By Ditsa Keren
Every commercial website includes dozens of third-party integrations that help it grow and maximize its business potential. Unfortunately, these third-parties introduce a client-side vulnerability that leaves websites exposed.
Source Defense uses a real-time sandbox isolation technology that prevents malicious activity originating from website supply chain vendors. In light of the major shift towards remote work under the COVID-19 pandemic, I asked co-founder and VP PS Avital Grushcovski for his advice as to how organizations can tighten their defenses and keep their online operations secure.
Please describe the story behind Source Defense and it’s evolution so far.
Source Defense is one of the few companies formed in the last 2 years that actually created a brand new market and addressed a problem that was never addressed before. It was founded by my best friend, myself and a mutual acquaintance we knew from a company we used to work at.
We did a lot of research and found that no one has succeeded or even tried to commercially solve the problem of governing third-party access. We have found a few open-source projects that tried to address this, but with little to no success at all. We decided we’d figure out a way to do it, and then my partner came out with the brilliant idea of applying access policies to JS on the web browser. It sounds very simple because we already have it on our mobile phones, but you were never able to do that on the web.
We developed a patented engine that allows you to very simply say which of the third-party vendors has the privileges to read the page or write to it. For example, a chat vendor might be able to read the page but it can’t read credit card information, usernames and passwords. Basically customizing specific access policies to each one of the vendors running on your pages.
At the time, no one knew this problem even existed, which actually made it difficult to raise money at first, because we had to convince investors that the problem actually existed. Four years ago, if you were looking for investors and said I’m the only one doing it, the answer would either be that it can’t be done, or there’s no money in it because there’s no way you are the first.