We’re delighted to see the emerging area of Web App Client-side Protection as a category in Gartner Hype Cycle for Application Security 2022. We’re even happier to see Reflectiz recognized as a Sample Vendor in this category! For those who want more details on how Gartner defines this category of application security, keep reading!
According to Gartner… What is Web App Client-Side Protection?
Gartner defines the category of web app client-side protection as technology that “defends against application-level attacks that initiate on the client side of a web application, rather than on the server side. A typical example of an attack would be a malicious script injection against client-side JavaScript, such as Magecart.
Client-side attacks have proliferated recently, exploiting the increasingly decentralized design of modern applications. In particular, single-page applications migrate the control and software logic on the client side, where it is exposed to attacks. For example, by injecting malicious scripts into JavaScript applications, attackers have lured thousands of visitors to banking and online commerce websites into handing over their credit card information.”
At Reflectiz, we’ve seen first hand how critical this cybersecurity category is, and witnessed the rise in client-side attacks such as those carried out by Magecart groups. This threat has risen exponentially due to the impact of the global pandemic which has accelerated digital transformation, and turned online businesses into greater targets.
The solution? According to Gartner, web-app client-side protection. “Client-side security innovations protect from attacks by monitoring the activity and detecting malicious actions and components.”
What Would Help Businesses Adopt Web-app Client-side Security Tools?
We believe that it is clear that this technology is becoming increasingly essential for today’s online businesses, and yet Gartner calls out certain obstacles to adoption. As one of the Sample Vendors named in the 2022 Hype Cycle, we would like to showcase Reflectiz’ thoughts and our approach to each of these obstacles in more detail.
Technological complexity
“The topic of client-side security is technologically complex. Many organizations will need time to reach the maturity and understanding required to conclude they must protect their client-side applications.”
At Reflectiz, our platform uses a single customer-facing dashboard to display the risk to today’s online businesses. Without a single line of code, we can detail all first, third and fourth-party client-side web components, and break down the risk into specific categories.
These categories allow security and IT teams to truly understand the risk, even without the technical knowledge to uncover the threat on their own. As you can see below, stakeholders can easily zero in on privacy issues for compliance, misconfigurations in their environment, changes to client-side apps, and domain issues, all cross-categorized by severity level for easy remediation and response.
Business interruption
“Client-side protection is new and maturing. The efficacy of the protection is still unproven, along with any possible business-disruption effects… Concerns about performance impacts, possible customer privacy issues and false positives that block business traffic often steer enterprises away from these protection products.”
This obstacle is exactly why at Reflectiz we built our solution to have zero IT impact or performance impact, and absolutely no access to sensitive data. The Reflectiz platform collects website data with a simulation technique, where all the different pages are browsed, simulating real users. All pages are monitored, not only checkout pages, so that you can scan and uncover threats even post-authentication. Full protection against client-side risks, no business disruption, and no customer privacy issues.
Also, unlike CSP or SRI solutions, Reflectiz uses a smart AI-driven process for deciding which behaviors to allow or block, rather than simply blocking everything in one move. Our approach also means that customers don’t need to worry about false positives blocking business traffic.
Lack of ownership
“Three different entities in enterprises are involved in the buying process, from development to security to the line of business. The lack of clear ownership for this technology slows down adoption.“
In our opinion, the benefits of client-side web app security have merit across the business, supporting DevOps in developing freely with the support of third-party applications, giving security greater visibility over a previous blind spot, and ensuring the C-suite doesn’t come up against financial, reputational or regulatory risk. That’s why our customers across all areas of the business <3 Reflectiz!
If you’re looking for the buy-in of the C-suite, take the advice of eCommerce executive, Lance Wright.
On the DevOps side, Andrea Coop, Director of Digital DevOps at Hanna Anderson explains how “the continual security monitoring and the prioritization make it very clear what you should be actioning and the urgency of those actions. This is a view that I have not seen in other solutions.”
Finally, in terms of the security stakeholder’s opinion, Shay Sasson, who works at Payoneer believes that Reflectiz allows the security team to gain “complete visibility of third-party risks. This helps us to reduce our attack surface and security risks.”
Looking to get ahead of the game?
Speak to us about enhancing your security posture with web-app client-side protection that beats the obstacles and provides a robust solution for this growing risk.
*Gartner, “Hype Cycle for Application Security, 2022”, Joerg Fritsch, July 2022.
GARTNER and HYPE CYCLE are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Subscribe to our newsletter
Stay updated with the latest news, articles, and insights from Reflectiz.
Related Articles
Your Website looks great!
But what’s happening behind the scenes?
Discover your website blind spots and vulnerabilities before it’s too late!