“With AI, security companies can gain the ability to rapidly process, classify, and contextualize vast amounts of information, surpassing the capabilities of even large teams of human security professionals.”
Hi Rui, welcome to our Interview Series. Please tell us about your role in the company and how you arrived here.
I am the CEO and Co-Founder of Jscrambler, a company I have led since 2014, from bootstrapping to a growing business in the digital security space. As the CEO, I drive the corporate direction and strategy of the company. Before co-founding Jscrambler, I worked as a software analyst and held multiple key management roles across the financial services sector.
During this time, I realized that a lot of the strategic focus around the industries was on securing enterprise networks and server-side infrastructure. Yet, no one was looking at client-side security because businesses simply didn’t believe it was their responsibility. As organizations were becoming rapidly digitized, I saw that user experience was taking precedence in almost every business decision, yet security was rarely extended to the user’s screens. This is when I saw the potential and scope for developing security solutions for client-side applications, which transpired into the birth of Jscrambler.
What’s the idea behind co-starting a security software company?
Just like any great idea, Jscrambler pioneered out of necessity. We wanted to do something different in the security landscape, and at the time, advertisement fraud started becoming a big concern for users and businesses. So, we started a company called AuditMark in 2009, with the initial goal of developing a solution to analyze and stop click-fraud on online advertisements.
However, the first challenge was to secure our own code. Just like any web application, our fraud analysis app was also running on JavaScript, and we noticed how easy it was to change it. This was when we developed Jscrambler, initially to protect our own capabilities and internal users.
It wasn’t long before we realized that if we have the need for securing our client-side code running on the web, so would other businesses. From there, the journey of Jscrambler as an independent software security company officially began.
Read More : CIO Influence Interview with Dave Grant, President at Nasuni
You are now available in Splunk Marketplace. Could you tell us how this would enable customers to secure assets against client-side cyber threats?
Launching our solution on Splunkbase is definitely a major step for us, as it will allow us to extend client-side protection to an even wider pool of businesses from all sizes and sectors and facilitate seamless integration with one of the most widely used data analytics and visualization platforms.
Jscrambler’s threat monitoring solution provides client-side protection by bringing proactive security to the screen. Whenever you’re opening a web page or web application, you’re not just loading the code of that particular company. Almost every website brings in a number of third parties to enhance the user experience, whether it’s for authentication, payment processing, or data analytics.
However, what you don’t have is a security model to fence all of these third parties. As these JavaScript codes are easily accessible and readable in real-time and not monitored by any security solution, they are highly susceptible to malicious threats like code tampering, reverse engineering or code injection. Sometimes, the third parties themselves might overstep due to errors and access the data they don’t need. All of these instances lead to sensitive data leaks.
This is where Jscrambler comes in. Our solution can sandbox each third party, ensuring they only access the data they need to perform their job. As each code element is continuously monitored in real-time, our solution can instantly detect if there is any suspicious activity on the client-side web pages.
How have client-side security threat intelligence and diagnosis evolved in the last 3 years? What lessons did you learn from the covid-19 related disruption?
The challenges of Covid brought a significant shift in the speed of digitization across industries. Suddenly, every interaction had to be virtual. Processes previously performed face-to-face for security concerns now had to be shifted completely to a digital front. For example, activities like opening a bank account or attending a doctor’s appointment now need to become entirely digitized. These virtual and digital interactions existed before, but because of Covid, they had to be accelerated and rolled out to the mass population.
To facilitate this urgent shift, companies brought in a lot of third-party solutions that could enable such virtual functions. For instance, banks had to bring in third-party authentication solutions that would perform KYC for consumers trying to open an account. Healthcare providers had to bring third parties that could facilitate seamless telecommunication between doctors and patients or virtually track patients’ health data. Companies needed fast integration with these third parties, so their primary concern was functionality and user experience. As a result, security took a back seat, and threat actors suddenly found a golden opportunity to exploit new vulnerabilities. This is why we saw third-party threats and supply chain attacks increase by over 400% since Covid.
