Client-Side Security Fuels Customer and Brand Protection
Feroot Security Inspector & PageGuard Customer Success Story: Media Company
HQ
325 Front St W
Toronto, ON M5V 2Y1, Canada
The Challenge
The company’s security team has faced some of the biggest challenges cybersecurity professionals might face in their careers, including successfully defending their digital media properties from many server-side cyberthreats. The business has also been targeted by Magecart, JavaScript injection, and other client-side cyberattacks focused on collecting subscriber data and billing information.
“A while back, a third party had been responsible for our digital magazine property. Alas, the third party hadn’t set up the proper client-side security controls, and we inadvertently became victims of a Magecart attack. We needed to take control of our clientside security and bring it in-house. We needed to understand everything about our client-side digital properties to keep our business and our customers safe from harm.”
Director, Network & Security
The company’s security team was driven to significantly reduce their client-side cyber risk and the potential impact of their client-side attack surface. This meant ramping up their front-end security capabilities in order to secure all of their digital media properties and the customers who interact with them continuously and reliably.
Industry
Digital Communications
& Media
$500M+
Revenue
400+
Employees
4
Client-Side
Security Teams
Customer Since
2020
About The Customer
The company operates a variety of digital media properties. It convenes and curates influential leaders and entrepreneurs who drive change, transform business and make a significant impact on the world.
The Goal
The team set out to build a client-side security program to gain control over their websites and fully hold the keys to their digital kingdom. They wanted to make sure that all of their digital properties were owned and controlled by the business without fail. After replacing their third-party provider, they looked for a new partner that would allow them to retain full oversight and control of their websites and web applications. The team needed to:
- Automate client-side security for maximum benefit and efficiency.
- Understand what data was being captured from user input across all web assets.
- Generate and continuously enumerate a full inventory of web pages, tracking tools, advertising tools, cookies, scripts, and other critical information.
- Develop reports on the full breadth of what the business loads into user browsers on a continuous basis.
- Ensure all web pages and forms that capture subscriber data are closely watched and any security issues are dealt with immediately.
- Integrate client-side security with current security workflows.
- Integrate client-side security scanning and alerting into Slack and Jira for rapid issue resolution and incident response.
The Choice
The team found Feroot Security and requested a demo to evaluate the Inspector product offering and how it might be able to support a client-side security program.
Director, Network & Security
“During the Feroot Inspector demo we saw a lot of information that we didn’t know about, and didn’t have the technology to uncover. Feroot showed us all the first- and third-party scripts that were running on our web pages, code that was obfuscated, vulnerabilities in our code, ongoing data fingerprinting, and more. It blew us away.”
After comparing Inspector to another product in the market, the team acquired Inspector so that they could continuously scan all of their webpages, receive alerts, and fix client-side security issues in real-time.
Later on, the team also deployed PageGuard to fully protect their JavaScript pages and applications from attacks, and make applicable repairs when they are ready instead of in the moment.
The Change
The team deployed Feroot Security Inspector and started to automatically and continuously scan each web page and web application. Once the initial internal processes were built to quickly detect client-side security issues, the team integrated Inspector into Slack and Jira. The team began receiving clientside security alerts with rich context in Slack so that they could be aware of any monitoring and repair issues. In parallel, Inspector automatically creates tickets in the business’s Jira system so that the application development team can immediately fix vulnerabilities or other client-side issues.
“Our developers and our devops team are awesome. They had never seen anything like Feroot before and quickly learned its value and started using it. As an organization, we were all shocked by how much Feroot is able to detect and showcase for us to take action on. It’s easy and in one place. My team and our developer peers were able to get client-side security up and running quickly, and we haven’t looked back since.”
– Director, Network & Security
However, it’s never fun to receive alerts in Slack and email at two in the morning indicating that a web page has been compromised and needs to be repaired immediately, which is why the team appreciated the protections offered by PageGuard.
The Feedback
Network & Security
Director
“Feroot launched their PageGuard product, which is able to deploy security permissions onto JavaScript pages and applications. Essentially PageGuard protects our web pages from client-side attacks. If there is a vulnerability or an attack on a page, threat actors don’t get any data. So we no longer have to immediately respond to client-side threats. We can wait until the next morning and can fix issues during regular business hours. The automated protection that PageGuard delivers has provided us with a great level of comfort and has also helped improve our work-life balance.”
Learn about how you can protect your client-side with Feroot Security Inspector & PageGuard
Request a demo today and we’ll show you how to implement client-side security practices.
More success stories made possible by Feroot client-side security