As companies migrate their computing infrastructure to the cloud, a whole new batch of security concerns arise. The Heartbleed bug that has caused so many headaches among companies on the Web in recent weeks is an example of the sort of unforeseen vulnerability that makes CIOs reach for their antacids.
In many cases they’re getting over it and making the move anyway, though the worries haven’t evaporated. But a new generation of security companies are evolving and getting ready to help them. One of them, a startup called Synack, today announced that it has raised $7.5 million in a round led by Kleiner Perkins. Ted Schlein, a general partner at Kleiner, led the deal.
Other investors included Google Ventures, Greylock Partners, Allegis Capital and Derek Smith, the CEO of Shape Security, which is itself a new security startup with funding from Kleiner. Synack previously raised a $1.5 million seed round.
Synack’s CEO is Jay Kaplan, who spent four years as an analyst with the U.S. National Security Agency. It was at the agency’s headquarters in Fort Meade, Md., that he met co-founder Mark Kuhr. They left the agency together in early 2013 and formed Synack shortly thereafter. Their plan is basically to build an army of skilled, closely vetted hackers who will probe the Web for new security vulnerabilities. “We’re bringing together a set of diverse skill sets, people who are really good at what they do,” Kaplan told me. “The point is to find these security problems before they become business problems.”
Most run-of-the-mill attacks are automated, essentially computer programs that probe many targets at once for one of many known vulnerabilities. And to a certain extent defending against them is automated too. But the newest and most advanced attack techniques are hard to program a computer to recognize because they haven’t been seen before.
The migration to a cloud infrastructure presents one of those opportunities for new kinds of unanticipated vulnerabilities. “Generally speaking, organizations are not well-equipped to deal with these new security vulnerabilities.”
That’s where the human element comes in, Kaplan says. Synack’s army of researchers will push the boundaries and find the undiscovered flaws — perhaps the next Heartbleed? — and help the company’s clients find and fix them in their own infrastructure before they become widely known by would-be attackers.
The company hasn’t disclosed any customers — security companies almost never do — but Kaplan says it is working with several firms in the financial services, health care, education and retail sectors. Part of the new funding will help cover the cost of recruiting more researchers.