Hi [[ session.user.profile.firstName ]]

Synack

  • Date
  • Rating
  • Views
  • Penetration Testing or Vulnerability Scanning - Aren’t they the same thing?
    Penetration Testing or Vulnerability Scanning - Aren’t they the same thing?
    Mike Larmie, Federal Solutions Architect, Synack Recorded: Dec 18 2018 53 mins
    Take a look behind the curtain and decide for yourself. Join government security expert Mike Larmie as he breaks down the key differences. He will share what your agency needs to know to make sure your security program is both identifying vulnerabilities and reducing risk of exploit. He will cover the techniques, tools, and tradecraft of each, as well as common questions such as:

    -Who performs the services?
    -How often do they run in a network environment?
    -What’s covered in their data output and reporting?
    -What’s their value?

    Mike will present how government agencies are reinventing how they conduct security testing to achieve greater efficiency and ROI. Learn how your agency’s security team CAN achieve security without compromise.

    BIO: Mike Larmie, Federal Solutions Architect at Synack has more than 20 years of IT Security Experience, and has been involved with countless missions within the DoD, Intel and Civilian Federal Agencies. He has a wealth of experience having worked at companies such as Tenable, Sourcefire, Rapid7, Infoblox, G2 and others.
  • The Complete Guide to Crowdsourced Security Testing
    The Complete Guide to Crowdsourced Security Testing
    Rajesh Krishnan, Product Marketing, Synack Recorded: Dec 13 2018 22 mins
    Adoption of bug bounty programs has doubled in the past 3 years, shining a light on crowdsourced security testing options. The bug bounty model, which incentivizes a crowd of creative hackers to probe organizations’ digital assets for exploitable vulnerabilities, has proven quite effective. However, not all crowdsourced testing programs are equal. All programs crowdsource hackers, most incorporate levels of controls for trust and accountability, and some use testing data to help break down testing coverage levels and risk management.

    Join this webinar to learn:
    - Why crowdsourcing hackers and bug bounty is trending
    - Who these crowdsourced hackers are and what they do
    - Where crowdsourced security programs differ
    - How to decide what crowdsourced programs best fit your organization
    - Where the future of crowdsourced security is heading
  • Why your penetration tests in 2018 were a let down and best practices for 2019
    Why your penetration tests in 2018 were a let down and best practices for 2019
    Quoc Dang, Andy Condliffe, Synack EMEA Recorded: Dec 5 2018 53 mins
    You know that standard penetration tests delivered by the BIG 5 misses the mark when it comes to protecting the new needs of the cyber-secure, agile, data-driven organisation. You probably run them once or thrice a year to tick a compliance box or because your superiors have told you to do so. Why settle for the old way of doing a penetration test performed by a couple of junior testers only to wait weeks for the reports and be disappointed with the results? Join the Synack EMEA team for an upcoming webinar where we will share how crowdsourced security testing is modernizing the pen test for agile, data-driven organisations who need, more than ever, to be secure. We will cover:

    What's wrong with traditional penetration tests
    Why smarter, innovative organizations adopt a continuous, crowdsourced approach to security testing
    How the use of AI, bug bounty and smart technology transforms testing results
    When you can started your own crowdsourced security testing
  • Beyond Bug Bounty in Financial Services
    Beyond Bug Bounty in Financial Services
    Karl Schimmeck, Morgan Stanley; Jay Kaplan, Synack; Mikhail Sosonkin, Synack Red Team; Sean Sposito, Javelin Strategies Recorded: Nov 7 2018 60 mins
    Penetration testing is not a new concept – and that’s the problem, especially for financial institutions working to protect their financial assets and customer data in a modern, digital economy.

    Banks, credit card companies, digital currency exchanges, and other financial institutions from the Fortune 500 to early stage companies are turning to crowdsourced security to get beyond penetration testing and achieve both real security and compliance.

    Karl Schimmeck, Executive Director, Global Head of Vulnerability Management at Morgan Stanley, recently took the stage with Jay Kaplan, CEO & Co-Founder of Synack, and Mikhail Sosonkin, Synack Red Team member, at leading payments conference Money20/20 to talk about how the industry is conducting more aggressive security testing in a controlled, efficient, results-oriented way.
  • Security & Democracy: Collaborating on Election Security
    Security & Democracy: Collaborating on Election Security
    Chris Krebs and tech leaders Synack, Microsoft, and Cloudflare Recorded: Nov 6 2018 55 mins
    Under Secretary for the Department of Homeland Security’s National Protection and Programs Directorate (NPPD) Chris Krebs and tech leaders Synack, Microsoft, and Cloudflare came together in Washington D.C. today through a “Security and Democracy” event convened by TheBridge. This event brought together private companies who are driving election security initiatives with the Department of Homeland Security to discuss the election threat landscape, the progress of public-private collaboration efforts to secure the election process, and the future outlook on local elections and election security.
  • Offensive Security Testing for SAP HANA and Fiori Apps; why you are at risk ...
    Offensive Security Testing for SAP HANA and Fiori Apps; why you are at risk ...
    Ron Peeters, Synack; Uemit Uezdurmus; SAP; Holger Stumm, CEO of LOG2 Recorded: Nov 6 2018 59 mins
    SAP HANA environments have complex architectures with large attack surfaces and many potential breach points. They are often exposed and external facing to a large extent i.e. SAP FIORI Apps. Traditional compliance-based pen tests and vulnerability scanning simply aren’t able to mimic sophisticated cyber attacks in order to find and fix exploitable vulnerabilities. This puts your organization at great risk of being compromised, data breaches and GDPR violations. So what are the options?

