​Ex-NSA bug bounty startup Synack lands $21m, eyes Australia for growth

Cybersecurity startup Synack has secured $21 million from Microsoft, HPE and Singtel to expand its presence in the Asia Pacific (APAC) region.

Synack, founded by two former NSA analysts, is looking to expand its crowd-sourced bug hunting platform in the APAC region on the back of $21.25 million it just raised in a series C round led by Microsoft Ventures, and joined by HPE and Singtel’s venture arm, Singtel Innov8.

Synack launched in 2013 to help organizations find and close new bugs in web sites by offering cash incentives to its closed network of whitehat hackers. The Synack Red Team offers a private, managed crowdsourced security testing service to organizations. The system differs from Google’s vulnerability rewards programs, which permit anyone from the public to report vulnerabilities in its software.

The new round brings Synack’s total raised to over $55m from backers that include GV, the venture arm of Google parent, Alphabet.

Synack said APAC has been “clamoring for new cybersecurity innovation” and will be entering the region to meet that demand.

The company says local hackers and businesses will see more attention from the company as a result of the funds.

"Australia is definitely a market of interest to Synack," said to Synack CEO and co-founder Jay Kaplan in an email to CSO Australia.

"We already have a number of Australian companies reaching out to us and we will pursue those. We also have a number of Australian hackers on the Synack Red Team. We attended Ruxcon for the last couple of years and will continue to recruit hackers, and customers, in Australia."

Synack's chief R&D officer Patrick Wardle, who specializes in Apple Mac hacking, spoke at the Melbourne Ruxcon conference in 2016 about reverse engineering Apple's desktop kernel and I/O kit drivers.

The company is also looking grow its network of hackers in Europe to meet an expected uptick in demand from organizations racing to comply with the EU’s General Data Protection Regulation deadlines, which comes into effect in May 2018.

The security company says it allows customers to take an offensive approach to security.

“The best defense is a good offense. Businesses can only stay one step ahead of the adversary by beating them at their own game,” said Kaplan.

“Bringing Microsoft Ventures, HPE and Singtel Innov8 on board highlights their ongoing investment in security for their products and customers. We have a shared vision for the future of cybersecurity and see a huge opportunity for alignment in platform development and scaling channels to market.”

The US Department of Defense recently awarded the security firm and fellow third-party bounty service provider, HackerOne, a deal to run a contract system to allow different parts of DoD to launch their own bug bounty challenges.

This followed the completion of the DoD’s Hack the Pentagon pilot bounty, which tested new ways the agency could contract for services. The pilot attracted 1,400 hackers and resulted in 138 previously undisclosed or zero-day flaws being discovered.

Venture capitalists have poured tens of millions of dollars into bug bounty service providers over the past year, eyeing growth in demand for third-party cybersecurity testing services as competition for cybersecurity skills heats up among traditional businesses that are building online assets.

HackerOne raised US$40 million in Series C in February, and Sydney-founded Bugcrowd raised US$15 million in Series B last April. HackerOne on Monday announced plans to new offices in Germany and the UK, and plans to boost its engineering team in the Netherlands.

Tags MicrosoftGooglesingtelnsaVCBugcrowdBug bountySynack

Show Comments