External monitoring, detection and alerting solution added to award-winning, protection-based capabilities already found within the Source Defense Platform. Company launches program to provide organizations with security and compliance visibility during website code-freeze period.

Connecticut, U.S. / Rosh-Ha’ayin, Israel, September 20, 2022 – Source Defense, the pioneer and market-leader in web application client-side protection and data privacy compliance, today announced the release of Source Defense 3.0. The release expands the Source Defense Platform to include an external monitoring, detection and alerting offering (Source Defense Detect), making the company the only in market to offer both detection and protection-based (Source Defense Protect) solutions for client-side attacks and data privacy violations. With the release, Source Defense further adds enhanced capabilities for Business, Security and Risk/Compliance stakeholders to manage their website supply chains. Additionally, it provides the broadest available capabilities for organizations around the globe to address the client-side security guidance found under the newest release of the Payment Card Industry Data Security Standard (PCI DSS 4.0).

The company addresses a major concern related to third-party supply chain risk which has led to materially adverse impact on thousands of companies over the past decade. One of the largest and least quantified business vulnerabilities lies in website use of client-side JavaScript. Client-side code, delivered in real-time by third-party (as well as fourth and n th party) supply chain partners, helps drive and enhance the website user experience, increase engagement, and drive analytic insights. Typical web properties rely on dozens of these supply chain partners, and this supply chain is composed entirely of unmanaged and unprotected shadow code.

In a “best-case” scenario, this shadow code introduces the potential for data privacy compliance violations due to unauthorized capture and sharing of data on the part of these partners. In the worst-case scenario, it effectively acts as the soft-belly for adversaries on any large web site. This fertile and extremely profitable threat and attack surface has resulted in hundreds of high-profile incidents and led to more than 400 client-side attacks (e.g., credential harvesting, formjacking and Magecart attacks) per month in the past two years, making breach headlines at major brands including Macy’s, Ticketmaster, British Airways, Segway and many others. 

Source Defense 3.0 introduces tiered packages to provide solutions tailored to meet any customer’s unique needs and budget. The Source Defense Platform now includes:
Source Defense Detect – a completely new solution which utilizes external scanning, AI driven algorithm
detection and advanced alerting to inform organizations of threat activity and data privacy compliance
violations that need to be flagged with no unnecessary noise and no need to touch site code to deploy.

Source Defense Protect – the same hands-off, AI-based protection-based offering which already protects more than $20bn in annual online revenues and thwarts nearly 10bn compliance policy violations per year, with virtually zero resources to monitor

A fully revamped management platform providing rich data for multiple stakeholders across Business,
Security and Compliance roles – including high-level, role-based intelligence and reporting, with the
capability to drill-down for deeper insights 

A PCI DSS compliance management dashboard supporting authorization of scripts and justification for
those running on payment pages

“Source Defense is already recognized by the world’s largest companies, and the cybersecurity industry, as an innovator and pioneer in addressing the risk of website data leakage and data theft,” said Dan Dinnar, Chief Executive Officer at Source Defense. “With the addition of these new capabilities, the Source Defense Platform becomes the most well rounded of any offerings in the space. We now offer a multitude of solutions for organizations of all sizes to get a handle on the security and compliance risks they face from their websites, and to do so in a way that is simple, easy to manage, and extremely cost effective.”

The company recognized this emerging issue, established a dominant market position, and continues to grow rapidly as the category leader. A fanatical focus on client satisfaction has led to multi-year engagements and customer retention with many of the world’s largest website owners. Earlier this year, Source Defense closed a significant B-round of financing to fuel its growth, and the company is enjoying a significant surge of interest related to its unique ability to address new guidance under PCI DSS 4.0. 

“Our flagship offering remains Source Defense Protect,” said Hadar Blutrich, Chief Technical Officer at Source Defense. “Our clients love the ease with which we deploy, the virtually non-existent management burden and the automatic thwarting of security and compliance risks. However, we recognized a need in the market for a detection-based solution that better suits the needs of organizations with tight budgets, or those with robust security operations infrastructure where detection and alerting is part of the normal course of operations. We’re proud to expand our offerings to include Source Defense Detect – which includes all the strengths that our clients currently enjoy. We are prouder still that we now have an evolutionary pathway for organizations to continually enhance their website security.”

As part of this release, the company is announcing a program to provide organizations entering website code-freeze periods with client-side security and compliance visibility. Under the program, Source Defense will provide external monitoring, detection and alerting with adjusted terms and conditions that introduce no barrier to adoption. The solution can be turned on virtually instantly and provide significant risk reduction for these organizations as they enter a period of increased adversarial activity.

“Too many organizations are blind to the threat of data leakage and data theft introduced by their 3 rd party website supply chain,” said Jason Moore, Vice President of World-Wide Sales at Source Defense. “We’re committed to giving them the visibility they need to mitigate this material risk. Many organizations, especially those engaged in e-commerce, are about to enter a website code-freeze period. This period typically lasts for the entire shopping season stretching from October to January – the same period that attracts attacks. We’re combining the announcement of our 3.0 product launch with a program designed to give an immediate view into website security and data privacy compliance risks, and we are at the ready to help.”

About Source Defense
Source Defense is a security and data privacy compliance platform for any website that collects sensitive data or is transaction oriented. It addresses a ubiquitous gap in the management of third-party digital supply chain risk with a model that extends security beyond the network to the client-side. As the market leader in web application client-side protection, Source Defense provides real-time threat detection, protection and prevention of vulnerabilities originating in JavaScript.

The patented Source Defense Platform offers the most comprehensive and complete solution to address threats and risks originating from the increased use of JavaScript, third-party vendors, and open-source code in websites today. The Source Defense solution is deployed by leading Fortune 500 enterprises in the Financial Services, Retail, eCommerce, and Healthcare markets. Headquartered in Israel with branches across the US and a strong community of global valuable partnerships, Source Defense is the most innovative, reliable, and trusted partner in the fight against client-side attacks.

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.