ThreatX enhances API and app protection for containerized environments

ThreatX has unveiled new capabilities for its Runtime API and Application Protection (RAAP) solution. ThreatX RAAP helps CISOs and security teams extend APIs and app protection to containerized environments. ThreatX delivers this capability through a unified solution that protects against runtime threats originating at the network edge and within cloud workloads.

As applications and workloads move to the cloud, both these apps and the APIs that drive them face a new set of threats. East-west cloud traffic, zero days that evade edge defenses (such as Log4J), insider threats, and runtime-specific attacks all increase risk to APIs and applications. The new ThreatX capabilities close these gaps by delivering comprehensive visibility into and protection of API and apps – from the edge to runtime.

The ThreatX RAAP solution is designed to protect against runtime threats within Kubernetes (K8) environments. Leveraging Extended Berkeley Packet Filter (eBPF) technology, ThreatX RAAP positions security teams to discover unknown APIs; detect and protect against zero days; and track suspicious east/west traffic, insider threats, and malicious OS-level commands. In addition, ThreatX RAAP provides the ability to alert Security Operations or block these attacks in real-time.

New capabilities of the ThreatX RAAP include:

• Edge-to-runtime event correlation: ThreatX now enables customers to correlate network edge transactions (i.e., requests and responses) with runtime events. This enables security analysts, SOC teams, and threat hunters to quickly identify the origin of the threat (e.g., north/south, east/west), understand potentially malicious commands, and determine appropriate next steps.
• Real-time blocking of network-based runtime attacks: ThreatX delivers the ability to block malicious traffic and high-risk runtime attacks in real-time. For security teams, this real-time blocking option provides a powerful capability to protect their digital assets.
• Unified edge/runtime risk visualization: ThreatX delivers a unified view of risk to APIs and apps – from the edge to runtime. Within the platform, executives can gain a high-level view of their security posture, while analysts and threat hunters can go deeper – tracking threat activity over time and pinpointing the precise moment an attack was executed, for example.

“Business’ digital transformation initiatives have fundamentally changed the way developers build, deploy, and maintain applications. DevOps moves quickly, and security teams struggle to maintain both visibility and protection across legacy and cloud-native environments,” said Bret Settle, CPO at ThreatX.

“We are excited to continue advancing the ThreatX platform, providing customers a unified solution to protect APIs and applications from the network edge to deep within Linux runtime environments,” Settle added.

The ThreatX RAAP solution is easily deployed as a sidecar container within a Kubernetes environment. ThreatX RAAP inspects network traffic anywhere within your cloud workloads without requiring an in-line deployment. ThreatX RAAP may be deployed as a standalone solution or coupled with the ThreatX API & Application Protection – Edge solution.