Jason Landry
Senior Solutions Marketing Manager, Ixia
Blog

Before You Hire a Hacker, Use a Robo Hacker

February 19, 2016 by Jason Landry

With security a top priority, it’s no wonder companies pay hackers to discover security holes in their websites, software, and networks. It makes perfect sense and actually puts free markets around notoriously shady activities. If you are thinking of hiring a hacker, there are a few options. You can employ a hacker full-time or part-time, but this is generally only possible if you are a very large enterprise or a government agency. Another viable option, no matter your organization’s size, is to utilize a bug bounty platform such as hackerone. But before you start paying hackers, you must test your network and applications using a robo hacker like Ixia’s BreakingPoint. Otherwise, you risk being inundated with expensive submissions from the hackers you hire.

What is a Robo Hacker?

A robo hacker is software or hardware that can mimic things like exploits, malware, and DDoS attacks all while simulating legitimate traffic. It allows you to perform application and security tests to see how your applications stand up to the stability, accuracy, and quality you expect. BreakingPoint tests applications and security using intelligence collected and compiled by Ixia’s Application and Threat Intelligence team and delivers these intelligence updates every 2 weeks. To date, it includes more than 290 stateful application protocols and more than 36,000 live malware samples. Find a problem? Fix it. Test it again. Repeat. If a robo hacker can’t get past your application and network, you can safely hire a human hacker.

How do I hire a hacker?

Today, there are more than 475 bug bounty programs. They are all a little different with some offering public notoriety, cash incentives, and things with intrinsic value like airline miles. Some are limited in scope by bugs or vulnerabilities accepted. Some are private, invitation only. The key is that bug bounty programs don’t have to cost your organization a fortune. Remember, developing a bug bounty program creates a win-win for companies and hackers. When your organization is ready, Inc. Magazine has compiled some great tips in the following article: Want to Beat Hackers Once and for All? Hire One Yourself.

How do hackers make money?

There are markets for hackers with a conscience to exit the shadows and put their skills to use for good as a white hat hacker. Find a small bug, get paid a little. Find a gigantic bug and get rewarded big time. Companies like Yahoo!, Twitter, Adobe, and Square will pay you if you find a security flaw or bug. Bigger bounty programs run by companies like Facebook and Google have paid out millions over the program’s lifetime. Hackers will likely be drawn to the biggest opportunities. According to my calculations from data found on the hackerone homepage, the average bounty is about $335. However, bugs for serious flaws pay tens of thousands of dollars and sometimes could even land you a job.

For more information about the Ixia BreakingPoint solution so you can test your network, click here.