Automate standards-based controls

Only Tala automates advanced security controls that ensure continuous client-side security measures are in place.

Standards

Content Security Policy (CSP)

Implementing CSP manually can be administratively complex and time consuming for security teams. In addition, since websites operate dynamically and are upgraded regularly, this requires continuous adjustment to CSP. Errors in CSP could end up breaking the website and poorly written policies do not offer much security benefit. Although CSP provides valuable insight into website attacks and behaviors, its alert volume can quickly overwhelm security teams.

Tala completely automates the process of policy generation, updating and implementation, alert analytics and incident management. With Tala, a website can be up and running with a CSP in minutes. Website attacks are prevented in real-time, website performance is preserved and the need for costly and continuous administration, remediation or incident response is minimized.

Learn More

Subresource Integrity (SRI)

Tala provides real-time visibility into the scripts running on the web application and continuously monitors the scripts for changes. Implementing SRI manually can be administratively complex and time consuming for security teams. In addition, since websites operate dynamically and are upgraded regularly, this requires continuous adjustment to SRI hashes. Errors in implementing SRI could end up breaking the website.

Tala completely automates the process of hash generation, implementation, alerting and incident management. Website attacks are prevented in real-time, website performance is preserved and the need for costly and continuous administration, remediation or incident response is minimized.

Learn More

HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a web server directive that allows websites to declare that they should only be accessed via a secure connection. When a website has an HSTS policy, any browser accessing it must refuse all HTTP connections and stop users from accepting insecure SSL certificates. To prevent redirects every time a user visits a site, the browser remembers the information for a period of time specified by the header.

Tala’s advanced analytics and automation engine continuously apply HSTS, CSP, SRI and other critical controls to websites, protecting against the broadest range of attacks without impacting on website performance or user experience. Tala’s technology automates advanced security controls to ensure continuous website security measures are in place, protecting sensitive data exchange and preventing website attacks.

Learn More

Permissions Policy

Permissions Policy (formerly known as feature policy) allows web developers to selectively enable, disable, and modify the behavior of certain APIs and web features in the browser. It’s like CSP but instead of controlling security, it controls third-party access to features such as camera, microphone and geolocation – and enhances the user experience

Tala now supports the feature policy header and allows you to specify how stringent or lax the access should be for each site. It’s possible to specify a list of trusted origins or even block access altogether.

Learn More

Referrer Policy

The referrer request header identifies the address of the web page that links to the resource being requested, allowing servers to identify where the request to the current page originated from. This has many important uses including, but not limited to, analytics, logging and cache optimization.

Identifying the optimal referrer policy definition requires insights into third-party content loading, page-wide policy settings, and can require extensive server configurations. Tala’s WARP customizes policies based on security requirements. Referrer policy may be defined per URL or set of URLs and can be enforced within minutes.

Learn More

iFrame Sandbox

Applying iframe sandboxing with the right restrictions requires some expertise and continuous administration for effective iframe configuration. In addition, identifying pages eligible for top-level iframe sandboxing can be challenging and time-consuming.

Tala’s application analysis engine continuously scans all iframes present on a set of pages to discover the attributes that they might be using (e.g. pop-ups, scripts, etc). This allows for the configuration of appropriate sandbox environments for each of the iframes. Sandboxing can be implemented on a single URL, set of URLs, or all URLs the iframe is present on and can be disabled via the Tala console instantly if required.

Learn More

How vulnerable is your website?

Tala automates standards-based security to prevent client-side attacks

Tala helps you quickly deploy robust, capable web security standards like CSP, SRI, Referrer Policy, HSTS, Feature Policy, HTML5 Sandbox to ensure the end-to-end integrity of digital commerce.

Tala’s AI-driven analytics engine automates dynamic adjustments to native, standards-based web security policies. This ensures that all types of client-side attacks are prevented in real time, website performance is preserved and the need for costly and continuous administration or incident response is minimized.

Future-Proof Security

Standards-based security offers the flexibility to stand against attack methods old and new

Broadest Threat Coverage

Real-time protection against XSS, clickjacking, redirection, ad injection, code injection and many other attacks

Near-Zero Performance Impact

Security policies built into browsers have zero latency impact compared to other client-side security measures

Zero-Day Threat Resiliency

Automatically keeps up with changes to standards and dynamically adjusts security policies on each browser session

Resources

SOLUTION BRIEF
Types of Client-Side Attacks
WHITE PAPER
State of the Web Report
SOLUTION BRIEF
Fight Magecart

How can Tala work for you?

Take a look under the hood.

Bitnami