Attacker-Centric Analysis
Watching the attacker vs. the attack.
ThreatX brings together active interrogation and passive analysis to identify and track attacker entities over time even as their IP and traits change.
- Progressive Interrogation – Active interrogation and deception to distinguish human from automated entities.
- Advanced Fingerprinting – TLS fingerprinting and attacker analytics to track and correlate attacking entity actions even as IP addresses and user agents change.
- Automated Correlation – All actions are correlated over time to deliver a combined, up-to-the-second view of risk for each entity.
Multi-Context Detection
Seeing an attack from a myriad of perspectives
ThreatX integrates multiple context sensors each with unique perspectives and strengths.
- App and API Profiling – Automatically profile all application traits and behaviors to establish baselines. Automatically discover all API endpoints.
- IP Interrogation – actively engage suspicious entities using transparent cookie injection, TLS fingerprinting, deceptive fields, and more.
- Exploit Detection – Parses and analysis all aspects of traffic to identify exploits such as SQL injection, XSS, malware injection, and more.
- Flow Validation – Analyze the flow of all application and API behavior to detect attempts to avoid authentication controls or gain improper access.
- Layer DDoS – Detect abuses of exposed Layer 7 functionality to identity DDoS as well as other application level and business logic abuses.
Adaptive Enforcement and Action
Dynamically engaging to understand intent
ThreatX can then take a variety of actions based on the combined observed risk and all entity actions.
Block – Automatically block and unblock entities based on their risk. Dynamically blacklist or whitelist IPs based on policy.
Monitor – Prioritize and track suspicious entities with actively engaging in order to gather additional intelligence on entity techniques and intent.
Interrogation – Apply additional interrogation and deception techniques to mitigate the attacking entity and collect more information.
Tarpitting – Tarpit suspicious or DDoS traffic to prevent attackers from overwhelming application resources.