Satori Threat Intelligence Alert: Phish 'n' Ships scheme steals tens of millions from unsuspecting shoppers
Learn more
Case Study

Sally Beauty Protects Against Magecart and Digital Skimming Attacks

HUMAN_Case-Study_Compliance-Supply-Chain_Sally-Beauty

Company

Sally Beauty is the U.S. and Canadian brand of Sally Beauty Holdings, Inc., a global distributor and specialty retailer of professional beauty products. Both retail consumers and salon professionals alike frequent its 5000+ stores worldwide and e-commerce site, sallybeauty.com.  

Sr. Manager, Security Architecture and Engineering

Sally Beauty
“We wanted to find the anomalies and changes in our client-side scripts. The Client-side Defense behavioral analysis solution greatly simplifies this process. Combined with the threat intelligence on the backend, it helps us identify the known risks to our website, and enables us to work with our partners in e-commerce to mitigate those risks.”
Human-Case Study-Exclamation Mark Icons@2x

Challenge

Sally Beauty conducts a significant portion of its business online and processes tens of thousands of credit cards each day. The company wanted to avoid digital skimming and Magecart attacks, and they understood that weaknesses in first- and third-party scripts put them at risk. 

To detect vulnerabilities, Sally Beauty had to manually monitor and track the behavior of all website code. This time-consuming task required a dedicated person on their infosec team, which was not scalable. Furthermore, although the team could perform static audits and monitor the server side, they did not have the same visibility into the client-side scripts.

Sally Beauty needed an automated solution to ensure safe online payment transactions and achieve data privacy compliance.
Human-Case Study-Shield checkmark icon@2x

Solution

Sally Beauty implemented Client-side Defense to eliminate the manual process of auditing all first- and third-party scripts on its website. There were several factors that led to their decision:
  • Automated client-side security: Sally Beauty already had a WAF solution to protect the server side, but they had not deployed client-side controls such as content security policy (CSP) due to the complexity of managing it. Client-side Defense automates zero-trust policies to surgically block risky script actions without disrupting scripts’ business value.
  • Easy implementation and integration: Sally Beauty enabled Client-side Defense without any configuration changes to its websites or infrastructure. In addition, Client-side Defense integrated easily with Salesforce Commerce Cloud (SFCC) in the form of an SFCC cartridge.
  • Robust insights: Sally Beauty was able to gain visibility into its client-side scripts via the easy-to-use customer portal. This informed real-time mitigation efforts and future strategy.

RESULTS

Using Client-side Defense, Sally Beauty saved considerable time and resources spent on monitoring JavaScript vulnerabilities and discovering the points of exposure. What used to take more than a half a day now took a matter of minutes. This allowed the company to optimize their operational resources.

They gained new runtime visibility into the client side. Sally Beauty also gained considerable value from the threat intelligence in the customer portal. The security team was quickly able to discover behavioral anomalies and changes to the website scripts, and then work with their e-commerce teams to analyze anomalous activities and mitigate risks.

With Client-side Defense, Sally Beauty protects against digital skimming and Magecart threats, without hampering innovation. This instills customer confidence, protects brand reputation and helps ensure compliance with data privacy regulations.

Connect with Us
to Learn More How HUMAN Can Mitigate Magecart and Digital Skimming Attacks for You

Related Resources

Locations
  • New York City
  • Miami
  • Dallas
  • Washington DC
  • Tel Aviv
  • London
  • Victoria
© 2024 Human