Listen to this articleBelow is our recent interview with Daniel Sharabi, VP of Marketing at Reflectiz:
Q: Could you provide our readers with a brief introduction to Reflectiz?
A: Reflectiz is a cybersecurity company specializing in web exposure management. Years of research by infosec experts have gone into the creation of our cutting-edge platform, which global companies now rely on to keep their websites safe. We offer a suite of powerful cybersecurity tools gathered within a user-friendly dashboard. It empowers online businesses to continuously monitor both their websites and the applications they rely on so they can quickly identify and resolve security threats and privacy issues before they can become a problem.
This proactive approach allows for the swift identification and resolution of security threats and privacy issues before they escalate. What sets Reflectiz apart is its unique ability to uncover blind spots often overlooked by traditional tools. Additionally, Reflectiz is the only solution that maps all website components and conducts behavioral analysis remotely, showcasing our technological strength.
Q: Who is your ideal client and why?
A: That would be any business that processes significant amounts of personal and payment data information via their websites. In practice this tends to mean companies catering to the banking, insurance, and healthcare industries. They’re handling a lot of personal data, and this needs to be kept secure in ways that comply with strict privacy and security regulations. The same is true of online retail businesses too, so the ones offering things like e-ticketing, online food, travel, and so on. Any company selling goods and services via their website will naturally require their customers to fill in payment information forms, and protecting these potential weak-points from things like malicious tampering, keylogging, or just inadvertent misconfigurations is where Reflectiz excels.
If the company needs to protect its customers’ data from a wide range of malicious attacks, safeguard their digital assets against leaks and help them maintain compliance with PCI-DSS v4, then they’re an ideal client for Reflectiz, and this is the kind of profile we see in our client base. The typical Reflectiz client sits somewhere between the level of medium-sized business and global enterprise. So, while Reflectiz is the perfect fit for global companies with numerous web assets due to the ability to manage complex global web environments, it’s just as capable of protecting a single website from cyberattacks and shielding it from privacy risks too.
Q: Can you tell us more about your product?
A: Websites now rely on dozens, if not hundreds of first-, third-, and fourth-party apps and scripts, external services, host code on CDN repositories, and open-source tools, to offer all the features that their customers want. A ‘first-party’ app means one that you created in house. Third- and fourth-party apps are externally-controlled and could change without you knowing. They are created by external companies and so they’ve harder to vouch for, and cybercriminals often try to exploit them to gain access to the information our clients handle on behalf of their customers. Reflectiz is designed to give clients complete oversight of what’s going on with all the apps in their online ecosystems, but in a way that doesn’t overwhelm them.
Another thing we can say about Reflectiz is that it’s unique. Many other security solutions do things like use JavaScript to solve JavaScript problems, but this can limit their capabilities. In contrast, we’ve taken a ‘sandbox’ approach, so the platform scans our clients’ websites and their connected assets remotely. It maps the whole digital supply chain and creates a behavioral blueprint for all connected digital assets. It can then detect any malicious code changes and unusual behavior, as well as tell when data is being sent to suspicious destinations.
Not only is this sandbox approach effective, it also doesn’t add any complexity to the website, which means it won’t affect website performance, and won’t access your website data.
Clients tell us that they value our proactive approach because it’s highly effective against a variety of web threats. By introducing preemptive security measures, Reflectiz can prevent security threats from gaining a foothold and escalating into active risks. Our system uses advanced risk prioritization methods that guide users on what they need to address first. The ability to identify and rank potential threats in order of severity helps security teams focus on the most critical issues. This approach also reduces alert fatigue, making security personnel more effective.
Q: What can we expect from Reflectiz in the next 6 months? What are your plans?
A: At Reflectiz we are working to establish the brand as an authority in web continuous threat exposure management [web CTEM], which is the name of a new framework coined by Gartner. It signifies a shift in security – moving beyond merely fixing vulnerabilities to preemptive exposure management for complex websites.
Over the next six months, we will also be adding extra capabilities for discovering new web assets to expand our offering and improving our prioritization capabilities that will help organizations to get better security choices, both of which are among the most important security considerations under the web CTEM approach.
To that end, we’ll be adding new capabilities in 2024, and the first of these is an advanced dynamic exposure grading system that draws on the most common risk factors to assess the risk exposure levels of clients’ websites. We’ve amassed a huge amount of data by monitoring thousands of top-performing sites and this has allowed us to create an industry-based benchmark. This enables the comparison of clients’ websites to leading websites in their specific field, giving them valuable insights into their security posture.
Q: What is the best thing about Reflectiz that people might not know about?
A: Reflectiz was founded by two infosec experts with years of experience who understand the bad impact of overwhelming organizations with redundant alerts. They recognize the inefficiency of running security teams in such an environment. As a result, Reflectiz focuses on reducing alerts by conducting a thorough security baseline for approved and unapproved web app behaviors and utilizing advanced risk prioritization capabilities. With this approach in mind, Reflectiz measures improvements in its platform by decreasing the number of alerts created, rather than increasing them.
