Data Theorem enhances Cloud Secure platform with ML-based hacker toolkits and visualizations

Data Theorem introduced an attack path analysis of APIs and software supply chain exploits to its cloud-native application protection platform (CNAPP) called Cloud Secure.

The new release includes machine learning (ML)-based hacker toolkits and improved visualizations that boost discovery of potential data breaches in first-party APIs and third-party software supply chain assets hosted in multi-cloud environments.

As a result of this launch, organizations can now leverage an advanced ML-based CNAPP solution to secure their cloud-native apps and discover weaknesses which could lead to data breaches. Previously, organizations had to rely on cloud security posture management (CSPM) and agent-based cloud workload protection platforms (CWPP) that lack the ability to accurately detect attack surfaces such as first- and third-party APIs that lead to the critical path hackers utilize to successfully exploit vulnerabilities and extract sensitive data.

Data Theorem’s new release of Cloud Secure now delivers Cloud Hacker Toolkits powered by a new set of visualization features and ML enhancements for exploit prioritization, helping organizations focus on the most critical vulnerabilities that hackers can take advantage of for a cyberattack to extract data from cloud-native apps.

In addition, Cloud Secure now offers ML-powered optimized Cloud Assets inventory with new visualizations for organizations to better understand the relationships between applications (mobile and web), APIs (first and third party), and the myriad of cloud resources. As a result, organizations can have an accurate inventory of their cloud-native and cloud-hosted applications, and visualize the growing attack surfaces including APIs they develop themselves and APIs that come from leveraging open-source software, third-party software development kits (SDKs), and public cloud services within their software supply chains.

“As we have seen, machine learning, and particularly generative language learning model (LLM), offers a new set of innovations and creativity for both security practitioners and attackers,” said Doug Dooley, Data Theorem COO.

“Data Theorem is pleased to offer the industry’s first CNAPP solution which leverages some of the more useful elements of machine learning combined with run-time analysis, observability, and active protection. Cloud Secure continues to lead the industry as the most application-centric CNAPP offering helping organizations uncover new attack vectors in cloud-native applications and APIs that ultimately prevent large-scale data breaches. ML-powered Hacker Tool Kits and Optimized Cloud Assets, in addition to Cloud Secure’s other advancements in this new release, uniquely protect organizations’ cloud applications in multi-cloud environments,” Dooley added.

Cloud Secure now also offers a new UI design that improves the end-to-end CNAPP workflow for organizations with new dashboard, inventory, security testing, and cloud-native protection sections. For example, the Cloud-Native Protection visualization graph with Cloud Abuse highlights priority events, actors, and attack path analysis that uniquely helps organizations diagnose near real-time data breaches and attempts at exfiltration attacks.

In addition, Cloud Secure’s Enhanced Compliance Summary section with status and on-demand reporting downloads automates the audit processes to help organizations prove compliance.

Cloud Secure, powered by Data Theorem’s Analyzer Engine, helps organizations secure their cloud-native applications and address regulatory compliance for cloud monitoring and reporting. It is the solution that delivers full-stack attack path analysis for cloud-native applications, starting at the client layer (mobile and web), protecting the network layer (APIs), and extending down through the underlying infrastructure (cloud services). Its combination of attack path analysis and run-time active protections enables both offensive and defensive security capabilities to prevent data breaches of cloud-native applications, embedded APIs, and serverless cloud functions.