Protecting web users from direct attacks like crypto-jacking — an interview with Tala Security CEO and co-founder, Aanand Krishnan
If you were at RSA’s Innovation Sandbox this year, you may have seen Aanand and his team from Tala Security. They were demonstrating how their technology protects attacks against web browsers from being leveraged to steal data from secure web sites. Gula Tech Adventures invested in Tala Security last year as part of our focused on web security. As is tradition with many of our portfolio companies, I was able to catch up with Aanand and ask him interview questions.
What class of web attacks does Tala Security help prevent?
Tala protects against attacks that can happen either via a compromise on a website, any of the third parties that are integrated into the site, or even a compromised user. We target cross-site scripting, clickjacking, various types of code injection and man-in-the-browser attacks. We also have unique solutions for third-party compromises, and new and emerging threats like crypto-jacking.
A base component of your offering is creation of the Content Security
Policy for your web server. How does Tala Security automate the
creation of these for a complex web site that has lots of third party
javascript is constantly changing?
Our analysis is very quick and we integrate with CI/CD pipelines to enable regeneration of a policy whenever the app changes. With respect to third party sources of javascript, this is a significant attack surface already and increasingly so. Tala tracks all third parties that you have integrated into you websites, determines reputations for these third parties, models their behaviors and uses this to detect and protect against a compromised third party that is serving your users malicious code, say crypto-mining code.
I run Tala Security on www.gula.tech and detected a visitor to the web
site that had a variety of issues in their browser as you can see in
the below screen shots. If I was running an ecommerce site or was
offering secured private content, how could these security issues be
leveraged?
With Tala, your app sec team, your web security team or fraud teams can actually monitor attacks against all their web users, PC and mobile, in real-time. So if you’re an eCommerce company, this means that you can identify if your user experience is being attacked with malicious ads, competitors ads, link redirects etc. If you’re a bank, you can identify financial trojan attacks, or crypto-jacking attempts against your users and use that to adjust your risk metrics, enforce additional authentication measures etc.
What are the requirements of running Tala Security? Do I need to
operate my own web server?
Tala integrates seamlessly with your web server, load balancer or reverse proxy. We support all major technologies.
Where can users go to learn more?
There’s more information on our website at www.talasecurity.io. You can also request a demo via our site to see how Tala can help protect your websites and web apps.