Now that the challenges of Covid have finally calmed down and organizations have experienced a barrage of new threats, the need for effective client-side security controls has again resurfaced. This is why we continue seeing an influx in demand for client-side security threat intelligence.
Could you tell us about the future of AIOps and how these technologies would impact enterprise-grade security?
The development and functionalities of AI have definitely come a long way, especially in the past year. It is rather exciting and intriguing to see the advanced capabilities showcased by some of the recently developed AIOps. However, for every problem that AI solves today, it opens up a bunch of new concerns, especially in terms of security.
AI is like a double-edged sword, it can be used for the greater good or bad, just like most technologies. While we are seeing businesses reach new heights with AI-based operations, threat actors are also using this technology to make their attacks more sophisticated and effective. For instance, cybercriminals today can exploit the advanced capabilities of AI tools like ChatGPT to create perfect phishing campaigns or malicious codes with little to no effort.
So, while businesses are excited about the continuous evolution of AIOps, they should also be concerned about their dangerous capabilities in the wrong hands.
At the same time, artificial intelligence has the potential to help us defenders in the cybersecurity landscape. With AI, security companies can gain the ability to rapidly process, classify, and contextualize vast amounts of information, surpassing the capabilities of even large teams of human security professionals. The challenge is, of course, to find the right balance between these types of capabilities and the speed of AI to enable defenders to accelerate and mitigate threats, without falling into misclassification and erroneous information.
Read More : CIO Influence Interview with Jim Alkove, CEO and Co-Founder at Oleria
Healthcare and financial services industries are at maximum risk from security threats? What makes them so vulnerable?
Healthcare and financial services are two of the most vulnerable sectors across the digital domain, primarily because of the critical nature of their businesses. These businesses handle a significantly large volume of sensitive data compared to most other industries. So, naturally, they are more frequently targeted by cybercriminals for better payouts.
At the same time, financial services and healthcare businesses maintain very complex network infrastructures. Such organizations often have a large supply chain network with several third-parties and cyber-physical systems like ATMs or IoMT devices. These complex networks provide a larger attack surface for threat actors, allowing them to exploit more potential vulnerabilities across different systems.
What kind of client-side protection do you offer to these industries?
As a leading authority in client-side security software, Jscrambler defends enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Our threat monitoring solution creates first-party code that is resilient to tampering and prevents interference with third-party code. The solution is designed to work continuously, keeping organizations protected regardless of how frequently things change.
We provide companies with a level of visibility and control that supports business innovation from code to runtime. Our customer base includes the FORTUNE 500, retailers, airlines, banks, and other enterprises whose success depends on safely engaging with customers online. With Jscrambler, these interactions can be kept secure, allowing businesses to continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance.
Your predictions for CIOs and CISOs on securing IT hardware and networking with solid security software platforms:
My advice for security leaders would be to emphasize client-side security. The external threat landscape is continuously evolving, and if you want to gain and maintain the trust of your users, you must extend proactive security to their screens. The relationship between a user and a company starts when they open a web page or web app – this is where the relationship can break if their data is not protected. So, CIOs and CISOs should recognize the critical importance of client-side security and communicate its urgency across the entire organization.
Read More : CIO Influence Interview with Joe Ramieri, VP of North America at Instabase
Thank you, Rui ! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
Chief Executive Officer, Co-Founder and Owner
Rui Ribeiro is a co-founder and owner of Jscrambler where he co-leads business development. Professional experience in the banking and finance areas as IT Developer, team leader and Project Manager. Has extensive experience in the areas of auditing, finance, and Project Management. Originally graduated from the University of Porto as an Electrical Engineer, has later extended his skills in Entrepreneurship and Project Management.
Jscrambler is a leading authority in client-side security software. Its solution defends enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Jscrambler makes first-party code that is resilient to tampering and prevents interference with third-party code. The solution works continuously, keeping organizations protected regardless of how frequently things change. From code to runtime, Jscrambler has companies covered with a level of visibility and control that supports business innovation. Jscrambler’s customers include the FORTUNE 500, retailers, airlines, banks and other enterprises whose success depends on safely engaging with their customers online. Jscrambler keeps these interactions secure so they can continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance.
