Reco: Leading the SaaS Security Domain with Comprehensive Coverage, Posture Management, Shadow App Discovery, and Detection and Response

Reco: Leading the SaaS Security Domain | Ofer Klein | The Enterprise World

In the current security landscape, Reco has quickly emerged as a leader in SaaS security by tackling the evolving challenges of SaaS applications. Recognizing the limitations of traditional security tools, Reco developed a scalable platform that offers comprehensive coverage, posture management, shadow app discovery, and detection and response. Ofer Klein (CEO and Co-Founder of Reco) highlights, “We realized that something significant was starting to happen during the COVID-19 pandemic. Identifying the greatest need for organizations at that time, we established Reco.”

Reco’s platform distinguishes itself with its advanced AI technology, providing real-time visibility and security for up to 750,000 accounts. It simplifies SaaS management by rapidly connecting to and scanning enterprise environments. The solution’s key features include discovering all apps in use, managing configurations, identifying identities and their access level, and ensuring detection and rapid response to threats. By integrating business and security needs seamlessly, Reco has positioned itself as a crucial player in the security industry, meeting the demands of modern SaaS environments.

Addressing Evolving Security Requirements 

Headquartered in the US, Reco was founded in 2020. Initially, like many startups in emerging fields, the company faced the challenge of effectively addressing evolving business needs. Instead of pursuing a niche solution, which would be difficult to scale—similar to SaaS native security, where the security is built into SaaS applications—the company decided to take a different approach.

Reco’s team built their SaaS security technology from the ground up, focusing on developing a scalable solution that could keep pace with the growing adoption of SaaS. They created an identities interaction graph capable of analyzing every interaction between people, applications, and data on a very large scale. Although they initially estimated that building this technology would take about a year, achieving the scale they envisioned ultimately took over two years.

Today, Reco’s solution can connect to any SaaS application and scan the entire environment within minutes. The company now supports SaaS environments with as many as 750,000 accounts and ensures that these environments are monitored in real-time.

Analyzing Growth Milestones

Ofer states two particular key milestones in the industry that stand out:

  • The first was the COVID-19 pandemic, which drove many companies to shift increasingly towards SaaS solutions instead of on-premises systems. This shift was essential to support the growing need for remote work.
  • The second milestone was the emergence of OpenAI, generative AI, and LLMs, which initiated a new technology revolution. As enterprises began to realize AI’s immense value and speed, the adoption of SaaS applications surged. During the COVID period, companies typically used around 20 to 30 apps, but now, the average number of apps among Reco’s customers is about 500. Some customers even manage environments with up to 25,000 apps.

Although manually securing or even gaining visibility into such a vast number of applications is no longer feasible, Ofer states that AI has provided companies with the tools to operate more effectively. However, with increased productivity comes increased risk. As the use of SaaS grows, so does the presence of malicious actors, leading to breaches. This is where a SaaS security solution like Reco becomes essential to secure the entire SaaS layer.

Ofer reflects on the initial inspiration for the company, which emerged during the COVID pandemic. “During that time, my co-founders and I realized that something significant was starting to happen,” he explains. They understood the need for a holistic solution that did not yet exist. The challenge of starting a company during such a period was considerable. “The biggest challenge was that we launched the company during COVID, which meant we couldn’t meet face-to-face with co-founders, investors, employees, or even customers,” Ofer notes. In fact, he and his co-founders did not meet in person until six months into the company’s journey. “We had ten employees before I met my co-founders for the first time,” he adds.

Despite these hurdles, the team adapted swiftly. “Starting a company without the luxury of in-person interactions was a major challenge, but we managed to overcome it by quickly adapting to the circumstances,” Ofer says. This adaptability was crucial in navigating the early difficulties and setting the foundation for the company’s success.

Driven by a Team of Genius Minds

Since its inception, Reco has observed a significant shift from the traditional SSPM approach, which focuses on securing only core applications like Salesforce or ServiceNow. While these core apps remain in use, the reality is that every customer now relies on hundreds of SaaS applications (including shadow applications), resulting in a “long tail” of apps that are difficult to gain visibility into and secure.

To address this challenge, Reco developed what they call a SaaS App Factory. This innovative solution secures the long tail of SaaS applications. Unlike other tools that take two to three months to support a new app, their solution uses a low code/no code development process and can build a new integration in just two to three days. With this approach, the company helps enterprises quickly meet their business needs, and provides security and IT teams with the visibility and protection required to support the business effectively. 

Ofer believes that people are the backbone of any company, and this is even more crucial in a smaller organization where a few individuals must achieve a lot by relying on each other. “Each person must excel in their area of expertise while also being a strong team player,” he states. The company’s research and development center in Israel is composed of professionals from elite units like Unit 8200 and the Israeli FBI.

In the U.S., the team includes go-to-market experts with extensive experience in the tech and cybersecurity sectors. Emphasizing the harmony within the team is key to reaching goals, he also highlights that the success of the company relies on how well these diverse talents collaborate and work towards the common objective. “It’s all about how we come together as a team to achieve our vision.”

