cside vs. MetricStream

The detection system operates on an open-source large language model that functions exclusively within a self-managed setting.

The c/side AI system identified that the altered script displayed characteristics typical of a keylogger and subsequently marked it as harmful. Users have the option to examine the script and, if needed, prevent access by blocking the associated hash values.

c/side is an innovative client-side security platform crafted to shield digital enterprises from the escalating risks posed by browser-related attacks. In contrast to conventional security measures that depend primarily on threat intelligence feeds, c/side utilizes a fully autonomous detection mechanism that leverages historical data and artificial intelligence to scrutinize the behavior and content of third-party scripts. This forward-thinking strategy enables c/side to recognize and neutralize potential threats before they can impact your users, providing strong defense against zero-day exploits and supply chain vulnerabilities. With its distinctive proxy solution, c/side delivers unmatched protection for client-side applications, establishing itself as a crucial asset for any organization intent on fortifying their online presence.

Achieving complete session coverage, our system employs DOM-level comparison and detects threats based on specific conditions such as geographic location, time, or user grouping. The client-side component intercepts every request made to third-party sources, retrieves the corresponding JavaScript, and analyzes it in real-time. This proactive approach ensures that any harmful code is prevented from executing within the browser environment.

An independent evaluation from VikingCloud verifies that when set up correctly, both the hybrid proxy and crawler modes effectively meet the specified criteria by persistently hashing, analyzing, and, when needed, blocking scripts in real time. The c/side platform features a specialized PCI DSS dashboard that provides detailed insights related to requirements 6.4.3 and 11.6.1.

The proxy and crawler systems solely retain the requester's IP address for the purpose of incident analysis; this information is not sold or utilized for marketing purposes. All data collected by the proxy and crawler is securely stored within c/side-managed clusters located on AWS.

Combat Magecart, formjacking, token theft, cryptojacking, and various other threats! Utilizing a proxy-based framework, a proxy is strategically positioned between the third-party scripts and the user's browser, enabling it to monitor the code that is retrieved by the user's browser. The client-side proxy ensures constant, comprehensive visibility and oversight of all third-party scripts running in the user's browser, maintaining this level of surveillance 100% of the time without any sampling.

You offer capabilities for immediate payload analysis, automatic prevention measures, comprehensive historical data storage, and ready-to-use reports for auditors that align seamlessly with the testing standards outlined in PCI DSS 4.0.1.

VikingCloud reported that the c/side platform successfully detected and halted the third-party script in real time to safeguard against data breaches.