Delivering Secure and Trusted Web Experiences

As we start 2020, it feels like a good place to reflect on the past decade[i] and what it has meant for cyber security. Not so coincidentally, the past ten years (plus a little) have been rife with cyber security activity: from board-level awareness of security’s importance at organizations traditionally not focused on 1s and 0s, to the abundance of product vendors.

Prior to 2010, security was a sidebar for those not directly involved in the discipline. But around the 2008-2010 timeframe, digital transformation began impacting businesses in ways that demanded more attention to the protection of data and systems that housed that data. It’s not surprising, then, that product and service companies operating in adjacent spaces, like network performance or monitoring, adjusted their business models to include security functionality.

Over the years, a few of those companies have become known as full-blown security vendors first and foremost. Others are still struggling with remnants of their legacy but have an intriguing security story to tell. One such vendor is Instart, previously known as Instart Logic. Founded in 2010, the company first delivered web performance acceleration. As the company grew and interacted with customers, the team identified a need for digital advertising optimization and pivoted from its initial focus as a content delivery network.

Coalescing on a security future

For the next few years, Instart developed multiple products, including its web application firewall and DDoS protection. By May of 2018, the company realized it was headed toward a security future, and the board hired industry veteran Sumit Dhawan to expand Instart’s market reach and centralize on security. With over a decade and a half at Citrix Systems and more recently at VMWare, Dhawan understood virtualization and performance inside and out, and brought in a new management team that could use their shared experience to supercharge a security product built on something they call a “nanovisor.”

Speaking with Natalie Lambert, Chief Marketing Officer, and Jon Wallace, Security Technologist, they explained that the company’s mission is to “enable organizations to deliver secure and trusted web experiences to their customers.” As websites have evolved from the "look and feel” of the business to a critical transactional platform, businesses need to ensure the security of all web transactions—whether it’s site visitors filling out a “contact us” form, entering a credit card number for a purchase, or inputting sensitive details to apply for a job or bank loan. Consumers, too, want confidence that businesses won’t put their personal information at risk.

Instart’s nanovisor technology is the key to the product’s efficacy. It is a small piece of JavaScript that runs in the browser, providing agentless visibility and control into the JavaScript runtime and document object model (DOM). The nanovisor sees all JavaScript activity running on a page and can detect if automation frameworks or things like altered user agents are present. This visibility and control allow Instart to ensure only whitelisted JavaScript can access form fields and cookies on a website and detect and block bots from visiting a site. Boiled down, Instart protects unauthorized or invalid data from being accessed at a form field and cookie level and prevents bad bots from committing fraud on your site.

Unified web application protection

For other technologies trying to accomplish the same result, performance impact might be an issue. This is where the team’s background building and working with network performance technologies gives them the edge in a very crowded space, or, to be more exact, several spaces; Instart offerings include web application firewalls, bot mitigation, DDoS mitigation, web skimming, API protection, and a CDN. They're all connected by one goal, secure web transactions, but it’s a big sell for one company with less name recognition in the security space than some of their competitors.

Instart’s marketing literature takes on these various competitors, but we at TAG Cyber think the story here is how Instart grew up organically to deliver a security solution that places availability and performance at its core. After all, from a business perspective, security doesn’t exist for security’s sake; each corner of the confidentiality, integrity, availability triad is equally important. Lambert says the shift in the company’s main mission was organic, “Last June, we came to the conclusion, given customer feedback and our current product portfolio, that cyber security was going to be the main driver for our business. The real value for our customers today is in security. Performance is table stakes, and we’ve known for years how to do that well.”

Though the aforementioned security spaces are crowded, Instart has a unique story to tell, starting with their beginning as a content delivery network, through an impressive investment portfolio and a highly capable current leadership team, to their decision to deliver value via security. A decade ago, Instart Logic’s path may not have been clear, and the road to 2020 wasn’t straight and narrow, but Instart today is worth a look if your business wants to deliver a seamless and secure web experience to visitors and customers.


[i] Yep, we know decades traditionally start with years beginning with a “1.”