How ThreatX Lowers False Positives, Delivers Visibility, and Speeds Time to Value

LAST UPDATED Nov 04, 2021

We talk to a lot of security professionals about web application security, and three topics come up in most conversations – the pain of false positives, the need for visibility to help prioritize security findings, and the quest for fast time to value (in other words, how fast will we see results and start getting bang for our buck?) We hear you security teams! We’ve been in your shoes, and we built our platform with those pains in mind. And to prove it, we recently worked with a third party to validate those claims.  

We’re pleased to announce the publication of ESG Technical Validation: Comprehensive Security for Modern Web Applications and APIs With the ThreatX WAAP Platform. The ESG team took a deep dive into the ThreatX platform to evaluate and validate our claims about the benefits we deliver. Specifically, the report validated that we: 

Lower false positives 

Managing false positives is a big problem and time waster in the AppSec world. Already stretched-thin security teams have limited time and resources to address legitimate security findings — let alone chasing down illegitimate ones. Not to mention the reality that teams chasing down false positives are not focused on actual threats that put an organization at risk.  

After testing our solution, the ESG team found that ThreatX does in fact lower false positives, thanks to our behavior-based, rather than signature-based, detection. ESG notes that “With the ThreatX platform’s attacker-centric approach, organizations can achieve lower false positive rates by focusing on blocking and blacklisting individual entities based on how attack patterns evolved over time, using varying approaches at all stages of an attack.” 

By tracking an entity’s behavior over time and looking for suspicious patterns, ThreatX identifies bad actors more accurately than solutions that simply look for the signature of one attack type. In fact, during ESG’s testing, they observed how ThreatX’s solution blocked a suspicious entity but didn’t completely blacklist it until watching it for 30 minutes. When it didn’t display suspicious behavior after 30 minutes, it was unblocked. But after being blocked two more times, it was blacklisted. In this way, only truly malicious actors are blocked. 

“All components of the ThreatX platform share and act upon the same data, enabling organizations to gain a unified and comprehensive view of current attacker activity and the risks posed to the organizations’ applications in a short period of time.” 

ESG

Deliver fast time to value 

With ThreatX, security teams have one solution and one pane of glass to view their security status across all web application attack types — whether it’s bot-based, DDoS attacks, API attacks, or OWASP-based web attacks. ESG validated that this unified platform visibility leads to faster time to value since organizations don’t need to integrate multiple, disjointed, and vendor-specific tools to see all of their data. ESG notes that “All components of the ThreatX platform share and act upon the same data, enabling organizations to gain a unified and comprehensive view of current attacker activity and the risks posed to the organizations’ applications in a short period of time.”  

Provide actionable insights 

Finding security issues and acting upon them are not the same thing. Receiving a long list of security findings without context or guidance to act on them won’t make you more secure. In most cases, that will simply make you aware of a problem you don’t have the data or resources to fix. ESG found that ThreatX’s solution provides actionable insights that help security teams see, prioritize, and fix security issues. Those insights include high-risk assets, sophisticated attackers, what’s being targeted, and what techniques are being used. With ThreatX’s Top Threats view, teams know which domains and paths to examine first to mitigate attacks and related entities. ESG noted that “throughout our testing, we observed how the platform identifies those entities and threats that should be addressed first to minimize security breaches.”  

Learn more 

If you’re looking for details on how our solution works, the benefits you can expect, and why they matter to your business, download this report.  

Tags

About the Author

Bret Settle

Bret has served in multiple executive roles for Corporate Express/Staples and BMC Software and has extensive knowledge of the software development and security products industries. Bret has been responsible for enterprise security in multiple roles and has been an innovator throughout his career and has a proven track record of building and developing high performing organizations and dynamic cyber security teams.