How ThreatX Works

Built From the Ground Up for the Needs of Modern API Security

The traditional approach to WAFs has proven it can’t keep up with the needs of modern security. Threats are only growing in diverse and complex attack methods. On top of that, organizations have hybrid environments that makes managing apps and APIs no small task.

Learn more in a personalized demo

ThreatX has built a new approach that transforms application security by making it:


Easy, agentless deployment covers all apps and APIs including local, hybrid, and cloud apps without the need for an agent


Address all types of threats with a single solution including traditional exploits, bots, DDoS attacks and more.


Analyze and correlate every event in context and from multiple perspectives to give the most accurate results.


Drive high-confidence responses in real-time to protect assets while reducing the workload for analysts.

Platform Architecture

ThreatX brings together a variety of cohesive intelligence to fingerprint attacking entities and track all entity behavior to bring context to an attack or suspicious looking traffic. Multiple detection strategies are automatically correlated in order to address all types of threats and build a complete view of risk, up to the second. ThreatX can use this view of risk to take proactive action based on the risk and type of threat including blocking, active deception, tarpitting, and more.

Attacker-Centric Analysis

Watching the attacker vs. the attack.

ThreatX brings together active interrogation and passive analysis to identify and track attacker entities over time even as their IP and traits change.

  • Progressive Interrogation – Active interrogation and deception to distinguish human from automated entities.
  • Advanced Fingerprinting – TLS fingerprinting and attacker analytics to track and correlate attacking entity actions even as IP addresses and user agents change.
  • Automated Correlation – All actions are correlated over time to deliver a combined, up-to-the-second view of risk for each entity.

Multi-Context Detection

Seeing an attack from a myriad of perspectives

ThreatX integrates multiple context sensors each with unique perspectives and strengths.

  • App and API Profiling – Automatically profile all application traits and behaviors to establish baselines. Automatically discover all API endpoints.
  • IP Interrogation – actively engage suspicious entities using transparent cookie injection, TLS fingerprinting, deceptive fields, and more.
  • Exploit Detection – Parses and analysis all aspects of traffic to identify exploits such as SQL injection, XSS, malware injection, and more.
  • Flow Validation – Analyze the flow of all application and API behavior to detect attempts to avoid authentication controls or gain improper access.
  • Layer DDoS – Detect abuses of exposed Layer 7 functionality to identity DDoS as well as other application level and business logic abuses.

Adaptive Enforcement and Action

Dynamically engaging to understand intent

ThreatX can then take a variety of actions based on the combined observed risk and all entity actions.

Block – Automatically block and unblock entities based on their risk. Dynamically blacklist or whitelist IPs based on policy.

Monitor – Prioritize and track suspicious entities with actively engaging in order to gather additional intelligence on entity techniques and intent.

Interrogation – Apply additional interrogation and deception techniques to mitigate the attacking entity and collect more information.

Tarpitting – Tarpit suspicious or DDoS traffic to prevent attackers from overwhelming application resources.