Application Security

Q&A: PerimeterX Spring Release, Platform and Integrations

EPISODE 4: PerimeterX Platform and integrations

The PerimeterX Spring Release has just rolled out, with enhancements and new features throughout the PerimeterX product portfolio. PerimeterX co-founder and CTO Ido Safruti and Cybersecurity Evangelist Deepak Patel sat down with us to discuss the latest updates and integrations. Listen to the corresponding podcast here.

Give us your vision of the Perimeter X Platform and how this release helps to realize that vision.

Ido: When we talk about our platform and its vision, there are several dimensions to it. One is that it’s a single cloud-native platform in which we offer multiple security services or digital services that complement each other. They are available to our customers where they can manage and integrate them in one place. The other aspect of the platform is more of how we fit within the ecosystem of our customers, and how we’re enhancing existing infrastructure that they are using—how we fit in with them and help them get the benefits of Perimeter X, regardless of the technology they use or where they are deployed. With the announcement of the Spring Release, we achieved critical improvements to the infrastructure of our platform. There are enhancements to all three products—PerimeterX Bot Defender, Code Defender and Page Defender, that are available for our customers.

We also announced partnerships, integrations and collaborations with meaningful cloud vendors, commerce platforms, and other security and digital platforms that are helping us make other platforms stronger. This makes it easier for our customers to consume and integrate our solutions in more ways than before.

You mentioned that the Platform has its fair share of integrations with leading infrastructure that help maximize those application security capabilities. Can you go into detail about each of these?

Ido: We integrate in multiple tiers and multiple layers to make it easy for anyone who wants to enable PerimeterX services on whichever platform they use. Our ultimate goal is to liberate developers and DevOps teams to use whichever technology they want. So if they have a specific application, want to go serverless, or want to use a specific commerce platform like Salesforce Commerce Cloud, they can use that without concern, and without limitation of compliance or of the integration. We can integrate with any such platform at the CDN and load balancer, commerce platform, security or identity management. We offer many integrations including Okta, Google Cloud Platform, and Amazon AWS.

The latest updates to the Platform also have implications for DevOps teams. How will they benefit?

Ido: DevOps get more flexibility both on choosing their automation and integrating our solution however they provision. So when you automate your services, if you're provisioning new services, being on AWS or new NGINX servers, our modules or integrations are basically part of that. That gives you the flexibility to auto-scale, where you don't need to manage PerimeterX separately. We are a part of it. And it gives better control to embed this kind of security or integration into whatever workflow the engineers have. This way, DevOps can embed that into their tools. This is included by default.

Tell us more about the new Points of Presence (PoP). How will customers benefit from the new PoPs? What does this mean for applications with global users?

Ido: Obviously, performance is an important factor in any web application. And historically, we often see that security and performance are contradicting each other. Organizations have added tiers of security that create limitations and prevent either developers from leveraging new technologies that will increase performance, or force another hop. The way we architected our solution was to integrate with existing infrastructure so that there would be minimum latency. Because of that, we also want to make sure that whenever there is a call, wherever there is an API or integration and the analysis engine, we want it to run as close as possible to our customers’ data centers and their users.

We're constantly looking at what regions are potentially growing or where we may need to add additional capacity in order to offer these kinds of performance. This way, we can ensure that our security solution adds minimum latency and offers high availability and higher reliability for our customers. We’ve made additions in the Europe and APAC regions, and in the coming months you can expect to see additional PoPs coming to further support global enhancement. Our customers want to leverage global data centers of their own, or they just want to reach out to additional territories around the world—without any impact on performance.

So there have been some updates to the PerimeterX Sensor. What differences will users of the PerimeterX Platform notice now that these have been implemented?

Ido: For the customers, all the advancements off the Sensor are seamless. The integrations and ongoing improvements that we're doing for the product are automatically enhanced and rolled out without any changes required from our customers. This is critical so that we can continue to evolve, add challenges and collect information to fight malicious actors. All the while, we are still making sure that the Sensor and integrations are adding minimal to no latency, working with no perceivable impact on the end user's experience—not impacting rendering time or any other aspects of the page or the site experience.

Great. I'm going to turn it over to Deepak here. The PerimeterX Portal has seen some improvements as well. What might these include?

Deepak: After we launched two new products last year, the goal was to simplify it for our customers so that they can log into one portal and get a consolidated view of all the products. That's not the only improvement that we made—we have now created dashboards that provide information by use case. For example, you have a dashboard specifically tracking account takeover or carding attacks. This makes it fairly straightforward for the security ops teams and the DevOps teams that are integrating directly with the product and interacting with our teams to help with the automation part. Again, this is all part of the platform, making sure that as we add more products and solutions, that it's not increasing the burden for the customer on the other side.

We've covered CAPTCHA and its modern shortcomings on the PerimeterX Podcast before. It seems that PerimeterX Bot Defender is introducing a highly sought-after feature with Human Challenge. Deepak, could you elaborate?

