Around the time that Akamai acquired Prolexic (circa 2013) and kick-started the Edge Security CDN segment, Reblaze came to market with an idea to revolutionize this new market space. Co-founders Eyal Hayardeny and Tzury Bar Yochay developed Reblaze to offer a holistic approach to edge security and website management. With 20 employees and growing, Reblaze is positioning itself to dramatically increase its market share over the next twelve months.
One of the key goals when developing Reblaze, which sits in front of a CDN to act as the first line of defense, was to have the ability to update policies, rules and signatures instantly across its global platform. To get a better idea of the history behind Reblaze and to see what the future holds, we interviewed some members of the Reblaze team. A big thanks to the them for the demo and interview.
How did you come up with the idea for Reblaze?
Back in 2010, we were under the impression that web security was a challenge of the past-something that had been solved a long time ago. But we discovered that was definitely not the case. That year, we were amazed by the number of successful attacks that caused major websites go down for hours or even days, causing huge financial damages. We saw that there was a need for more web security, so we started developing Reblaze in 2011. Six years later, we are still amazed to hear horror stories about cyber attacks in the media. With Reblaze, though, we ensure that these stories never involve our customers.
What do you think about appliance based firewalls in general? Do you see them going extinct?
We believe that appliance based solutions can’t provide full protection because they are fragmented. They use a separate solution for each threat, are limited in bandwidth, hard to install and maintain and they are difficult to update. Many of our customers that had appliance-based solutions in place, removed them after installing Reblaze.
What products and services do you offer?
Reblaze provides a new and innovative approach to web security. It is a holistic, profile-driven analysis and protection solution. The Reblaze process is as follows:
- Customers route their web traffic through their Reblaze dedicated Virtual Private Cloud (VPC)
- Reblaze profiles each of the users and assesses its risk by inspection of its origin, environment, behavior, intentions, etc and assigns it a risk score
- Based on the risk score and the customer’s preferences, Reblaze decides whether to block the request, limit the user’s access or to allow the user access
All traffic is monitored in real time with very low latency (4-5 milliseconds). Reblaze eliminates the need for different protection solutions and has a built-in protection shield that incorporates an IPS/WAF, Multi-Layer DoS/DDoS protection, Anti-Scraping, High-level ACL, Bot Mitigation and Human Detection.
What makes Reblaze different from other CDNs providing Edge Security?
Other than the holisitic security solution we provide (outlined above), Reblaze is considered by many to be a better security solution because it
- Provides an innovative profile-driven approach to its comprehensive and cloud-based protection for web platforms
- All other vendors either provide a silo solution for one type of threat (WAF, DDos, scraping, etc) or are focused on other aspects of web traffic support
- Provides customers the finest grained ACL available in the market. Policy can be defined by country, company, network, platform (cloud, Tor, anonymous proxies, private proxies, bots and more)
- These policies can be attached to a cluster of sites, a single site, an area or pattern within a site or application or even a single URL
- Offers accurate and innovative human detection mechanisms that clear out all pen-tools and unauthorized crawlers without the need to inspect each individual request
- Provides a clear view of traffic including which countries are accessing sites, IP visibility, data on which companies and platforms are consuming how much bandwidth, and who/what is performing requests and keeping the system busy
- Uses a WAF unlike many other products on the market. Reblaze’s WAF is very simple to use and maintain, provides a nearly zero false positive ratio and comes with the Reblaze full operation and support package (updates, profiles fine tuning, etc.)
- Deploys simply and provides an elastic VPC for its customers. This allows both Reblaze and the customer to determine the optimal profile for the protected platforms and prevent most cases of DoS at their earliest stage
- Provides an elastic VPC that will automatically expand and allocate network and computing resources to cope with an attack
One of the main features that differentiates Reblaze from the competition is its VPC (Virtual Private Cloud). Reblaze provides an individual VPC to every customer. This is drastically different than the cloud shared by all customers that our competitors provide. A VPC provides an entire dedicated, scalable stack to each customer complete with DNS servers, load balancers, log, database, application firewall and more.
Reblaze has provided amazing security solutions for highly varied industry sectors from health organizations (hospitals, clinics), to e-commerce and booking / ticketing sites (flights, hotels, airlines, retail), gaming and gambling sires to forex trading sites, which are especially susceptible to very large-scale DoS attacks.
How does your DDoS Mitigation Service work?
Reblaze’s Application Security platform blocks DDoS and other attacks before the traffic reaches customers’ web infrastructure. Legitimate traffic has normal access to a site while attackers (DDoS and otherwise) cannot reach the network. We detect and block the network, transport and application-layer in DoS/DDoS attacks while the bandwidth scales automatically as it is needed. Reblaze also defeats hacking attempts, bots and more using its fully managed (no hardware or software to install or maintain) service that is always up-to-date.
How does your WAF detect and mitigate threats?
The WAF operates in a manner similar to our other protection aspects, using the profile-based security mentioned above. All web assets are protected against all forms of hacking and intrusion with our cloud-based elastic and powerful rule-based WAF that is PCI Compliant.
Do you compete with CDNs or work with them?
We don’t compete with the CDN providers. We actually partnered with one of the main players in this market (Verizon EdgeCast ) in order to provide our customers with a complete solution for their web assets.