This week, Data Theorem launched the industry's first Active Protection suite including observability and runtime defense, delivering comprehensive security across modern application stacks including API, cloud, mobile, modern web, and serverless (Lambda) functions.  To learn more, VMblog spoke with Doug Dooley, COO at Data Theorem.

Doug Dooley:  These past six month have been mostly focused on expanding our product suite and growing our sales resources by 3X to meet the increased demand we are seeing for our AppSec solutions right now. Also, worth mentioning is our new listing as a Gartner Magic Quadrant visionary leader in 2021. This has really put Data Theorem on the radar for many customer opportunities globally. As a result, we have been adding more international partners to tackle some of those new opportunities outside of our traditional US and European markets.

We have also earned our share of industry honors and awards since we last spoke, including SC Media's 2021 Trust Award and a handful of Global InfoSec Awards at this year's RSA Conference. Our customers have even been recognized for their use of Data Theorem's innovative technology, including Fannie Mae for their award-winning work on Cloud Security and API Security programs.

VMblog:  Tell me about this new solution you are launching around Active Protection.

Dooley:  I am happy to. On Nov. 10, Data Theorem launched the industry's first Active Protection suite, which is differentiated because it includes observability and runtime defenses. Now for the first time organizations can benefit from comprehensive security across their entire modern application stack - including API, cloud, mobile, modern web, and serverless (Lambda) functions. With this launch, Data Theorem now uniquely delivers runtime defenses and observability across its entire product suite, addressing security gaps commonly found with cloud-native stacks.

VMblog:  What specifically do you mean by runtime defense security?  I thought Data Theorem's products already had this.

Dooley:  Active Protection works across Data Theorem's product portfolio to help customers enable application-layer security defenses across their application stacks with runtime defense security. The new runtime defenses include attack prevention, OWASP Top 10 rules, known malicious sources, policy violations of encryption levels, authentication types, authorization rules, and a variety of custom rule checks including preventing BOLA attacks.

Prior to Active Protection, customers were applying a combination of manual remediation and auto-remediation technologies to fix security problems across their application stack. With Active Protection, customers can also apply "set and forget" rules to prevent classes of policy violations and exposures in the application run-time. Remediation and auto-remediation does not go away, instead Active Protection becomes a complementary addition to what customers were doing before.

VMblog:  What are the new observability features and benefits delivered?  How is this different from monitoring capabilities other products have had for years?

Dooley:  Organizations also need increased observability (logging, debug tracing, metrics trending) before enforcing security policies because of the dynamic nature of their modern application stacks. These dynamic environments such as public cloud services require more observability and telemetry than what's been available to discover their changing attack surfaces.

Data Theorem's observability (logging, tracing, trending) helps organizations ask questions based on hypotheses and gain understanding of their API networks actively. It is particularly useful for developers of systems with variable and unknown permutations. On the other hand, today's monitoring solutions are built to maintain static environments with little variation, and are used by developers of systems with known permutations. Dashboarding is still helpful but observability allows customers to better understand their dynamic environments, particularly using cloud services.

VMblog:  You mentioned this is an industry first.  Aren't there already solutions out there doing this?

Dooley:  Organizations today need tools that are purpose built for securing modern application stacks to prevent data breaches, that haven't been available before this launch. Typical runtime AppSec tools (WAFs, RASPs, EDRs) are flat out unable to address critical areas of modern application stacks such as cloud-native applications. For example, serverless applications with APIs, such as AWS Lambda, cannot be secured using traditional web application firewalls (WAFs), runtime application self-protection (RASPs), or endpoint detection and response (EDR) agents. This is because there are no accessible operating systems for agent installation or traditional network perimeters with ingress/egress points. We are not aware of any other vendor delivering active protection runtime defenses and observability across cloud-native, mobile, modern web, and serverless applications.

VMblog: How does this add to and enhance your existing AppSec portfolio?  Do all your products now have these advancements?

Dooley:  Data Theorem now uniquely delivers runtime defenses and observability across its entire product suite, addressing security gaps in modern application exposures commonly found with cloud-native stacks. The new offerings include API Protect, Mobile Protect, Cloud Protect, and Web Protect, which yes covers our entire product line.

The solution is available for free for existing customers, and included in the price for new customers for Data Theorem's suite of API Secure, Cloud Secure, Mobile Secure and Web Secure solutions. Those interested can find more information, at https://www.datatheorem.com/free-trial/.

VMblog:  What are some of the key benefits organizations can realize with your new Active Protection?

Dooley:  Customer benefits from our new solution include full-stack active observability, active run-time security enforcement of policies, and cloud-native application control. The combined solutions provide breadth in application insights and deployment models across architectures and infrastructures. In the case of API Protect, Mobile Protect, and Web Protect, the solution requires no changes to the underlying operating systems, networking and infrastructure layers of the stack. In the case of Cloud Protect, the solution requires no changes to the applications themselves.

With Active Protection, customers can rest assured that when they apply their security policy enforcement rules, that these rules are enforced 100 percent of the time, whether that's in the middle of the night or during peak production hours. This was designed to deliver fully automated security and observability with production applications.

VMblog: Can you describe a typical customer use case for this new solution?

Dooley:  Typical customers will focus on API and Mobile protection first since these two areas have some of the most pressing attack surfaces that lack comprehensive observability and policy enforcement. Customers which have come to us to use our free tool, API Attack Surface Calculator, will likely want to check out Active Protection as well.

Customers building modern web or mobile applications using third party SDKs and open source libraries with cloud-enabled services are some of the common early adopters of Active Protection. Also, customers who have "lift and shift" projects where they are taking their on-premise workloads to places such as AWS, Azure, and GCP are also strong adopters of Active Protection from Data Theorem.

VMblog: And I can't let you go without asking, what can we expect to see from Data Theorem in 2022?

Dooley:  We are working closely with more of our partner ecosystem and have some innovative joint developments that we will unveil in 2022. We're on a bit of hiring spree as well because we need more teams in more geographic regions to help customers and partners learn about what Data Theorem has to offer.

VMblog: It has been great speaking with you.  Anything you want to add or leave our readers with before we wrap up?

Dooley:  Customers are loving our free API Attack Surface Calculator to help them get a better handle on their growing API Attack Surfaces. Anyone building cloud-native applications and doing "lift-and-shift" to the cloud will want to check it out.

##