Case Study

Priceline Streamlines Website Script Management

Download Case Study

Company

Priceline is a leading ​​online travel planning and booking platform for flights, hotels, cars, cruises and experiences. The company is headquartered in Norwalk, Connecticut.

“HUMAN is a fantastic solution for managing business critical scripts, and addressing the new PCI DSS 4 requirements (6.4.3 & 11.6.1) with ease. It not only adds another layer of defense to our overall security posture, but helps my team prioritize and reduces the need for time-intensive manual investigations and record-keeping activities.”

– Senior Security Developer, Information Security Team, Priceline

Challenge

Priceline’s website is the core of its business model and experiences very high levels of traffic. They already had significant defenses in place to safeguard traveler data but wanted a solution to help streamline the ongoing process of monitoring and controlling scripts.

Additionally, PCI DSS 4 introduced new requirements which were an area of focus for Priceline to inventory, authorize, justify, and monitor scripts and HTTP headers to comply with requirements 6.4.3 and 11.6.1.

Solution

Priceline wanted a solution that would maintain their high quality traveler experience, automate script monitoring, and provide additional context during investigations for their busy site reliability engineering team (SRE) without introducing barriers to transactions. As part of an overall cybersecurity program, they deployed HUMAN Client-side Defense for its sitewide capability to auto-discover scripts, detect changes in script behaviors, and alert the SRE team when required.

Learn More
  • Granular Visibility
    HUMAN provides Priceline with comprehensive, real-time visibility into the client-side supply chain. The solution delivers detailed insight into first-, third- and Nth-party scripts and HTTP headers, allowing their security and compliance teams to quickly take action where needed.
  • PCI DSS 4 Compliance
    Priceline has recently started to use PCI DSS 4 dashboards within Client-side Defense, making it simple to maintain an inventory, authorize, justify and alert to changes to scripts and HTTP headers in compliance with requirements 6.4.3 and 11.6.1.
  • Fast Response, 24/7 Support
    HUMAN client-side experts were always on hand to quickly answer questions and deliver support as and when required.

RESULTS

  • Client-side Defense helps Priceline to take a proactive and preventative approach to monitoring and managing scripts in compliance with PCI DSS 4.0, without interrupting the business value scripts provide. By partnering with the Priceline security team, HUMAN was able to enhance Client-side Defense to benefit all customers.
  • The solution provides additional context for the team, helping focus their investigations. The automated email notifications allow them to quickly react to automatic detections and immediately start liaising with the product team to take any necessary actions such as managing the script or making code changes.
  • Client-side Defense also adds an additional layer of control to Priceline’s own sophisticated defenses, allowing them to automatically take actions such as approving scripts from trusted vendors or disabling changed behaviors of a script until the SRE team can review it

Connect with Us

to learn more about how HUMAN helps comply with PCI DSS 4

Related Resources

Webinars

Fireside Chat with Coalfire: An In-Depth Review of HUMAN Security for PCI DSS Compliance

WATCH NOW

Webinars

Minimize the impact of PCI DSS 4 on your organization

WATCH NOW

HUMAN BLOG

How website architecture affects scoping of PCI DSS 4 requirements 6.4.3 and 11.6.1

READ NOW