidates, user permissions via role-based access controls to groups of assets, continuous testing through a single platform, as well as a vulnerability triage, so a re-testing and root cause analysis,” Kuhr explained.

He stressed Synack identified a clear appetite for its product in the market as “security teams are still struggling to understand their attack surfaces and act on that data to improve their security posture.”

“PTaaS gives financial services organisations a fighting chance against attackers.”

Mark Kuhr

Recent research did show that less than one in ten financial services firms across North America monitor their whole attack surface, and the advent of AI-enabled cyberthreats is exposing additional gaps in defenders’ visibility.

External attack surface testing helps organisations identify and manage risks associated with internet-facing assets and systems.

“The speed of modern software development has reinforced the need for organisations to constantly check for new vulnerabilities, including in AI and large language model LLM applications,” Kuhr continued.

He pointed at the U.S. market, where, in the federal sector, agencies have adopted 1,200 current and planned AI use cases even as they “can’t effectively address AI risks,” the Government Accountability Office noted in a recent report.

Synack's Attack Surface Discovery offering slots into a cyclical continuous testing process depicted in a circular diagram
Synack’s Attack Surface offering slots into a cyclical continuous testing process depicted in a circular diagram

As threats have morphed, so has Synack, Kuhr was keen to stress.

Headquartered in Silicon Valley, with three regional teams around the world, Kuhr said that, last year, his company’s first Pentesting as a Service (PTaaS) platform uncovered more than 13,000 exploitable vulnerabilities.

“The expertise on the Synack extends to generative AI technologies that have added to the complexity of modern enterprise attack surfaces,” he concluded.

Stay up to date and receive our news, features and interviews for free

Our e-newsletter lands in your inbox every Friday. Sign up HERE in one simple step.