Zenedge, a leading provider of cloud-based, artificial intelligence-driven cybersecurity solutions continues to experience rapid growth. This year they announced the addition of three new solutions, Zenedge API Security, Zenedge Bot Manager and Zenedge Malware Protection to their already robust suite of managed cybersecurity products (Web Application Firewall and DDoS).
Additionally, Zenedge expanded its EMEA presence with the deployment of additional DDoS scrubbing centers and Mega-POPs in Europe, to meet the increased demand for advanced security solutions from the European market. Zenedge is planning to open a scrubbing center and a new office in APAC, by the end of the year.
When we first profiled them back in 2016, the company had forty employees, today they have eighty and that number is still growing. We recently spoke with co-founder Laurent Gil about the state of Zenedge, the security market, and their security platform. A big thanks to Laurent for his insight.
“We see security as a platform,” explained Laurent. “The value of the platform as a whole is more than the value of each component separately.” Unlike other companies who struggle to integrate new sectors of the security industry, such as API protection, into their security suite, our security solutions share intelligence across the stack as a single, comprehensive platform for application protection. Each product is designed with platform synthesis in mind. They easily integrate, and are easily managed all in one place. As a result, they are able to leverage advanced components like bot management and mitigation to enhance other offerings like DDoS protection.
Regarding the new malware solution, Laurent noted, “It’s the combination of malware protection and everything else we do that makes it so powerful. To identify malware, you would traditionally look at attack payloads embedded in a request or a file. But with Zenedge platform, malicious and unauthorized users who would upload such a file would be identified and blocked before even examining the payload. This gives us an advantage over even sophisticated malware detection techniques.”
Providing an all-in-one solution for application security puts Zenedge in line with a major trend in the security industry: convergence. As various sectors begin to overlap with each other, the ability to neatly divide the industry becomes difficult–as does finding best-of-breed solutions for rapidly changing market segments. In addition to this trend, Zenedge is attempting to address two other factors in the security marketplace: Bot management and API security.
The importance of monitoring bot traffic, both bad and good, is becoming a focal point for organizations, but Zenedge has known the significance for years, and designed their Bot Manager product with the growing need in mind. “This switch happened a quarter ago,” Laurent said, “between May and June. People were wondering how to ensure visitors to their sites were using them for what the sites were designed to do. Our solution to this problem is called Zenedge Bot Manager, which classifies whether visitors are bots or human with behavioral analytics. It’s been grouped in with security, but is somewhat different from the traditional security services of WAF and closer to how AI and machine learning work. With this service, we don’t necessarily look at the payload, but the visitor’s behaviors on the site in the past and try to predict what they might do in the future, and whether they are using the site as intended.” Zenedge Bot Manager leverages advanced techniques such as a Human Interaction Challenge and Bot Traffic Shaping that make the solution unique from others in the emerging market.
To illustrate this, Laurent recounted an experience with one of their airline clients. This particular customer was seeing an unusually high volume of cancellations from China. Chinese users comprised only one percent of the client’s revenue, but was accounting for two-thirds of their cancellations. Zenedge was able to identify a huge amount of bots from China that were using the site to buy a tickets using a legitimate credit card, then canceling it within twenty-four hours to obtain a full refund. The airline adjusted their ticket prices based on the number of seats booked, so the bots were effectively inflating prices and driving business to competitors offering lower fares during that twenty-four hour window. Laurent noted, “This fraudulent or criminal use case was one where ‘end users’ were not using the site as it was intended, but to hurt their business. Because our techniques were able to identify the way the bots bought tickets, we were able to quickly detect them as malicious users and block their activity.”
Another new security trend Zenedge caters to is API security. Despite their almost ubiquitous use in apps today, security for APIs remains a deeply overlooked and underserved segment. However, in the past two months, API security has begun to take off, possibly due to the recent OWASP report that placed it as one of the Top Ten Most Critical Web Application Security Risks.
To address this need, Zenedge released an API protection solution in June. This new and highly sought after product is one of only a few available on the market today, apart from Akamai and Shape Security. One use case Laurent provided to illustrate the need for API security is a Zenedge client who works in consumer electronics. Their API ID requires credentials with a username and password to authenticate the API call, but the API had no protection against dictionary attacks, allowing users an unlimited number of tries to guess the password for a single username. For this large company, millions of API requests come in every day, but the API abuse only comprised a few thousand requests, making it hard to separate and identify. To address this situation, Laurent explained, “We had to invent techniques to identify whether the API call was legit or not, and created SDKs for Android, iPhone, and other mobile devices to inject code into the API call and verify its legitimacy.”
Zenedge recently won a large contract with Internet2, a semi-public member organization that operates the nation’s largest and fastest, coast-to-coast research and education network, and provides cybersecurity solutions and services to universities and academic institutions across the United States. As the exclusive provider of DDoS protection for Internet2, Zenedge beat two of the industry’s largest providers during Internet2’s final decision process. “The key to gaining this contract, was our fully automated DDoS solution, which can detect and fully mitigate an attack in under 60 seconds,said Laurent.
As a result, Zenedge continues to demonstrate rapid growth, with average deal size also increasing by over 25% in the past six months due to continued demand for its integrated cybersecurity platform. “Our continued growth as an organization demonstrates the need for these emerging solutions as a whole, and our leadership in the industry,” said Laurent . “We now have a recognizable brand; people know Zenedge, and they trust Zenedge.” As Zenedge continues to introduce new products and innovations to the security sector, their success seems highly likely to continue.