In this episode of "Cybersecurity Unplugged," Ribeiro discusses:
- How Jscrambler monitors for "malicious behavior" in web application code and stops it;
- What polymorphic obfuscation is and how it can deter attackers;
- How to use third-party code and still have a high degree of security.
Ribeiro is from Lisbon, Portugal, and specializes in code security. Having led Jscrambler since 2014 from a pure bootstrapped operation to a growing business, he continues to serve thousands of customers plus the Fortune 500.
This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.
Steve King 00:13
Good day everyone. I’m Steve King, the director of cybersecurity advisory services here at cyber theory. Today’s episode is going to explore website and application code integrity. And with me to explore that topic is Rudy Ribeiro, the CEO and founder of J scrambler, a bootstrap global business that now serves over 43,000 customers worldwide, from Lisbon, Portugal, who specializes in code security. Rui has led J scramblers. Since 2014, from a pure bootstrapped operation to a growing business, serving those 43,000 plus the fortune 500. And that completely amazes me really, so I, I am I’m overwhelmed with that accomplishment. So fantastic. Congratulations to you, and and welcome to the show. And thanks for joining me today.
Rui Ribeiro 01:12
And thank you for having me. And thank you for this introduction. And we’re really happy to be here.
Steve King 01:18
Yeah, I’ll bet you are. Your top line messaging and your marketing material says you can protect applications against abuse and privacy and tampering and code theft, and use enterprise grade obfuscation and COVID locks and other self defense techniques. It also says you can do something similar for websites against web supply chain attacks, and online fraud by I guess, detecting and controlling client side behaviors. Can you explain to our audience exactly how you do that? And describe the similarities between application and websites within this context?
Rui Ribeiro 02:01
Steve King 07:36
Rui Ribeiro 08:02
Steve King 09:10
Rui Ribeiro 09:12
Steve King 11:37
Yeah, that’s great. Two words polymorphic obfuscation? If we have 100 people listening to us right now, 99 of them don’t know what that means. Could you explain the nature of polymorphic, obfuscation? Kind of how it works? And how J scrambler deals with it?
Rui Ribeiro 11:59
Okay, I can try? Yeah, the objective of obfuscation is to raise the bar to the point of where the attack becomes unprofitable. So let’s look at it like an economic problem. If it takes too much time, and you’re just too much resources, I won’t do it. And polymorphism is, inoculation means that we are able to protect the same code and generate at each protection, totally different versions of that code that achieve the same goal. Okay, but go through it in a different process and look totally different than that, in fact, totally different. But why do that? Why have 1 million versions of the same code, because then you have 1 million problems that an attacker has to solve? So, again, it’s about raising the bar in terms of, of security.
Steve King 12:56
More difficult for the bad guys, right?
Rui Ribeiro 12:59
Yeah, and this is very important for automated abuse. So things like bots. So PlayStation five was nearly impossible to buy for a long time, because we had scalper bots that were constantly buying all the stock and then reselling it at a very high price on the secondary market. If you look at it, like we’d polymorphic obfuscation, we could slow down those bots, just because every time they tried to do that purchase, they would be looking at the different code bases, and they wouldn’t be able to automate that process. Because the context would be totally different. It’s not that simple. I’m oversimplifying. But the idea here is the idea is we provide multiple problems. And so we avoid the automated abuse of of applications.
Steve King 13:47
Yeah, sure, that makes sense. But, you know, a couple of million versions is not going to make a difference to a bot who can probably solve that problem in sub second response time. You have any prognosis about how 5g is going to impact that process?
Rui Ribeiro 14:06
5g is about network connectivity, it’s you will have I’m not a bot detection company. But for them, it’s a bigger problem, because they will have not because of 5g but because of ipv6, they ipv6 They have a lot more IPs that they need to trust or not trust. But I don’t expect 5g to be an increasing problem for for these companies. And for the solid process of bot detection.
