Your website puts user data at risk
Regulations like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), compel organizations to control and protect customer data. Compliance violations due to data leakage and breaches have resulted in large fines, brand damage and class-action lawsuits.
Websites are a key source of data leakage and have resulted in the largest data privacy fines to date. The problem continues as JavaScript vulnerabilities on thousands of sites are successfully targeted every month by attackers to steal PII, financial information and more.
Without controls, every piece of code running on your website can enable attackers to steal information. Today’s website supply chain lacks widespread security oversight. When compromised, it can – and has – resulted in significant damage to global brands and website owners across all industries.
Cost of GDPR violations
Is your website compliant?
Prevent Data Leakage
Tala’s comprehensive data discovery and risk tracking platform extends data security to the edge, with no impact on website performance or user experience – and no-code integration required.
Tala’s sophisticated analytics and continuous monitoring tool provides fine-grained data discovery, data mapping, data governance and violation alerting for enterprise websites and helps address these critical issues:
Sensitive Data Exposure:
Which vendors have access to what sensitive data?
Sensitive Data Readers:
Which vendors read sensitive data?
Sensitive Data Exfiltration:
Which vendors extract sensitive data?
Data Leakage & Privacy
While the sensitive data collected by your website might be intended for a single, specified destination, code vulnerabilities, misconfigurations and malicious exfiltration expose it to untrusted third-party integrations via inadvertent or malicious access to cookies, storage, and/or code manipulation without your knowledge.
Gain visibility into sensitive data leakages for incident response, SOC, data protection and risk & compliance teams:
Visibility
Visibility into malicious and inadvertent leakage of critically sensitive data categories relevant to GDPR, CCPA, etc such as email, username-password, SSN, phone number, etc. Tala also provides the option to define custom sensitive data categories and run scans based on them.
Threat Detection
Detection of Javascript vulnerabilities, including coding risks, unauthorized script changes and domain reputation analysis, leveraging internal and external threat feeds
Actionable Alerts
Tala’s actionable alerts and detailed reports can be easily integrated into existing SIEMs via APIs to ensure ongoing violation monitoring.
Comprehensive Data Discovery & Mapping
Tala’s advanced scanning and data tracking identifies sensitive data in forms, network requests, cookies and local/session storage. Synthetic javascript virtualization techniques also trace data, identifying integrations that can access, read and exfiltrate data, both intentionally and unintentionally. This delivers valuable data to drive compliance assessments and eliminate data leakage as well as insights for application security, development, data protection, SOC, IR and risk teams.
Identify Sensitive Data
Data tracking identifies sensitive data and protected Data in network requests, forms, cookies and local/session storage – including complex workflows
Three Dimension Data Tracking
Data is tracked across three dimensions: exposure, capture and exfiltration/leakage
Data Mapping
Vendor mapping and periodic audits, including:
- Mapping to third parties
- Mapping to fourth, fifth and other ‘piggybacking’ vendors
- Changes to data exposure/leakage patterns over time
Compliance & Risk Management
Tala’s data protection controls protect sensitive data from unauthorized access by both malicious and trusted third parties, ensuring compliance with data regulations.
Insights
into the initiation chain or website calls that ultimately caused the leakage of sensitive data (providing Information Management Professionals with information for investigating leakages)
Analytics
on risk patterns and Magecart IOC markers, alerting users to possible violations and vulnerabilities
Comprehensive reports
on sensitive data discovery, collection (including the basis for collection) and mapping, useful for CCPA/GDPR compliance.
All client-side security solutions are not created equal.
When evaluating standards-based security vs. a JavaScript-based security solution against client-side attacks, there are three major factors to consider: security, performance and scale.
 |
|
| Features | |
| Broadest use-case coverage |  |
| Automated policy deployment | |
| Near-zero performance impact | |
| Zero-day threat resiliency | |
| Standards ensure a future-proof solution | |
| Rich analytics and integrated advanced threat intelligence | |
| Multiple integration options, including web servers, CDNs and application middleware | |
| No browser compatibility issues | |
| No single point of failure | |
| Improves third party security scoring (Mozilla Observatory, Report URI) | |
Resources
- How I Hacked Your Website and You Didn’t Even Knowon May 5, 2021
Join us at RSA
- Tala welcomes Jim Routh to its Board of Advisorson April 28, 2021
Tala is incredibly excited to announce a new addition to our team. Jim Routh has joined the company as an Advisor to Tala.
- EU mobile operators inadvertently expose sensitive customer dataon March 30, 2021
How can Tala work for you?
