ThreatX has unveiled ThreatX Runtime API & Application Protection (RAAP). This patent-pending capability goes beyond basic observability to extend threat detection, tracking and blocking to customers’ runtime environments, without slowing developers or requiring expertise in cloud-native applications.
As organizations transition apps and workloads to the cloud, often across multi-cloud environments, attackers seek new ways to access sensitive data. While the Log4Shell vulnerability served as a wake-up call to runtime threats, shoring up these gaps is easier said than done.
With ThreatX RAAP, organizations can extend protections beyond the edge and address a myriad of risks to runtime environments, including insider threats, malware, web shells, remote access software, code injections and modifications, and malicious rootkits.
“The CISOs I meet with make it clear: they need fewer standalone tools and a better ability to protect their APIs and applications across both legacy and cloud-native environments,” said Gene Fay, CEO at ThreatX.
“We are excited to make these new capabilities possible and give our customers the means to confidently block attacks in real time – from the edge to runtime,” Fay added.
The ThreatX RAAP solution is easily deployed as a sidecar container within a Kubernetes environment. Leveraging extended Berkeley Packet Filter (eBPF) technology, ThreatX RAAP enables deep network flow and system call inspection, process context tracing, and advanced data collection, profiling & analytics.
With eBPF, ThreatX RAAP inspects network traffic anywhere on a host or node without requiring an in-line deployment.
ThreatX RAAP may be deployed as a standalone solution to address runtime environments or coupled with the ThreatX API & Application Protection – Edge solution. When used in tandem, these capabilities provide a 360-degree ability to detect, track and block threats to APIs and applications.
Other benefits of the ThreatX RAAP solution include:
- Block high risk transactions, such as data exfiltration attempts and excessive data exposure
- Protect transactions within a corporate network (i.e., east-west traffic), including virtual networks and subnets
- Prevent malware hidden within encrypted data via transparent TLS inspection – without disrupting confidentiality or integration of communications
- Reduce massive alert fatigue associated with other security tools through ThreatX’s risk-based blocking capability
“As we explored ways to extend our ability to block, it was important we enable customers to cover runtime environments, and to do so in a way that was painless for both security and developers,” said Andrius Useckas, CTO at ThreatX.
“eBPF allows us to offer all of this, and more. We believe this cloud-native capability will greatly improve companies’ API and application protection today, and offer many other benefits down the road,” Useckas concluded.