Steve King 14:32
We ever ensure going to mess with a network. So that’s that’s all Yeah,
Rui Ribeiro 14:36
More boundaries, more people more data. Yeah. That’s an increasing problem. That’s that’s for sure.
Steve King 14:44
No kidding. You’ve had success in the operational technology markets as well, the, you know, ot space or IoT space are their customer success stories there that our audience might relate to
Rui Ribeiro 14:59
you I’ve had a lot of success in the OTT market, which is related to video player. So media companies that that’s where we have been had a lot of traction. So media companies in commerce and banking, those are like the places where we have more most traction. And in the case of Ott, so media companies, I think that the biggest change that we have seen is that previously, we consumed the media in setup boxes in the living room. And now we are able to consume media everywhere. But they still have the same security requirements for their applications. And that’s where we come in. So we have helped companies protect their OTT applications. And we enable them to be competitive when and provide a secure streaming experience in any, in any environment, on a mobile on the computer on the browser in any of those situations.
Steve King 15:55
If you stay in media swim lane, what are the next challenges you’re, you’re going to have to address to continue to be competitive.
Rui Ribeiro 16:05
Media is a it’s always complex, because they are constantly evolving, we want to consume content that is unique, that is immediate. There, it’s more on more about the accessibility, being able to decide what you want to watch now, other than what it was before, like when you add like pre packaged content that you’d sell for years and years, like for example, a film today. It’s about sports, it’s about live events, where media companies will have to focus to to differentiate themselves.
Steve King 16:41
Yeah, sure. So tell me about competitors, their most, you must have a bunch. But you’re in a leadership position. I mean, you’ve accomplished that which is amazing. What can your customers kind of look forward to in the future from you guys,
Rui Ribeiro 16:58
we have a goal, we want to provide a very simple solution to a very complex security problem. And then the need is there. So finance ecommerce, they need to protect their user data, they need to improve their compliance. And companies are already already struggling with implementing a good user experience. So we want to take the security problem from them. And we want to help them in that part. So an e commerce website, it has lots of services that have been bundled into that experience. So payment processors, analytic tools, helpdesk systems, advertising, marketing, marketing, tools, shipping, whatever. And they must all work together, all these modules must work together. Most of the companies, they are not as conscious as they should be on the risks of bringing in all these third parties. And even the third party security is not on par with most of the Commerce or banking companies. And so we have found that the example that I was that I was telling you, so a third party company that all of a sudden starts to access a new user email and capturing user data. And we want to stop that. So we want to work with the commerce companies, the banking companies, so that they can be agile, be more competitive, so allowing them to use those third parties without having a concern that it might compromise their use of data. be faster, of course, sell more if it’s an ecommerce company, but above all, avoiding all those compliance risks. We don’t want to be a security company that blocks our customers from moving forward, we want to enable them to move forward, we’re not going to say don’t use third parties. What we are meant to say is we have a system that allows you to use third parties and move forward and still have a very high security stance.
Steve King 19:06
Yeah. Great. Final question here. And I’m conscious of the time I don’t know when notwithstanding the recent crash in the cryptocurrency markets, it’s still incredibly popular and and you know, as a result, it’s, you know, continues to expand the threat landscape pretty dramatically. Do you manage anything in that world and how does that impact your Scrambler?
Rui Ribeiro 19:35
Steve King 22:25
Yeah, sure. And, you know, the money exchange, as it continues to evolve, and it’s very different today than it was 15 years ago. I’m sure it’ll look very different in 15 more years. But as long as, as long as Java scripts around, you guys will be doing great. So I want to congratulate you once again for the last eight years at bootstrap to 43,000 is absolutely amazing success. I appreciate you taking the time today to help us understand some more about your business and and explain some of the intricacies of your markets. So thank you once again, Rui, I appreciate you, as I said, taking some time out of your day.
Rui Ribeiro 23:11
Thank you for the opportunity. Steve. I really enjoyed talking about these topics. I hope that I was clear and then that help people understand a little bit what
Steve King 23:20
yep, I think so. Thanks again and we’ll talk soon. Thank you. Take care.