Deepak: I can't stress this enough; it's pretty groundbreaking. For me, when I look at the inception of bot detection, it starts with CAPTCHA. Unfortunately, CAPTCHA is pretty high on the scale when it comes to user interruption. In actuality, everybody can relate to having a bad CAPTCHA experience almost on a daily basis. Human Challenge, as it indicates, is exactly that—a user-friendly verification. In fact, I would argue that it actually enhances the user experience. This feature is important, and it’s available to all of our Bot Defender customers today. It's integrated into the product itself. One of the things that I would like to emphasize is that while a human is attempting to solve the challenge, we are also collecting information regarding that. It's groundbreaking because in addition to user verification, we are detecting behavioral information about the human or bot on the other side.

So Magecart attacks continue to negatively impact digital brand experiences and reputation when user data is exfiltrated and businesses incur fines. PerimeterX Code Defender is introducing enhanced Magecart blocking. This is pretty exciting. Why don't you tell us about that?

Deepak: What I want to open up with is detecting client side-threats like Magecart. It's a multi-part request, a multi-part solution. You first need to provide visibility, followed by detection and then mitigation. The market is kind of unique, but a lot of pro players today talk about starting with blocking, and do Content Security Policy (CSP) only. We have taken a more comprehensive approach. We started off as one of the first products to be announced to take on client-side threats. We first started with a JavaScript based sensor, that is essentially deployed as a first-party script, to get visibility and detection. We're now rounding it out with CSP-based blocking capability. This way, you get the best of both worlds: the detection can be done without being on the client side and the blocking that can. That is effective using the CSP capabilities that already exist in the browser. So this is exciting for us. Now we can provide the full comprehensive visibility, detection and blocking to the market.

We’re seeing enhanced detection and tracking from PerimeterX Page Defender as well. What can you tell us about these features?

Deepak: It's very interesting. When we look at Page Defender as a product, it's primarily targeted towards an analytics buyer, a marketing buyer or a chief digital officer, where we're talking about blocking out some of these distractions like ad injections and coupon extensions. For people that are not familiar with coupon extensions, it's big business. Honey is one of the bigger providers. It was purchased by PayPal for $4 billion. The one thing that we are seeing is that there are many extensions out there. And as soon as we deploy our detection and blocking capabilities, we see these extension developers are fighting it up. It's kind of a validation that, from a market perspective, these extensions are making money off of websites. Using the same mechanisms that we have for Code Defender and Bot Defender, we're able to detect these kinds of changes.

We have implemented similar feedback loops, and we are now able to mitigate it much faster than before. So it goes to show how you can take a security product and actually do something towards protecting and increasing revenue. And it is a constant fight that a business owner should not be involved in on a day to day basis. We generally don't talk about how many machine learning algorithms we're using, because for us, we fundamentally believe that it is a prerequisite for any product out in the market today. We're excited to talk about and make enhancements for our products today.

Information Security and Compliance professionals constantly need to ensure that their businesses are abiding by the latest standards such as GDPR and CCPA. PerimeterX solutions have always addressed these head-on. What are the latest updates here?

Ido: Compliance has always been a major factor, particularly in the last couple of years with CCPA coming into play. Now, on July 1st, CCPA is going to be enforced with fines. GDPR has been out there for a while now as a standard, and besides emphasizing the importance of protecting personally identifiable information, payment information and user privacy, the authorities are now enforcing that more and more with fines. Obviously, the fines are the more tangible effects of these regulations, ranging in the millions of dollars. It’s something that no business would want. There’s also the impact on stocks in case of data loss, the impact on customers, the way customers perceive them and brand reputation. This area is definitely growing.

The level of attacks are definitely growing in the last three months as well, with a pandemic out there and digital transformation accelerating. More and more, things are done online and more information is out there. We expect to see more regulations enforced in the public sector and government as companies are digitizing and seeing more sensitive information digitally. Our products help prevent these kinds of data leaks as well as help detect and identify all kinds of malicious code that may infiltrate or skim data from a site to steal user information.

In the age of COVID-19, digital commerce has certainly seen big surges in activity—along with surges in various cyberattacks linked to fraud. What benefits against fraud are we seeing in the Platform, and will they help minimize the negative effects from this situation?

Ido: When customers are looking for a solution, especially now, one of the critical aspects of it is the ability of the partner they choose, or the vendor they choose, to grow with them—and how forthcoming and future-proof the solution is. When customers choose PerimeterX, this relates to the strength of our research team, our vision and the capabilities we provide.

In this case, we believe that the Perimeter X Platform can help customers grow even if they're just looking for a bot mitigation solution. Things have recently changed very quickly and in unpredictable ways, and you need to consider what other digital risks you may have. Is it from front-end code, or even other risks? You want to make sure that the partner you're choosing has a wide range of capabilities, and that the platform is scalable and will grow with you. You need a platform that does not limit the ability for you to react and respond and build things quickly. And this is definitely a strong component of what we just released with the Platform. We’re committed to continuous enhancements to these products.

For more information, visit the PerimeterX Platform and Integrations pages.

PerimeterX is Named as a Leader in Bot Manangement by Forrester

Download Report
© PerimeterX, Inc. All rights reserved.