Tala Security CEO Aanand Krishnan

Protecting web users from direct attacks like crypto-jacking — an interview with Tala Security CEO and co-founder, Aanand Krishnan

Ron Gula
Ron Gula
May 30, 2018 · 3 min read

If you were at RSA’s Innovation Sandbox this year, you may have seen Aanand and his team from Tala Security. They were demonstrating how their technology protects attacks against web browsers from being leveraged to steal data from secure web sites. Gula Tech Adventures invested in Tala Security last year as part of our focused on web security. As is tradition with many of our portfolio companies, I was able to catch up with Aanand and ask him interview questions.

What class of web attacks does Tala Security help prevent?

Tala protects against attacks that can happen either via a compromise on a website, any of the third parties that are integrated into the site, or even a compromised user. We target cross-site scripting, clickjacking, various types of code injection and man-in-the-browser attacks. We also have unique solutions for third-party compromises, and new and emerging threats like crypto-jacking.

A base component of your offering is creation of the Content Security
Policy for your web server. How does Tala Security automate the
creation of these for a complex web site that has lots of third party
javascript is constantly changing?

Our analysis is very quick and we integrate with CI/CD pipelines to enable regeneration of a policy whenever the app changes. With respect to third party sources of javascript, this is a significant attack surface already and increasingly so. Tala tracks all third parties that you have integrated into you websites, determines reputations for these third parties, models their behaviors and uses this to detect and protect against a compromised third party that is serving your users malicious code, say crypto-mining code.

I run Tala Security on www.gula.tech and detected a visitor to the web
site that had a variety of issues in their browser as you can see in
the below screen shots. If I was running an ecommerce site or was
offering secured private content, how could these security issues be
leveraged?

Example real-world detection of visitors to www.gula.tech that had client-side web security issues

With Tala, your app sec team, your web security team or fraud teams can actually monitor attacks against all their web users, PC and mobile, in real-time. So if you’re an eCommerce company, this means that you can identify if your user experience is being attacked with malicious ads, competitors ads, link redirects etc. If you’re a bank, you can identify financial trojan attacks, or crypto-jacking attempts against your users and use that to adjust your risk metrics, enforce additional authentication measures etc.

What are the requirements of running Tala Security? Do I need to
operate my own web server?

Tala integrates seamlessly with your web server, load balancer or reverse proxy. We support all major technologies.

Where can users go to learn more?

There’s more information on our website at www.talasecurity.io. You can also request a demo via our site to see how Tala can help protect your websites and web apps.

Gula Tech Adventures

Official blog for Gula Tech Adventures. Topics include cyber security issues, features about our portfolio companies, cyber public policy and cyber economic development.

Ron Gula

Written by

Ron Gula

launched Gula Tech Adventures in 2017 to fund next generation cyber security startups.

Gula Tech Adventures

Official blog for Gula Tech Adventures. Topics include cyber security issues, features about our portfolio companies, cyber public policy and cyber economic development.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade