This article takes an honest look at the features of Report DataDome.
Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences.
If you want to verify their claims yourself, please navigate to their product pages.
What is DataDome?
DataDome is a cybersecurity company specialized in real-time detection and mitigation of online fraud and bot-driven threats. They analyze each incoming request to differentiate between legitimate users and malicious bots, effectively preventing activities such as data scraping, account takeovers, payment fraud, and denial-of-service attacks.
DataDome offers all kinds of different tools: Bot Protect blocks malicious bots in real time, Account Protect stops fraud like account takeovers, DDoS Protect mitigates L7 DDoS attacks, Ad Protect prevents ad fraud and analytics skew, and Page Protect monitors client-side scripts for PCI compliance.
In this blogpost we will focus on Page Protect.
How DataDome's Page Protect works
Page Protect
Page Protect is where the client-side comes in. You install a JavaScript tag on your web pages. This script monitors third-party scripts running in your users’ browsers. It tracks what scripts are loaded, what they access (e.g., form fields, cookies), and if they’re behaving suspiciously (e.g., skimming credit card info). DataDome analyzes it for threats. You can review activity and configure alerts or enforcement actions in the dashboard.
This approach is known as a Honeypot trap. These traps are less effective because attackers can load the scripts, figure out the traps, and bypass them relatively easily. This is also often referred to as an 'agent based' approach.
Various articles online, even on white-hat sites, explain how to circumvent Page Protect and other DataDome products.
How c/side goes further
c/side primarily offers a hybrid proxy approach which sits in between the user session and the 3rd party service. It analyzes the served dependencies code in real-time before serving it to the user.
This allows us to not only spot advanced highly targeted attacks and alert on them, c/side also makes it possible to block attacks before they touch the user's browser. It also checks the box for multiple compliance frameworks, including PCI DSS 4.0.1. We even provide deep forensics, including if an attacker bypasses our detections. Allowing you to more tightly scope the size of the incident us to make our detection capabilities better every day. No other vendor has this capability.
We believe this is the most secure way to monitor and protect your dependencies across your entire website. We've spent years in the client-side security space before we started c/side, we've seen it all, this is the only way you can actually spot an attack.
Sign up or book a demo to get started.