Building and managing a successful website often involves adding various 3rd party tools that improve user experience, reduce costs, and more. While their benefits are clear, these tools pose a significant security vulnerability to your website, because they scientifically increase the attack surface of your website. These type of Magecart attacks on websites are on the rise, simply because they are a relatively easy entry point for hackers. Rising consumer awareness and increasingly stricter regulation leads to enormous costs and damages, so much so that companies can no longer afford to leave their websites unprotected from these Magecart attacks.
Even with in-depth knowledge of available solutions, it can be difficult and overwhelming to find the one that suits your needs and provides adequate protection. To make your life easier, here are six questions to ask potential website security solution providers before choosing who to work with.
Here are the six questions you have to ask when evaluating website security providers
Question 1: what is your MO?
There are many relevant solution providers out there, each with a different approach to dealing with 3rd party, script-related vulnerabilities. Asking potential website security vendors about which method they employ should be your starting point. Let’s briefly discuss these approaches.
- Monitoring and Detection – This approach lets you monitor and detect suspicious activity. Malicious scripts can be removed as soon as an alert is triggered, but it might be too late for some of your users who may have already been exposed. Monitoring and detection can help reduce the number of compromised users, but it does not eliminate the problem. You are still obligated to notify your users, trigger incident response teams and cyber analysis. The damage to your brand and the operational costs is huge.
Question 2: Smart detection or real prevention?
Question 3: How will it impact user experience?
Companies invest immense resources in creating the best possible user experience – and optimizing it regularly. User experience is critical to your reputation and revenues, and you shouldn’t have to compromise it for the sake of better protection from potential data breaches. Make sure that the solution you select works seamlessly in the background, without affecting user experience.
Question 4: What is the operational overhead?
Aim for a solution that works as seamlessly and automatically as possible, one that requires little to no management in order to work effectively. Shoot for the stars and look for a solution that smartly employs artificial intelligence and machine learning. Automatic adjustment and permissions and policies access means minimum involvement and configuration on your end.
Question 5: How will it affect the bottom line?
Whatever the solution, it will come at the expense of time and budget. But if it works, it will prevent breaches and the significant costs associated with them, keeping the net bottom line in the green zone. Some solutions, however, may break your 3rd party operations and hurt your bottom line, sometimes in ways that are extremely hard to detect. In CSP for example, it is commonly suggested to block the creation of foreign iFrames, because they enable scripts to escape the CSP “cage.” It is also the only way for a script to save 3rd party cookies – a must for any remarketing/DMP/RTB system.
The effect, in this case, might not be visible right away, and it could take weeks for your marketing teams to figure out why traffic is in decline before you realize that your trackers (which are probably most of your scripts) are no longer working properly.
Question 6: How will the selected solution handle new and evolving threats?
Threats are constantly evolving, and an effective solution must evolve at the same pace and do so automatically.
How does Source Defense stack up?