    Join this session as we outline the need for a smarter security testing solution that is offensive, mimics attacker behaviour, reduces your attack surface, and lowers vulnerabilities against sophisticated attacks. We will cover:

    How a crowd of elite security testers can be deployed rapidly to uncover serious vulnerabilities in your external facing SAP applications
    How a continuous offensive security approach to your SAP landscape is needed in support of modern agile SDLC / DevOps environments

    Presented by:

    – Uemit Uezdurmus, Global Head of SAP Managed Security Services, SAP

    – Holger Stumm, CEO of LOG2, a Germany based specialist in SAP security testing for 30+ years

    – Ron Peeters, Managing Director EMEA of Synack, a Silicon Valley based leader in Offensive Security Testing.
  • TAG Cyber Interview: The Future of Penetration Testing
    TAG Cyber Interview: The Future of Penetration Testing
    Jay Kaplan, CEO, Synack& Ed Amoroso, Tag Cyber Recorded: Oct 8 2018 23 mins
    Synack Co-Founder and CEO Jay Kaplan talks about the past, present, and future of the company with Ed Amoroso of Tag Cyber.
  • Bringing Hacker-Powered Security Testing to DevOps SDLC
    Bringing Hacker-Powered Security Testing to DevOps SDLC
    Andy Condliffe, Solution Architect EMEA, Synack Recorded: Sep 27 2018 51 mins
    DevOps allows organizations to bring web, mobile, and IoT applications to life faster than traditional SDLC models. However, continuous releases and updates introduce new risks by the way of exploitable vulnerabilities that are introduced and left undetected and unresolved/unpatched in the production stream.

    Traditional point-in-time penetration tests can’t keep up with the frequency and short deployment cycles of the modern DevOps organization. Traditional pen tests are usually conducted through checklist-based activities that lack the comprehensiveness to mimic and defend against sophisticated cyber attacks. The result? An increase in serious, exploitable vulnerabilities in live applications and a slew of high-profile breaches..

    Leading enterprise organizations are utilizing a crowdsourced security testing platform that combines continuous vulnerability scanning tools with manual, crowdsourced human security testing. This model of offensive and adversarial-based testing delivers realistic attack traffic on customers’ applications, resulting in effective vulnerability discovery and management and “smart” security intelligence without compromising security and control. Scalable and controlled crowdsourced testing at a continuous cadence is the answer for secure DevOps SDLC.

    Join this session by Andy Condliffe of Synack EMEA as he shares how Synack can help lower the risks of dynamic deployments with a continuous, human, offensive security testing model that’s better suited for the modern DevOps organization
  • The Complete Guide to Responsible Disclosure Programs
    The Complete Guide to Responsible Disclosure Programs
    Rajesh Krishnan, Product Marketing, Synack. Recorded: Sep 25 2018 28 mins
    To beat criminal hackers, it helps to have ethical ones on your side. Responsible Disclosure Programs - where companies invite suspected security vulnerability reports from the public - have been on the rise in the past few years. Should your company consider Responsible Disclosure? Learn more about the ins and outs of these types of programs and how they can differ in the level of liability and management incurred. Technical. Social, Legal, and other indicators will all be raised.
  • Penetration Testing or Vulnerability Scanning - Aren’t they the same thing?
    Penetration Testing or Vulnerability Scanning - Aren’t they the same thing?
    Mike Larmie, Federal Solutions Architect, Synack Recorded: Jul 24 2018 53 mins
    Take a look behind the curtain and decide for yourself. Join government security expert Mike Larmie as he breaks down the key differences. He will share what your agency needs to know to make sure your security program is both identifying vulnerabilities and reducing risk of exploit. He will cover the techniques, tools, and tradecraft of each, as well as common questions such as:

    -Who performs the services?
    -How often do they run in a network environment?
    -What’s covered in their data output and reporting?
    -What’s their value?

    Mike will present how government agencies are reinventing how they conduct security testing to achieve greater efficiency and ROI. Learn how your agency’s security team CAN achieve security without compromise.

    BIO: Mike Larmie, Federal Solutions Architect at Synack has more than 20 years of IT Security Experience, and has been involved with countless missions within the DoD, Intel and Civilian Federal Agencies. He has a wealth of experience having worked at companies such as Tenable, Sourcefire, Rapid7, Infoblox, G2 and others.

Embed in website or blog