Data Theorem launched Active Protection suite including observability and runtime defense, delivering comprehensive security across modern application stacks including API, cloud, mobile, modern web, and serverless (Lambda) functions.
Organizations today need tools that are purpose built for securing modern application stacks to prevent data breaches. Past-generations of runtime AppSec tools (WAFs, RASPs, EDRs) are unable to address critical areas of modern application stacks such as cloud-native applications. As an example, serverless applications with APIs, such as AWS Lambda, cannot be secured using traditional web application firewalls (WAFs), runtime application self-protection (RASPs), or endpoint detection and response (EDR) agents.
This is because there are no accessible operating systems for agent installation nor traditional network perimeters with ingress/egress points. Data Theorem now uniquely delivers runtime defenses and observability across its entire product suite, addressing security gaps in modern application exposures commonly found with cloud-native stacks.
According to Gartner, “Optimal security of cloud-native applications requires an integrated approach that starts in development and extends to runtime protection. SRM (security and risk management) leaders should evaluate emerging cloud-native application protection platforms that provide a complete life cycle approach for security.”
Data Theorem is the first to deliver comprehensive full stack security for today’s modern applications that starts at the client layer (mobile and web), protects the network layer (REST and GraphQL APIs), and extends down through the underlying infrastructure (cloud services).
Active Protection is a runtime defense and observability offering. It works across Data Theorem’s product portfolio to help customers enable application-layer security defenses across their application stacks. The runtime defenses include attack prevention, OWASP Top 10 rules, known malicious sources, policy violations of encryption levels, authentication types, authorization rules, and a variety of custom rule checks including preventing Broken Object Level Authorization (BOLA) attacks.
Further, organizations also need increased observability (logging, tracing, trending) before enforcing security policies because of the dynamic nature of their modern application stacks. Customers can enable Data Theorem’s Active Protection through the use of their SDKs (software development kits), application extensions (Lambda layers), and AppSec proxy (L7 sidecar proxying).
“Data Theorem’s Active Protection is the first in the industry to provide comprehensive security across today’s modern application stacks,” said Doug Dooley, Data Theorem COO. “Application environments are more dynamic when leveraging cloud services requiring increased telemetry. Organizations need to discover their growing attack surfaces as their cloud adoption grows. We are not aware of any other vendor delivering active protection runtime defenses and observability across cloud-native, mobile, modern web, and serverless applications.”
Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources.
Its solutions are powered by its Analyzer Engine, which leverages a new type of dynamic and run-time analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation.
Pricing and availability
Data Theorem’s new Active Protection suite is available now for free for existing customers and included in the price for Data Theorem’s suite of API Secure, Cloud Secure, Mobile Secure and Web Secure solutions.