Numerous third-party integrations power the website supply chain. These integrations have access to critical and sensitive data and have become one of enterprise’s most glaring supply chain blind-spots.
We spoke with Aanand Krishnan, founder and CEO of Tala Security, a web application data protection and client-side security provider, about why third-party web security is critical for organizations and Tala's new web data security solution -- Tala Detect.
Third-party security has been in the news quite a bit recently. Why is third-party security so critical and what makes it targeted by attackers?
Third -party Integrations are included on every website. In fact, approximately 66% of what renders on your browser is delivered via these third-party integrations that are delivered via unmonitored and largely uncontrolled client-side connections. Tala published a study in the fall evaluating the Alexa 1000 and found the average website included 34 third party integrations. Similarly concerning, the average website form amongst this sample size connects to 16 domains. These third-party integrations are part of what is sometimes referred to as a website supply chain. This segment of supply chain is perhaps Enterprise's most glaring supply chain blind spot.
What are the dangers of third-party web security blind spots?
JavaScript, which powers the modern web, utilizes a common permissions model. Third-party JavaScript integrations, that are included on essentially every website operating today, grant the same level of permissions and control to these third-party integrations as that granted to the website owner. Should an attacker compromise one of the third-parties they have control of the website code and can essentially make any modification they desire. Most commonly, they seek to steal sensitive data in attacks that the media generally labels as Magecart.
How does Tala Detect mitigate the potential threats malicious third-party web app attacks pose?
Tala prevents sensitive data theft and client-side attacks like Magecart, XSS, code injections and session redirects. Our innovative solution is designed to secure customer data and ensure data privacy, without degrading site performance or top-line revenue. Tala's technology automates policy generation, deployment and maintenance of powerful web standards, including CSP, SRI, Feature Policy, Referrer Policy, HSTS and others. Tala also leverages JavaScript virtualization synthetically to ensure data flow analysis of even the most complex workflows.
Tala's comprehensive portfolio includes both Tala-Protect and Tala-Detect ensuring comprehensive data flow analysis together with the means to control it. This innovative combination of capabilities ensures attacks are prevented in real-time, data privacy and integrity is assured and the need for costly and continuous administration or incident response is minimized. Tala’s solutions have no impact on website performance or user experience - and no code integration is required.
###
Comments