How ThreatX Works

Built From the Ground Up for the Needs of Modern API Security

The traditional approach to WAFs has proven it can’t keep up with the needs of modern security. Threats are only growing in diverse and complex attack methods. On top of that, organizations have hybrid environments that makes managing apps and APIs no small task.

Learn more in a personalized demo

ThreatX has built a new approach that transforms application security by making it:


Easy, agentless deployment covers all apps and APIs including local, hybrid, and cloud apps without the need for an agent


Address all types of threats with a single solution including traditional exploits, bots, DDoS attacks and more.


Analyze and correlate every event in context and from multiple perspectives to give the most accurate results.


Drive high-confidence responses in real-time to protect assets while reducing the workload for analysts.

Platform Architecture

ThreatX brings together a variety of cohesive intelligence to fingerprint attacking entities and track all entity behavior to bring context to an attack or suspicious looking traffic. Multiple detection strategies are automatically correlated in order to address all types of threats and build a complete view of risk, up to the second. ThreatX can use this view of risk to take proactive action based on the risk and type of threat including blocking, active deception, tarpitting, and more.

Attacker-Centric Analysis

Watching the attacker vs. the attack.

ThreatX brings together active interrogation and passive analysis to identify and track attacker entities over time even as their IP and traits change.

  • Progressive Interrogation – Active interrogation and deception to distinguish human from automated entities.
  • Advanced Fingerprinting – TLS fingerprinting and attacker analytics to track and correlate attacking entity actions even as IP addresses and user agents change.
  • Automated Correlation – All actions are correlated over time to deliver a combined, up-to-the-second view of risk for each entity.

Multi-Context Detection

Seeing an attack from a myriad of perspectives

ThreatX integrates multiple context sensors each with unique perspectives and strengths.

  • App and API Profiling – Automatically profile all application traits and behaviors to establish baselines. Automatically discover all API endpoints.
  • IP Interrogation – actively engage suspicious entities using transparent cookie injection, TLS fingerprinting, deceptive fields, and more.
  • Exploit Detection – Parses and analysis all aspects of traffic to identify exploits such as SQL injection, XSS, malware injection, and more.
  • Flow Validation – Analyze the flow of all application and API behavior to detect attempts to avoid authentication controls or gain improper access.
  • Layer DDoS – Detect abuses of exposed Layer 7 functionality to identity DDoS as well as other application level and business logic abuses.

Adaptive Enforcement and Action

Dynamically engaging to understand intent

ThreatX can then take a variety of actions based on the combined observed risk and all entity actions.

Block – Automatically block and unblock entities based on their risk. Dynamically blacklist or whitelist IPs based on policy.

Monitor – Prioritize and track suspicious entities with actively engaging in order to gather additional intelligence on entity techniques and intent.

Interrogation – Apply additional interrogation and deception techniques to mitigate the attacking entity and collect more information.

Tarpitting – Tarpit suspicious or DDoS traffic to prevent attackers from overwhelming application resources.

What Our Customers Are Saying

“We had a site that was being targeted by a bot, attempting to log in with rotating usernames and passwords. However, this threat actor was crafting a properly formed interaction with the API. So, there was nothing malicious. It was using proper user agents and properly formed headers — nothing about it was out of the ordinary. ThreatX’s ability to recognize anomalies that indicate suspicious behavior is game-changing.”

Director of Security Architecture and Engineering | Global Marketing Company

” Within 72 hours, we implemented ThreatX and successfully moved into blocking mode with no production impact. We never have to turn it off. Never in the history of any of our security tools have we ever been able to enable blocking and just leave it without having to go back and turn it off or tune it constantly.”

Director of Security Architecture and Engineering | Large Retail Media Company

“It’s been easy to work with the SOC team…I feel, the team feels, like they’re an extension of our information security team. Before, I would get all these text messages, at two in the morning or three in the morning. And it was never fun. I felt like I worked 24 by 7, nonstop, not just being on call. I just felt like we were working seven days a week. So, this past Thanksgiving was actually the first holiday that I felt I could actually enjoy with my family.”

Information Security Analyst | Large Retail Organization

” Our team dedicated 3 engineers to focus on updating and reviewing rules that drove our legacy WAF’s detection and response actions. Moving to a solution that takes a behavior-based approach and automates blocking has given my team back those 3 resources and helped us defend our attack surface against more sophisticated attacks. “

Security Operations Manager | Global Wine and Spirits Provider