The Most Comprehensive Solution for Website Security
Ensure nothing goes undetected by performing a comprehensive analysis of all website components, exposing their associated risks.
What does the Reflectiz solution entail?
Reflectiz remote sandbox solution monitors all first, third, and fourth-party applications and detects vulnerabilities and risks in your online ecosystem, providing complete visibility over your web threat exposure surface. It effectively prioritizes and remediates risks and compliance issues.
All is executed remotely and requires no installation or embedded code.
The Solution
Phases
Phase 1 Complete Discovery
Reflectiz’s proprietary browser crawls and maps key website pages, simulating real user activity with chosen settings. It covers all online assets, including authentication, checkout processing, pre-production scans, and more, and automatically checks for changes.
Phase 2 Deep Behavioural Analysis
The Reflectiz browser mimics user behavior and analyzes page activity, monitoring all components, JavaScript execution, and network requests.
The browser acts as a client-side proxy, detecting all webpage activity and collecting millions of events for root cause analysis.
It monitors all web components, including scripts, iFrames, tags, pixels, cookies, and headers.
It has no limitations and can track all activities, including non-origin content and first-party components on any webpage.
Phase 3 Data Analysis and Processing
Reflectiz cross-checks the collected data with cyber-reputation databases for known vulnerabilities, malicious scripts, and open-source vulnerabilities, which helps Reflectiz to answer three critical questions:
Phase 4 Actionable Baseline Alerts
After all threats have been detected, the Reflectiz platform creates and prioritizes alerts based on the risk level of each component, determined by WHO, WHAT, WHERE questions.
Reflectiz customizes behavior baselines with each organization and offers an alerting system that suggests clear mitigation and prevention steps, recommends script modifications, flags only critical changes, and blocks threats when necessary.
The platform integrates with Splunk, Jira, or any SIEM/SOAR solution using a bi-directional JSON-based REST API for streamlined alert management.
This is a continuous process that repeats phases 1 to 4 based on client requirements, ensuring constant monitoring and detection of online risks and vulnerabilities.
Want to learn more about Reflectiz technology?
FAQs
Does Reflectiz require installation or code changes on my website?
No. Reflectiz operates entirely remotely and requires no installation or embedded code on your website. Its proprietary browser-based solution crawls and monitors your website from outside, simulating real user activity to analyze all web components. This agentless approach means there is zero impact on your site’s performance and no development work required to get started.
How does the Reflectiz solution work?
Reflectiz uses a remote sandbox solution that monitors all first, third, and fourth-party applications on your website, detecting vulnerabilities and risks without requiring any installation or embedded code. It operates in four phases: complete discovery of all website assets, deep behavioral analysis of all web components, data analysis against cyber-reputation databases, and actionable baseline alerts with clear remediation steps. The process repeats continuously based on client requirements to ensure constant monitoring.
Is the Reflectiz monitoring process continuous?
Yes. The Reflectiz four-phase monitoring process — discovery, behavioral analysis, data analysis, and alerting — repeats continuously based on each client’s requirements. This ensures constant detection of new online risks and vulnerabilities as your website evolves. Because Reflectiz automatically checks for changes and repeats its crawls on a configurable schedule, security teams are always working with up-to-date threat intelligence rather than point-in-time snapshots.
What integrations does Reflectiz support for alert management?
Reflectiz integrates with Splunk, Jira, and any SIEM or SOAR solution using a bi-directional JSON-based REST API for streamlined alert management. This means security teams can manage Reflectiz alerts directly within their existing security workflows without switching between tools. The bi-directional API also allows alert status updates to flow back into Reflectiz, keeping the platform synchronized with your team’s response actions.
What is Phase 1 of the Reflectiz monitoring process?
Phase 1 is Complete Discovery. Reflectiz’s proprietary browser crawls and maps key website pages, simulating real user activity with configurable settings. It covers all online assets, including authentication flows, checkout processing, and pre-production environments, and automatically checks for changes. This gives organizations a comprehensive, continuously updated map of everything running on their web properties.
What is Phase 2 (Deep Behavioural Analysis) in Reflectiz?
Phase 2 is Deep Behavioural Analysis. The Reflectiz browser mimics real user behavior and monitors all web components — including scripts, iFrames, tags, pixels, cookies, and headers — as well as all JavaScript execution and network requests. Acting as a client-side proxy, it collects millions of events for root cause analysis and has no limitations, tracking non-origin content and first-party components on any webpage.
What is Phase 3 (Data Analysis) in the Reflectiz monitoring process?
Phase 3 is Data Analysis and Processing. Reflectiz cross-checks all collected behavioral data against cyber-reputation databases to identify known vulnerabilities, malicious scripts, and open-source vulnerabilities. This analysis answers three critical security questions: WHO are your third-party components (their identities across the entire web ecosystem), WHAT are they doing (risky activities like keylogging, tracking, or PII harvesting), and WHERE do they send data (the security of internal and external servers that interact with your site).
What is Phase 4 (Actionable Baseline Alerts) in Reflectiz?
Phase 4 is Actionable Baseline Alerts. After detecting all threats, Reflectiz creates prioritized alerts based on each component’s risk level as determined by the WHO, WHAT, WHERE analysis. The platform customizes behavior baselines per organization and offers an alerting system that suggests clear mitigation steps, recommends script modifications, flags only critical changes, and can block threats when necessary — reducing alert fatigue.
What risky activities does Reflectiz detect in third-party components?
Reflectiz detects a wide range of risky third-party behaviors including keylogging, user tracking, PII (personally identifiable information) harvesting, unauthorized data collection, and communication with suspicious external servers. These behaviors are identified during the deep behavioral analysis phase by monitoring all JavaScript execution and network requests, then cross-checked against cyber-reputation databases in the data analysis phase.
What web components does Reflectiz monitor during behavioral analysis?
Reflectiz monitors all web components during behavioral analysis, including scripts, iFrames, tags, pixels, cookies, and HTTP headers. It also tracks all JavaScript execution and network requests, including non-origin content and first-party components. The platform acts as a client-side proxy, collecting millions of events per session for root cause analysis — providing deeper coverage than traditional scanning tools that only examine your own code.
