Sign up to save your podcasts
Or
Share Reblazing Web Security, Announcing a New Product, and Listening to Records with Tzury Bar Yochay from Reblaze
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Reblazing Web Security, Announcing a New Product, and Listening to Records with Tzury Bar Yochay from Reblaze
Web applications contain sensitive data like user information, financial data, and intellectual property. That data is valuable and alluring to malicious attackers. Cyber attackers looking for vulnerabilities and weak spots to gain unauthorized access for stealing data keep web applications under constant threat.
Web applications have had security issues since their beginning. The deployment of new protocols and technologies circumvented many of them, but an alarming number of applications are still unprotected from an even more alarming number of vulnerabilities.
Protecting web applications and traffic is imperative in the current threat landscape. A solution that encompasses different approaches is crucial in web application security. Tzury Bar Yochay recognized the issues that come with existing web application security solutions and set out to create a single-tenant cloud-based platform that provides next-gen WAF, DDoS protection, bot management, and API-security.
Reblaze started 10 years ago in Tel Aviv, Israel, and now has offices in the US and Singapore. While working with bigger companies, they continue to bring innovation to the web security field. We met with Tzury (while social distancing) to learn more about the vision behind Reblaze and how they were able to "Reblaze" web security. We even got to be the first to hear about an exciting new project - Curiefense and got a glimpse into Tzury's impressive record collection.
**Securitytrails: Hi Tzury! Tell our readers a little bit about yourself and your background. (We here at ST already know, since you have been here from the start, as far back as one of the early ST meetups in LA!)**
**Tzury Bar Yochay:** Right on, that was the Manhattan Beach take on Silicon Valley. An AirBnB apartment where the ST team gathered to work on the product in its early days.
I started Reblaze after several intensive years as a cybersecurity consultant in the intelligence community, working for three-letter agencies. Back then, setting up a WAF was a complex process, installing an appliance within the datacenter. Maintaining it was an even more complex task.
For DDoS protection you needed a different vendor, and the solution was either an appliance or a scrubbing center. Unfortunately, even the best solutions weren't providing full protection against attackers. For example, DDoS solutions tended to perform poorly on layer 7 (HTTP), and true human/bot detection did not exist. My idea was to set up a PaaS platform that would provide all those capabilities on top of a reverse proxy, while leveraging cloud capabilities just emerging at that time.
We looked around and found there were only two companies with a similar concept, CloudFlare and Incapsula. However, we compared them to our prototype design and saw they had three key deficiencies — they deployed their own stacks on data centers, their systems were multi-tenant on both ends (runtime and management console), and they had only rudimentary bot-detection capabilities. Conversely, our system deploys on public clouds (for example, AWS), is single-tenant (each customer gets a dedicated Virtual Private Cloud), and at the time, seemed to be the only one that could detect headless browsers and analyze user-generated events, such as mouse movements, keyboard strokes, and touch-screen taps.
Even though there was competition, we knew we could do better, and we created the Reblaze platform.
**While bootstrapping sounds like a risky thing to do for many companies just starting out (and it is), most companies we know bootstrapped at some point. Reblaze did as well. What have you learned and what were the key takeaways from the experience?**
**Tzury:** I can't speak for others, but for us it was the organic path to walk. We saw a problem, a growing problem, that we wanted to solve, so we dedicated ourselves to solving it. Once we had an MVP, we wanted to test it and get immediate real-world feedback. We found the new paying ...
View all episodes
By SecurityTrailsWeb applications contain sensitive data like user information, financial data, and intellectual property. That data is valuable and alluring to malicious attackers. Cyber attackers looking for vulnerabilities and weak spots to gain unauthorized access for stealing data keep web applications under constant threat.
Web applications have had security issues since their beginning. The deployment of new protocols and technologies circumvented many of them, but an alarming number of applications are still unprotected from an even more alarming number of vulnerabilities.
Protecting web applications and traffic is imperative in the current threat landscape. A solution that encompasses different approaches is crucial in web application security. Tzury Bar Yochay recognized the issues that come with existing web application security solutions and set out to create a single-tenant cloud-based platform that provides next-gen WAF, DDoS protection, bot management, and API-security.
Reblaze started 10 years ago in Tel Aviv, Israel, and now has offices in the US and Singapore. While working with bigger companies, they continue to bring innovation to the web security field. We met with Tzury (while social distancing) to learn more about the vision behind Reblaze and how they were able to "Reblaze" web security. We even got to be the first to hear about an exciting new project - Curiefense and got a glimpse into Tzury's impressive record collection.
**Securitytrails: Hi Tzury! Tell our readers a little bit about yourself and your background. (We here at ST already know, since you have been here from the start, as far back as one of the early ST meetups in LA!)**
**Tzury Bar Yochay:** Right on, that was the Manhattan Beach take on Silicon Valley. An AirBnB apartment where the ST team gathered to work on the product in its early days.
I started Reblaze after several intensive years as a cybersecurity consultant in the intelligence community, working for three-letter agencies. Back then, setting up a WAF was a complex process, installing an appliance within the datacenter. Maintaining it was an even more complex task.
For DDoS protection you needed a different vendor, and the solution was either an appliance or a scrubbing center. Unfortunately, even the best solutions weren't providing full protection against attackers. For example, DDoS solutions tended to perform poorly on layer 7 (HTTP), and true human/bot detection did not exist. My idea was to set up a PaaS platform that would provide all those capabilities on top of a reverse proxy, while leveraging cloud capabilities just emerging at that time.
We looked around and found there were only two companies with a similar concept, CloudFlare and Incapsula. However, we compared them to our prototype design and saw they had three key deficiencies — they deployed their own stacks on data centers, their systems were multi-tenant on both ends (runtime and management console), and they had only rudimentary bot-detection capabilities. Conversely, our system deploys on public clouds (for example, AWS), is single-tenant (each customer gets a dedicated Virtual Private Cloud), and at the time, seemed to be the only one that could detect headless browsers and analyze user-generated events, such as mouse movements, keyboard strokes, and touch-screen taps.
Even though there was competition, we knew we could do better, and we created the Reblaze platform.
**While bootstrapping sounds like a risky thing to do for many companies just starting out (and it is), most companies we know bootstrapped at some point. Reblaze did as well. What have you learned and what were the key takeaways from the experience?**
**Tzury:** I can't speak for others, but for us it was the organic path to walk. We saw a problem, a growing problem, that we wanted to solve, so we dedicated ourselves to solving it. Once we had an MVP, we wanted to test it and get immediate real-world feedback. We found the new paying ...