HQ
325 Front St W
Toronto, ON M5V 2Y1, Canada
© 2023 Feroot Security
Computer Software,
Payroll & HR Services
Employees
To Gusto, keeping customer data secure is paramount. From its well-defined corporate security strategy and dedicated public webpage, Gusto views itself as a data custodian that is entrusted with, rather than entitled to, customer data.
Ever since its inception, Gusto has continuously improved and enhanced its ability to detect and defend the business and its customers from cyber threats. Being a cloud-first organization with an ecosystem of web applications and web pages to protect, Frederick “Flee” Lee, Gusto’s Chief Security Officer, and his team expanded their security strategy beyond traditional server-side security practices to enhance client-side security practices.
“A day doesn’t go by that you don’t hear about a new JavaScript-based attack on a company’s website or web application. We’re seeing attackers pivoting from traditional server-side attacks to client-side attacks. To protect our business from server-side threats, we needed to enhance our client-side security capabilities to stay ahead of the threat.”
With e-skimming, formjacking, JavaScript injection, and Magecart-like attacks on the rise, Flee and his team learned that they needed a new way to gain even fuller visibility of their cyber risk across their websites and web applications. They needed to have a technology that could provide them with a full inventory of all first- and third-party scripts, an even clearer understanding of vulnerabilities impacting the client-side, and immediate alerts to cross-border data transfer and potential data exfiltration.
Gusto’s mission is to create a world where work empowers a better life. By making the most complicated business tasks simple and personal, Gusto is reimagining payroll, benefits, and HR for modern companies. Gusto serves over 200,000 companies nationwide and has offices in San Francisco, New York City, Denver, and Canada.
Flee empowered Karlotcha Hoa, Gusto Security Engineer, to determine how to enhance their visibility into all of the scripts that make up their front-end web applications. Karlotcha outlined what capabilities a client-side security technology needed to have, in order for them to be able to successfully protect their client-side JavaScript web applications.
Karlotcha evaluated Feroot Security Inspector and ran an in-depth proof of concept (POC). The goal of the POC was to use Inspector to operationalize their client-side security capabilities, determine if the technology could uncover known unknown threats, and become the ‘glue’ that united the security and the front-end product development team for successful collaboration.
After a thorough evaluation of Inspector’s features and functionality, Karlotcha and Flee chose Feroot Inspector for Gusto to secure their client-side web applications. Inspector was quickly provisioned to gain end-to-end visibility of the makeup of their web applications, detect JavaScript vulnerabilities and threats, automate client-side security tasks, and integrate Feroot with existing security technologies and processes. Inspector enabled Gusto to:
“We needed greater visibility over our web applications to ensure they were loading the way we needed and expected them to in the users’ browser. With Feroot we have the ability to continuously scan our websites and make repairs as necessary.
“The best part of Feroot Inspector is that it is not intrusive. It’s a plug-and-play solution that is easy to maintain. We use Inspector to look at our web apps, and it tells us everything we need to know to keep them secure. It’s easy to use, and integrating it with our technology stack and workflows was quick and seamless.”
“Now that we have Inspector integrated into our security operations, we are happier with our front-end security posture. We are even more confident that we are able to find issues in our web applications quickly and fix them. We believe we have a solid solution in place to keep our eyes on our front end.
“In my role, I want to reduce as much cyber risk as possible. We needed a better way to find clientside threats and address them on our front-end. With Inspector we have enhanced our ability to manage cyber risk and keep our customers safe at point of interaction.”