Case Study: EllisDon achieves proactive, data-driven application security and rapid vulnerability remediation with Synack

EllisDon - Customer Case Study

EllisDon, one of Canada’s largest general contractors, needed to secure Gate Three, its new construction ERP that centralizes real‑time project data across contractors and stakeholders. To find vulnerabilities before attackers could exploit them, EllisDon engaged Synack—initially using a Synack test engagement and then a Synack Crowdsourced Vulnerability Discovery subscription (powered by Synack’s Hydra platform)—to apply adversarial, crowd‑based testing to the Gate Three environment.

Synack’s vetted crowd (~75 researchers, >600 researcher hours) identified 16 vulnerabilities (including 6 high‑severity issues, average CVSS 6.6) and uncovered third‑party risks such as a legacy CRM; these findings led EllisDon to remediate flaws, switch platforms where needed, and strengthen CI quality gates (adding Sonar). The Synack platform gave EllisDon continuous visibility into testing coverage and attacker behavior, enabled prioritization of fixes, and introduced metrics like the Synack Attacker Resistance Score to track improvement—resulting in fixed vulnerabilities and a measurable uplift in security posture.

EllisDon

Gary Smith

VP Enterprise Tech Relations