When bad guys started encrypting their data, Gal Nakash and Tal Shapira set out to beat them at their own game.
The two cybersecurity experts, then with Israel’s equivalent of the FBI, used artificial intelligence to map data sharing in order to understand who was communicating with whom and head off attacks.
In founding Reco, they took that technology to help modern enterprises get full visibility into their SaaS ecosystem, detect and be alerted on potential risks, and ultimately use these SaaS tools in a very secure and scalable way. The focus at Reco is on context rather than just the content to make the best decision in terms of which risk to prioritize, and that’s what sets the company’s technology apart.
Instead of trying to understand every piece of information, Reco deploys machine learning and artificial intelligence to analyze millions of identities, patterns of communication and patterns of behavior in metadata, and every correlation between the people, the apps and the data. This allows businesses to understand what is happening and who is involved – without needing to read the actual data found in audit records.
“The traditional way to cover your environment was to build connectors and connect to dozens of apps because nobody is going to use so many apps,” said Ofer Klein, the company’s third co-founder. “But we understood that SaaS was something that was going to explode.
“Today, a company has more than 300 apps on average, and 95% of new software is in the cloud. That’s amazing for productivity but awful for security. We understood that you need to come up with a totally different concept in order to help secure the SaaS in a very effective and streamlined way.”
With over 50% of organizations reporting at least one SaaS breach in the past two years and the U.S. Securities and Exchange Commission tightening incident disclosure regulations, SaaS security is more essential than ever before, Klein said.
After Reco connects to an enterprise, it meets with its customers shortly after to show them their environment. They’re always surprised to see how many more apps they’re working with, he said.
“Usually we ask embarrassing questions like how many apps do you think you have? And every time it’s much, much more than you ever thought because it’s so easy to use apps today and it’s really hard to control.”
The record so far is 11,000, Klein said. The customer guessed 1,000.
Reco combines four tools in one: posture management and compliance, app discovery and governance, identity and access governance, and detection and response.
The platform offers full visibility into misconfigurations, configuration drift, and privileges and permissions related to an organization’s SaaS applications and identities. It allows customers to discover all SaaS-to-SaaS connections (both SSO and non-SSO), who has enabled them, and what level of access they’ve been granted.
It also identifies potential exposure gaps – including from former users who retained access. In one case, Reco demonstrated how a customer’s former contractor, now working with a competitor, was in the customer’s system trying to access data because his Salesforce access wasn’t shut down.
Once suspicious activity is detected, mitigation is swift.
Reco has hundreds of controls out of the box to allow security teams that are not experts in SaaS security to provide best-in-class detection and response, Klein said.
“Honestly, it’s almost impossible to be an expert in every app. Salesforce is a whole different world from Microsoft or Google or Slack. And it’s not even the same person in the company managing it. Salesforce is managed by sales of marketing. Slack is often run by R&D or engineering. Microsoft is in IT. There’s zero chance that one person can understand everything.”
The technology does not have an agent, so no software needs to be installed. It takes about five minutes to connect to an API, and no data needs to be taken. Within minutes, the platform analyzes every action, every user, applications and data.
It is designed for mid-size enterprises and larger, and customers include S&P 500 companies.The largest enterprise it is working with right now is one of the biggest companies in the world, with 750,000 accounts, Klein said.
“The main benefit of Reco is that it allows me to be much more efficient with my time. Instead of spending hours investigating and triaging alerts, Reco takes care of it for me by providing all the necessary context and information, along with workflows that help to reduce risk across my SaaS environment,” said Robert Kugler, Head of Security & Compliance at Cresta.
Reco, which is backed by investors including Insights Partners, Zeev Ventures, Angular Ventures, and Boldstart Ventures, was founded three years ago, and went commercial in 2022. The company has raised about $40 million to date from leading VCs and 25 private investors.
Looking forward, Klein sees the accelerating adoption of SaaS as the No. 1 trend.
“SaaS is not only here to stay, it is accelerating at a very fast pace, with a very interesting driver, which is the AI and generative AI apps,” he said, predicting that acceleration will lead to expanded regulation and compliance mandates in 2024 and 2025.
“AI applications are completely changing the way people are doing business. One of our customers has 300 people in customer support. They want to replace 200 of them with AI. If this piece of AI is breached, that would have a significant impact on the company. Companies will have to secure SaaS and the AI apps within that.”
Securing the SaaS layer is completely different from securing an endpoint or cloud because control is not centralized within security,” he said.
“It’s all over the place – in marketing, sales, engineering,” he said. “How can I secure something without blocking it when I’m not controlling it? That’s the biggest challenge.”
If you are interested in learning more, please check out their website at www.reco.ai.