informa
3 MIN READ
Products & Releases

PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks

Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations.

SAN MATEO, Calif., April 19, 2022 — PerimeterX, the leading provider of solutions that detect and stop the abuse of identity and account information on the web, today announced the availability of the Spring Release of PerimeterX Code Defender. It includes a rich set of capabilities designed to enable organizations to combat the growing threat of client-side supply chain attacks on websites and web apps.

Code Defender, named the 2021 SIIA CODiE Award winner for Best Security Solution, is a client-side web app security solution that provides comprehensive real-time visibility and control into a modern website’s supply chain attack surface, to identify vulnerabilities and anomalous behavior and proactively mitigate compliance risk.

“Client-side supply chain attacks have become one of the top types of cyberattacks, and can cause tremendous damage to a brand’s reputation and its ability to comply with growing data privacy regulations including GDPR and CCPA. Every business is dependent on website code from partners and the open source community to enrich their visitors’ experience. At the same time they are worried about the risk of supply chain attacks that can result from the use of a vulnerable component. Code Defender is the premier solution for identifying and proactively mitigating these risks,” said Omri Iluz, CEO and co-founder of PerimeterX.

The Spring Release of Code Defender includes:

  • Comprehensive client-side mitigation capabilities to control legitimate JavaScript at a granular level, enabling customers to block specific actions without blocking the entire script. This adds to existing CSP mitigation capabilities that allow performance or prevention of specific script actions.
  • Full visibility into client-side scripts running in a customer’s environment, including how scripts are interacting with the site, additional scripts they are interacting with and exposure details.
  • An actionable dashboard offering an at-a-glance overview to quickly identify the high-risk PII, PCI, and vulnerability incidents that response teams should prioritize.
  • Persona-based filtering so users can configure the dashboard based on what is interesting to each team, for example, focusing reports based on compliance or scripts from trusted and untrusted vendors.

According to Osterman Research, more than 99% of websites use third-party scripts to simplify common functions such as ad tracking, payments, customer reviews, chatbots, tag management, and social media integration, but only one in three websites have the capability to detect potential problems arising from vulnerabilities in this supply chain of code. More than 70% of a typical website can be comprised of third-party code. Malicious Shadow Code in first-, third- and nth-party scripts can modify page elements, insert fake checkout buttons or skim personally identifiable information from a website, including credit card numbers and passwords.

Code Defender continuously monitors and analyzes the behavior of all client-side scripts in real users’ browsers. The solution inventories and baselines known expected behavior, and then applies machine learning models to help identify new malicious, suspicious or anomalous behavior that warrants attention with appropriate severity rankings based on the level of perceived risk to a website. The solution runs 24/7/365 giving security operations teams real time visibility and control over all downstream client-side risks, freeing up application development teams to focus on innovation.

To learn more about the risks to your website, run the free Website Risk Analyzer which provides fast, easy-to-understand insight into the scripts running on your site and the potential security risks they represent.

For more about how your business can benefit from the new enhancements to Code Defender, contact us here or read the blog here.

About PerimeterX

PerimeterX is the leading provider of solutions that detect and stop the abuse of identity and account information on the web. Its cloud-native solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience while disrupting the lifecycle of web attacks. PerimeterX is headquartered in San Mateo, California, and at www.perimeterx.com.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Chris Jacob, VP, Threat Intelligence Engineering at ThreatQuotient
Robert Lemos, Contributing Writer, Dark Reading