Category Analysis

Two surfaces.
Two threat models.
Two different products.

Web security tools protect your visitors from malicious code on your website. That’s the visitor surface. Important. Necessary. Not what BLACKOUT does.

BLACKOUT protects your company from contracted vendors abusing access to your revenue infrastructure. That’s the company surface. Different threat. Different buyer. Different category.

The Client-Side Security Market

These companies protect your visitors. BLACKOUT protects your company.

Reflectiz
Agentless web exposure management. $28M raised. Fortune 500 customers.
c/side
Client-side security. Script monitoring and threat detection.
Source Defense
Client-side web application security. PCI DSS focus.
Jscrambler
Client-side protection. JavaScript shielding and monitoring.
Feroot
Client-side security. Inspector and DOMGuard products.
PerimeterX (HUMAN)
Bot management and client-side defense. Acquired by HUMAN.

These are legitimate security products solving a real problem. Magecart attacks, payment page skimming, and malicious script injection are serious threats. A CISO should evaluate these tools. They are not competitors to BLACKOUT — they solve a different problem for a different buyer.

The Two Surfaces

Same website. Different threats. Different questions.

Visitor Surface

Who
Web Security tools
Protects
Your visitors
From
Malicious third-party code on your website
Threats
  • Magecart / web skimming
  • Formjacking on payment pages
  • Malicious script injection
  • Cross-site scripting (XSS)
  • Data harvesting from visitors
  • PCI DSS violations
Buyer
CISO / Security Operations
Budget
Security / Infrastructure
Core Question
Are my visitors safe on my website?

Company Surface

Who
BLACKOUT
Protects
Your company
From
Contracted vendors abusing their access to your revenue infrastructure
Threats
  • CRM data exfiltration via marketplace integrations
  • Pre-consent tracking by contracted partners
  • Competitor subsidization through intent data resale
  • Undisclosed subprocessor chains
  • Defeat devices hiding behavior from auditors
  • DPA/contract violations at runtime
Buyer
CEO / CFO / RevOps / Procurement
Budget
Revenue protection / Operational
Core Question
What are my vendors doing with access to my business?
The Distinction

The threat model is different. Everything follows from that.

Web security threat model

An unknown attacker injects malicious code into your website through a compromised third-party script, a supply chain attack, or a vulnerable dependency. The attacker steals payment card data, credentials, or personal information from your visitors.

The adversary is external. The victim is the visitor. The damage is a breach.

GTM Security threat model

A contracted vendor — one you signed a DPA with, pay monthly, and integrated into your CRM — uses their authorized access to exfiltrate your pipeline data, fingerprint your visitors, sell your intent signals to competitors, and load undisclosed sub-vendors through their scripts.

The adversary is internal. The victim is your company. The damage is revenue.

A web security tool would see a Magecart attack on your checkout page and block it. It would NOT see 6sense reading your deal stages through a legitimate HubSpot integration and selling that data to your competitors. BLACKOUT sees the second one. You need both eyes open.

Complementary

An enterprise with both tools has complete coverage.

Web Security Catches
  • Magecart / payment skimming
  • Malicious script injection
  • XSS attacks
  • PCI DSS violations
  • Compromised CDN assets
BLACKOUT Catches
  • Vendor CRM data exfiltration
  • Competitor intelligence leakage
  • Pre-consent tracking by partners
  • DPA / subprocessor violations
  • Defeat device deployment
  • Shadow vendor supply chains
  • Contract vs. reality gaps
Neither Catches
  • APT / nation-state intrusion
  • Internal employee threats
  • Server-side vulnerabilities
  • Physical security failures

Web security asks who’s breaking into your house.

BLACKOUT asks what the people you invited in are stealing.

See the Platform