We’re often asked this question. Indeed, I believe most entrepreneurs deal with it frequently, whether facing investors, or pitching to a prospect.
Reblaze’s customers don’t ask us this question, ’cause they already know — especially those whose first encounter with Reblaze occurs when they’re under attack, call us, and then a few minutes later watch Reblaze bring their platform up even while it’s under massive attack.
But, for those who are not familiar with our product, and are curious to understand the approach and angles we take in this battlefield, here’s a (slightly modified) copy of an email I sent the other day.
— — — — — — — — —
Web Application Security is a crowded space. Here’s why Reblaze stands out within it.
First, our advantages in the marketplace:
- Competitive pricing: We have customers who switched to us, and by doing so, cut their security spend by more than half.
- Very high customer retention: Once someone becomes our client, they hardly ever leave. Our annual customer retention is roughly 98%. (That’s not a typo.)
- No customer lock-in: We have achieved this retention rate despite having no contractual lock-in of our customers. All our clients are month-to-month.
We do this for several reasons. First, our customers love us for it.
Second, it’s very attractive to potential customers. (“Try Reblaze with no obligation. Leave at any time.”) It makes the sales process much easier.
Third, it demonstrates the superiority of our service in a way that would be impossible otherwise. We don’t need to use legal agreements to keep our customers in long-term relationships. Our technology does that for us.
So that being said, let’s talk about our technology. We provide a complete, comprehensive solution, and we run on Google, AWS and Azure clouds (meaning we run on a better, faster and smarter infrastructure than the competitors do).
But the differences with our competition go far beyond this. Here’s a short overview of how we do things differently, and the key fundamentals that makes our platform better. We can divide this discussion into three category: Form factor, algorithms / techniques, and power tools we provide our users.
Starting with the form factor, we’re unlike anybody else out there. They all have their networks and computing grid, on top of which they serve all their customers. On the other hand, we in Reblaze deploy a unique, separate environment per account. It is delivered as a self-contained, scalable and elastic VPC (Virtual Private Cloud).
By setting up each account with a unique VPC:
- Our clients can never be affected by attacks that hit others.
- Our clients can never be affected by problems like Cloudflare’s recent “Cloudbleed” incident.
- We move forward faster with new features and versions, as we regulate which platform will get the updates, and at what cycle.
- We provide the end user with more power and control, since each one can only affect his/her own platform.
Our customers get to have the dedicated SaaS solution experience, which is unique to us, and they simply love it.
On every single deployment of Reblaze, as small as it might be, we can handle traffic at scale of large DDoS attacks (a flood of millions of HTTP/s requests per second) by simply scaling up and down as needed. We don’t need to maintain thousands of servers, 100’s of Gbps bandwidth, or ISP grade network layer equipment to absorb, scrub and filter the traffic. Bandwidth and other resources scale automatically, with no user action required.
Next, I’ll discuss algorithms/techniques. Reblaze is at the forefront of multiple technological trends in web security.
First, automation. As much as possible, we’re eliminated the need for our customers to administer or maintain their Reblaze deployment. The platform does most of its work automatically, while the remaining maintenance is done remotely for them.
Next, advanced human/bot detection algorithms. I’m not aware of any other players out there who detect and block unwanted bot traffic so effectively as Reblaze.
Bot detection is crucial to web security. This is an obvious concept when related to DDoS and scraping. But even for WAF and IPS, because most attacks are generated (or at least initiated) by scanning tools, detecting those tools beforehand helps provide a better security for the target platform.
Also, I haven’t seen any other SaaS security solution that offers true application profiling: a whitelist based tree that maps application data and gets updated automatically as new versions are rolled out.
In Reblaze, traffic rules, static and dynamic, profiles, black lists, white lists, application tree profiles, machine learning processes, and so on, all are created, generated, and tuned per customer and application, running within the customer’s VPC.
Also, I’ll note that from day one, Reblaze has been about advanced, comprehensive web security. (This isn’t true for our competitors. Cloudflare and Akamai were originally CDN providers. Incapsula was a WAF vendor. Radware started out selling a load-balancing product. Etc.)
Today we’re at the forefront of current trends such as applying big data and machine learning to web security. Meanwhile, some of our competitors aren’t using these at all. (Worse, most of the WAF products out there are based on ModSecurity.)
Next, I’ll describe some of the power tools we provide to our users. As a customer, you can actually see how every 60 seconds, Reblaze scans your traffic logs, analyzes them, and reshapes security rules and policies in real-time.
All information about your web traffic is available as it arrives, not only in the Reblaze UI but also for use with your own tools (using our real-time and batch export options).
One of the more powerful benefits of Reblaze is that we store all traffic access logs, along with our additional layers of information, in Google Bigquery. We analyze it constantly, detect anomalies and hostile traffic automatically, and apply security policies and banlists immediately and effectively.
Unmatched full layer 7 visibility for all traffic, both legitimate and malicious, gives us and the user the ability to deeply understand all aspects of all applications, identify anomalies, detect behavior patterns, and prevent false positive events.
In conclusion, this is just a partial overview of the advantages that Reblaze offers. There’s a lot more that could be said about this. If you have any questions, please contact me.