HQ
325 Front St W
Toronto, ON M5V 2Y1, Canada
© 2023 Feroot Security
The company’s security team has faced some of the biggest challenges cybersecurity professionals might face in their careers, including successfully defending their digital media properties from many server-side cyberthreats. The business has also been targeted by Magecart, JavaScript injection, and other client-side cyberattacks focused on collecting subscriber data and billing information.
“A while back, a third party had been responsible for our digital magazine property. Alas, the third party hadn’t set up the proper client-side security controls, and we inadvertently became victims of a Magecart attack. We needed to take control of our clientside security and bring it in-house. We needed to understand everything about our client-side digital properties to keep our business and our customers safe from harm.”
Director, Network & Security
The company’s security team was driven to significantly reduce their client-side cyber risk and the potential impact of their client-side attack surface. This meant ramping up their front-end security capabilities in order to secure all of their digital media properties and the customers who interact with them continuously and reliably.
Digital Communications
& Media
Revenue
Employees
Client-Side
Security Teams
2020
The company operates a variety of digital media properties. It convenes and curates influential leaders and entrepreneurs who drive change, transform business and make a significant impact on the world.
The team set out to build a client-side security program to gain control over their websites and fully hold the keys to their digital kingdom. They wanted to make sure that all of their digital properties were owned and controlled by the business without fail. After replacing their third-party provider, they looked for a new partner that would allow them to retain full oversight and control of their websites and web applications. The team needed to:
The team found Feroot Security and requested a demo to evaluate the Inspector product offering and how it might be able to support a client-side security program.
“During the Feroot Inspector demo we saw a lot of information that we didn’t know about, and didn’t have the technology to uncover. Feroot showed us all the first- and third-party scripts that were running on our web pages, code that was obfuscated, vulnerabilities in our code, ongoing data fingerprinting, and more. It blew us away.”
After comparing Inspector to another product in the market, the team acquired Inspector so that they could continuously scan all of their webpages, receive alerts, and fix client-side security issues in real-time.
Later on, the team also deployed PageGuard to fully protect their JavaScript pages and applications from attacks, and make applicable repairs when they are ready instead of in the moment.
The team deployed Feroot Security Inspector and started to automatically and continuously scan each web page and web application. Once the initial internal processes were built to quickly detect client-side security issues, the team integrated Inspector into Slack and Jira. The team began receiving clientside security alerts with rich context in Slack so that they could be aware of any monitoring and repair issues. In parallel, Inspector automatically creates tickets in the business’s Jira system so that the application development team can immediately fix vulnerabilities or other client-side issues.
“Our developers and our devops team are awesome. They had never seen anything like Feroot before and quickly learned its value and started using it. As an organization, we were all shocked by how much Feroot is able to detect and showcase for us to take action on. It’s easy and in one place. My team and our developer peers were able to get client-side security up and running quickly, and we haven’t looked back since.”
– Director, Network & Security
However, it’s never fun to receive alerts in Slack and email at two in the morning indicating that a web page has been compromised and needs to be repaired immediately, which is why the team appreciated the protections offered by PageGuard.
“Feroot launched their PageGuard product, which is able to deploy security permissions onto JavaScript pages and applications. Essentially PageGuard protects our web pages from client-side attacks. If there is a vulnerability or an attack on a page, threat actors don’t get any data. So we no longer have to immediately respond to client-side threats. We can wait until the next morning and can fix issues during regular business hours. The automated protection that PageGuard delivers has provided us with a great level of comfort and has also helped improve our work-life balance.”
Request a demo today and we’ll show you how to implement client-side security practices.