ThreatX announced
ThreatX Runtime API & Application Protection (RAAP). This
patent-pending capability goes beyond basic observability to extend
threat detection, tracking and blocking to customers' runtime
environments, without slowing developers or requiring expertise in
cloud-native applications.
As organizations transition apps and workloads to the cloud, often
across multi-cloud environments, attackers seek new ways to access
sensitive data. While the Log4Shell
vulnerability served as a wake-up call to runtime threats, shoring up
these gaps is easier said than done. With ThreatX RAAP, organizations
can greatly extend protections beyond the edge and address a myriad of
risks to runtime environments, including insider threats, malware, web
shells, remote access software, code injections and modifications, and
malicious rootkits.
"The CISOs I meet with make it clear: they need fewer standalone tools
and a better ability to protect their APIs and applications across both
legacy and cloud-native environments," said Gene Fay, chief executive
officer at ThreatX. "We are excited to make these new capabilities
possible and give our customers the means to confidently block attacks
in real time - from the edge to runtime."
The ThreatX RAAP solution is easily deployed as a sidecar container
within a Kubernetes environment. Leveraging extended Berkeley Packet
Filter (eBPF)
technology, ThreatX RAAP enables deep network flow and system call
inspection, process context tracing, and advanced data collection,
profiling & analytics. With eBPF, ThreatX RAAP inspects network
traffic anywhere on a host or node without requiring an in-line
deployment.
ThreatX RAAP may be deployed as a standalone solution to address runtime
environments or coupled with the ThreatX API & Application
Protection - Edge solution. When used in tandem, these capabilities
provide a 360-degree ability to detect, track and block threats to APIs
and applications.
Other benefits of the ThreatX RAAP solution include:
-
Block high risk transactions, such as data exfiltration attempts and excessive data exposure
-
Protect transactions within a corporate network (i.e., east-west traffic), including virtual networks and subnets
-
Prevent malware hidden within encrypted data via transparent TLS
inspection - without disrupting confidentiality or integration of
communications
-
Reduce massive alert fatigue associated with other security tools through ThreatX's risk-based blocking capability
"As we explored ways to extend our ability to block, it was important we
enable customers to cover runtime environments, and to do so in a way
that was painless for both security and developers," said Andrius
Useckas, co-founder and chief technology officer at ThreatX. "eBPF
allows us to offer all of this, and more. We believe this cloud-native
capability will greatly improve companies' API and application
protection today, and offer many other benefits down the road.