Below is our recent interview with Chris Kolling, Vice President of Marketing at Feroot Security:
Q: Could you provide our readers with a brief introduction to your company?
A: Rooted in the belief that any customer should be able to confidently conduct business with an organization online, Feroot Security provides a comprehensive platform of client-side security solutions aimed at protecting against attacks that seek to steal data from website pages and web applications. Many of the world’s most well-known brands trust Feroot to protect their client-side assets and deliver a flawless user experience. After all, stolen information such as user IDs, passwords, addresses and credit card details aren’t helpful for anyone but cybercriminals. For years, the server-side of business received the bulk of attention from the cybersecurity industry. Feroot has set out to change that. We stand committed to educating both businesses and their customers that today’s ever-increasing front-end attacks are not only easily remediated, but largely preventable in the first – saving time, money and reputations.
Q: Any highlights on your recent announcement?
A: Earlier this month, Feroot was pleased to announce the launch of DomainGuard, the newest addition to its award-winning platform. DomainGuard provides an unmatched ability to generate, manage and monitor Content Security Policy (CSP) violations and correct issues that may otherwise lead to dangerous vulnerabilities and client-side attacks. Eliminating the cumbersome manual task of reviewing hundreds or even thousands of scripts on numerous web pages, DomainGuard allows an organization to consistently and easily identify potential holes in their front end. It accompanies Feroot’s other solution to provide a comprehensive approach to web asset visibility, monitoring and issue remediation.
Q: Can you give us more insights into your offering?
A: Companies that depend on their customers to input sensitive data into their websites and web applications are particularly vulnerable to client-side (also called front-end) attacks. The bad guys know that’s where the money is to be made – by grabbing data that shouldn’t be accessible and selling it on the dark web and elsewhere. Feroot designed its client-side attack surface management platform not to only address this all-too-often neglected portion of the business infrastructure, but to do so in such a way that doesn’t add more work for IT and development personnel. Instead, it’s designed to fix problems in minutes instead of weeks or months – all through automated systems that intelligently and efficiently bolster an organization’s front-end security posture.
Q: What can we expect from your company in the next 6 months? What are your plans?
A: Client-side security is a significant concern for businesses and one that needs more attention. At Feroot Security, we continue to advocate and educate on client-side risks so that businesses understand why they need to be mindful of threats and attacks – as well as their impacts. There are too many businesses that still use front-end tools and technologies that don’t actually protect against the risks associated with the software supply chain, cloud platforms, and an evolving front-end threat landscape. Our new DomainGuard product, which we just launched, helps fill this client-side security gap by offering automated content security policy management. We are always innovating and expanding our client-side solutions to increase the value that our customers, such as Gusto, receive from them.
Additionally, the Payment Card Industry Data Security Standard (PCI DSS) 4.0 just got released, and it contains new and highly specific compliance requirements related to client-side security. Feroot is one of the only companies that offers comprehensive client-side security that supports all the new PCI DSS 4.0 client-side requirements. Over the next six months and beyond, we’ll continue to support businesses with their payment card data security. We hope to serve as a welcomed expert at a time when many businesses may be unsure how to proceed with addressing PCI DSS 4.0.
Q: What is the best thing about your company that people might not know about?
A: Feroot is one of the only companies offering comprehensive client-side security. We have the ability to identify all client-side, first- and third-party scripts, digital assets, and the data they can access. Because Feroot automates the process of script identification and collection, we can significantly reduce the time it takes for security teams to conduct script and asset audits. But we just don’t identify scripts, as Feroot solutions also block all unauthorized and unwanted behavior in real time across an organization’s web assets, effectively preventing data exfiltration. Our newest automated content security policy management (CSP) solution – DomainGuard – uses automation to generate appropriate content security policies based on crawled data and anticipated effectiveness. Business can then deploy tailored content security policies at the domain level for easy monitoring, management, version control, and continuous enhancement.
Feroot is also one of the only companies that understands and can support the full breadth and depth of the PCI DSS 4.0 client-side security requirements. Our ability to identify and inventory scripts and then also protect and mitigate any vulnerabilities associated with those scripts can significantly help organizations with their PCI 4.0 compliance.