Leading with Reco’s SSPM Solution

Reco’s SSPM solution is designed to provide full visibility, governance, and protection throughout the lifecycle of SaaS. It connects within minutes using an API-based approach, requiring no software installation and transferring only metadata and requesting read-only access.

Once the SaaS data is ingested, aggregated, and normalized, Reco offers four levels of visibility and control.

  • App Discovery: Identifies every app in use within the company, including shadow apps (those connected without approval). 
  • Posture Management: Manages app configurations and ensures compliance across all applications.
  • Identity & Access Governance: Monitors for  identities with access to SaaS apps, their permission level, behavior, and anomalies.
  • Threat Detection & Response: Offers real-time threat detection and response capabilities, reducing average response “We’ve reduced the average response time from hours or days to less than four and a half minutes,” Ofer explains.

The company has four patents and uses a combination of algorithms, models, processes and tools for AI to gain a complete picture of interactions/collaboration and activities/actions. 

Customer Experience at the Core

At Reco, the company recognizes that delivering value is important, but providing it in a seamless manner is crucial, especially for CISO roles where resources and specialized skills for securing SaaS are limited. The company’s approach focuses on making securing SaaS applications as easy as possible.

Reco’s solution saves security and IT teams 80% of their effort compared to other tools. This efficiency is achieved by aggregating events and data into meaningful contexts rather than just presenting raw data points. “We focus on providing impactful insights rather than mere data,” Ofer explains. This is particularly significant given the challenge of maintaining a high level of skill needed to secure complex systems.

Reco’s solution is designed to serve security teams and partners, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), and channel partners. The goal is to streamline and enhance security processes across various sectors, making it easier for all involved to manage and secure their SaaS environments effectively.

Reco is committed to addressing customer and partner needs by emphasizing listening to their feedback. It ranges from straightforward suggestions to expressions of frustration about unresolved issues, and informs the company’s approach to problem-solving. “Customers often understand their pain points but may not know the best way to address them. That’s where we come in,” he further explains. 

Reco’s strategy involves transforming traditional, manual processes into automated or semi-automated solutions, improving efficiency, and effectively addressing customer concerns. Additionally, one of the significant challenges in the SaaS environment is the gap between business operations managed by SaaS administrators and the security needs handled by dedicated security teams. 

To bridge this gap, the company developed a solution where both business operations and security teams can collaborate, offering a comprehensive view of the SaaS ecosystem. “Our platform allows both sides to see what is happening, understand what to do, and evaluate the impact,” Ofer emphasizes. This approach facilitates collaboration and simplifies complex security processes, making it easier for teams to manage and respond to security issues efficiently.

Pacing with Current Market Trends

Since the beginning, Reco has been committed to building advanced technology that would eventually lead to unparalleled market speed. “We decided to invest deeply in technology that, while time-consuming to develop, would give us the highest velocity in the market once it was complete,” Ofer explains. The company’s infrastructure includes multiple engines that facilitate the rapid implementation of new applications, modules, and software, surpassing competitors’ capabilities.

One example of this speed is the company’s ability to support new applications as needed swiftly. Another key aspect is the integration of various applications, sensors, and identities into a unified context or issue. “We connect all the dots from multiple sources into coherent context,” Ofer notes. 

Adapting to changing market conditions is crucial, particularly in early-stage, unstable markets. The market can evolve due to different breaches, compliance regulations, or other factors. It is essential to understand current developments, anticipate future changes, and react faster than competitors to stay ahead. This adaptability is achieved through a combination of advanced technology and a proactive team that continuously monitors emerging signals and implements necessary adjustments.

The company’s technology and team work together to ensure that they can quickly respond to market shifts and emerging threats. This combination allows the company to remain agile and responsive, ensuring that they can meet the market’s evolving needs and maintain their competitive edge.

Talent at the Heart of Reco

Ofer’s philosophy centers on hiring the best talent for every role and empowering them to excel. This approach gives them the autonomy to make decisions and learn from their mistakes.He often jokes with his team, saying, “You will never be able to make more mistakes than I do.” This reflects his belief in learning from his mistakes and moving forward. He stresses the importance of transparency and quick correction. The company creates a dynamic and high-performing team by building a culture where mistakes are viewed as learning opportunities rather than failures. 

Once you foster a culture of transparency and encourage people not to fear mistakes, you end up with a team that can run fast,” he says. In balancing innovation and risk for maintaining stability and profitability, Ofer explains: “It depends on the stage of the company. In each stage, you focus on something else. In the early stage, you focus more on innovation, more on building, and less on profitability. This will come at a later stage. Right now, it’s all about  building the best product in the market and pushing it to those who need to secure their SaaS.”

Spearheading with Mentorship and Vision

Ofer believes that passion and motivation are essential qualities that cannot be taught. When hiring, the company strongly emphasizes identifying these inherent traits. “We carefully look for that burning fire to succeed and push boundaries before bringing someone on the team,” Ofer explains.

Once individuals with this drive are part of the team, the company focuses on enabling them to become the best versions of themselves. He acknowledges that this process is not static but rather iterative. As people, the company, and the market evolve, continuous adjustments are necessary to align on what is best for the company and its people.

Did You like the post? Share it now: