This article takes an honest look at the features of HUMAN Security.
Since you’re on the c/side website, we acknowledge our bias. That said, we’ve built our case honestly and based our analysis on publicly available information, industry information, and our own or our customers' experiences.
If you want to verify their claims yourself, please navigate to their product pages.
What is HUMAN Security Client-side Defense?
HUMAN Security started in the bots detection space, and are well known for creating very sophisticated and lauded tools to tackle those issues. They’ve since expanded and offer products in client-side and other spaces.
HUMAN Security announced a merger with PerimeterX in July of 2022. They were then backed by a $100 million debt facility from Blackstone Credit, a Private Equity firm.
Client-side Defense is part of Application Protection, a suite of solutions purpose-built to secure web and mobile applications from a range of cyberthreats. Pricing is not publicly available, and you need to be an existing Human Security customer in order to use Client-side Defense
How HUMAN Security Client-side Defense works
HUMAN’s Client-Side Defense works by embedding a JavaScript sensor directly into the website. This sensor runs in real user browsers and collects telemetry about all scripts executing on the page. It observes what scripts are loaded, what DOM elements they interact with, whether they access localStorage or cookies, and what outbound network connections they attempt to make.
While the script itself doesn’t need to change frequently, your site updates makes managing this sensor and ensuring it stays current across environments a tad cumbersome.
Because it relies on JavaScript embedded in the page, it can only act after the browser has begun rendering content. There is a window of exposure before malicious scripts are caught or blocked.
This approach can prevent known patterns of attacks, but new attacks will be hardly impossible to prevent unless previously set up.
c/side however, uses a proxy approach which sits in between every actual user session. It checks the actual payload of every page view, and analyzes the served dependencies code in real-time before serving it to the user.
This allows us to not only spot 0-day attacks and alert, c/side also makes it possible to block attacks before they touch the user’s browser. It also checks the box for multiple compliance frameworks, including PCI DSS 4.0.1
We believe this is the most secure way to monitor and protect your dependencies across your entire website.
Sign up or book a demo to get started.