This article takes an honest look at the features of Human Security Client-side Defense.
Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences.
If you want to verify their claims yourself, please navigate to their product page.
Human Security started in the bots detection space, and are well known for creating very sophisticated and lauded tools to tackle those issues. They’ve since expanded and offer products in client-side and other spaces.
You should know that Human Security announced a merger with PerimeterX in July of 2022. They were then backed by a $100 million debt facility from Blackstone Credit, a Private Equity firm.
| c/side | Human Security Client-side Defense | |
|---|---|---|
| Doesn't solely rely on CSP policies | ✔️ | ✔️ |
| Doesn't cause console errors | ✔️ | ✔️ |
| Client side JS script detection | ✔️ | ✔️ |
| Uses threat feed intel | ✔️ | ✔️ |
| Monitors Who-is records | ✔️ | |
| Monitors SSL | ✔️ | |
| Able to detect inline scripts | ✔️ | ✔️ |
| Uses AI and ML to analyse scripts | ✔️ | ✔️ |
| Creates allow lists for scripts | ✔️ | ✔️ |
| Block scripts before entering the user's browser | ✔️ | |
| Proxies scripts | ✔️ | |
| Stores script content for future review | ✔️ | ✔️ |
| Tracks historical changes in scripts | ✔️ | ✔️ |
| Performance enhances scripts | ✔️ | |
| Paid tier starts at | $99 per month | Unknown |
What Human Security Client-side Defense does well
Due to their size, they have a lot of data to rely on. Not all competitors publicly say that they store this data and link their detection engine to improve hit rates. This undoubtedly an advantage they deploy.
While seemingly not being visible in their dashboard, Client-side Defense does use machine learning models to further train their detection engine.
Their solution does give you PCI DSS 6.4.3 and 11.6.1 compliance.
Out of all our competitors, Human Security’s Client-side Defense is likely the most robust solution next to us.
What Human Security Client-side Defense could do better
Client-side Defense is part of Application Protection, a suite of solutions purpose-built to secure web and mobile applications from a range of cyberthreats. Pricing is not publicly available, and you seem to be an existing Human Security customer in order to use Client-side Defense.
The biggest concern is that they have to deliver a new JavaScript for every new script they find, which will be in the <HEAD> tag of the page. Requiring a new JavaScript file for every update means there's a constant need to update and manage this file. This creates performance bottlenecks and potentially overhead for deployment.
If the system mostly generates alerts and doesn't automatically block malicious activity, it undermines its purpose as a security measure. The user themselves can of course block script manually.
Our conclusion
Human Security’s Client-side Defense offers more than most competitors, though it’s not as robust as the proxy approach we use. With a proxy, we can spot and analyze the script in real-time, and block the malicious ones before it reaches the browser of the user. Ensuring the best possible way to spot and block client-side attacks.
It should be noted that Human Security’s Client-side Defense does cover everything that’s needed for PCI DSS 6.4.3 and 11.6.1 requirements. It’s up to you to decide if the level of protection lives up to your expectations.
We’ve laid out our thoughts on Human Security’s Client-side Defense and how we compare. We’d love to chat if you have any questions or concerns.