How ThreatX Works

Built From the Ground Up for the Needs of Modern API Security

The traditional approach to WAFs has proven it can’t keep up with the needs of modern security. Threats are only growing in diverse and complex attack methods. On top of that, organizations have hybrid environments that makes managing apps and APIs no small task.

Learn more in a personalized demo

ThreatX has built a new approach that transforms application security by making it:


Easy, agentless deployment covers all apps and APIs including local, hybrid, and cloud apps without the need for an agent


Address all types of threats with a single solution including traditional exploits, bots, DDoS attacks and more.


Analyze and correlate every event in context and from multiple perspectives to give the most accurate results.


Drive high-confidence responses in real-time to protect assets while reducing the workload for analysts.

Platform Architecture

ThreatX brings together a variety of cohesive intelligence to fingerprint attacking entities and track all entity behavior to bring context to an attack or suspicious looking traffic. Multiple detection strategies are automatically correlated in order to address all types of threats and build a complete view of risk, up to the second. ThreatX can use this view of risk to take proactive action based on the risk and type of threat including blocking, active deception, tarpitting, and more.

Attacker-Centric Analysis

Watching the attacker vs. the attack.

ThreatX brings together active interrogation and passive analysis to identify and track attacker entities over time even as their IP and traits change.

  • Progressive Interrogation – Active interrogation and deception to distinguish human from automated entities.
  • Advanced Fingerprinting – TLS fingerprinting and attacker analytics to track and correlate attacking entity actions even as IP addresses and user agents change.
  • Automated Correlation – All actions are correlated over time to deliver a combined, up-to-the-second view of risk for each entity.

Multi-Context Detection

Seeing an attack from a myriad of perspectives

ThreatX integrates multiple context sensors each with unique perspectives and strengths.

  • App and API Profiling – Automatically profile all application traits and behaviors to establish baselines. Automatically discover all API endpoints.
  • IP Interrogation – actively engage suspicious entities using transparent cookie injection, TLS fingerprinting, deceptive fields, and more.
  • Exploit Detection – Parses and analysis all aspects of traffic to identify exploits such as SQL injection, XSS, malware injection, and more.
  • Flow Validation – Analyze the flow of all application and API behavior to detect attempts to avoid authentication controls or gain improper access.
  • Layer DDoS – Detect abuses of exposed Layer 7 functionality to identity DDoS as well as other application level and business logic abuses.

Adaptive Enforcement and Action

Dynamically engaging to understand intent

ThreatX can then take a variety of actions based on the combined observed risk and all entity actions.

Block – Automatically block and unblock entities based on their risk. Dynamically blacklist or whitelist IPs based on policy.

Monitor – Prioritize and track suspicious entities with actively engaging in order to gather additional intelligence on entity techniques and intent.

Interrogation – Apply additional interrogation and deception techniques to mitigate the attacking entity and collect more information.

Tarpitting – Tarpit suspicious or DDoS traffic to prevent attackers from overwhelming application resources.

What Our Customers Are Saying

“We look at our ThreatX dashboard and pinpoint whether attackers are just getting their feet wet, or really trying to exploit us. It’s a good visual because we can see clearly what to focus on. With other solutions, it was just an immediate block for anything that met a rule.”

Marco Escobar, Senior Director of Operations | Segpay

“Prior to ThreatX we would spend countless hours adjusting rules, and manually blocking countries and IP addresses when under attack. Now we let ThreatX take care of it and my team and I have our evenings and weekends back. The best part of working with ThreatX is the SOC that is keeping an eye on things and making recommendations and adjustments. The relationship and trust is important to our Credit Union and we have found an amazing partner in ThreatX.”

Steve Liu, Director of Information Technology | Selco Community Credit Union

“We had a site that was being targeted by a bot, attempting to log in with rotating usernames and passwords. However, this threat actor was crafting a properly formed interaction with the API. So, there was nothing malicious. It was using proper user agents and properly formed headers — nothing about it was out of the ordinary. ThreatX’s ability to recognize anomalies that indicate suspicious behavior is game-changing.”

Director of Security Architecture and Engineering | Global Marketing Company

“A behavior-based approach to security was very compelling for us. Threat interactions are monitored and ThreatX enables us to automatically identify and block potentially malicious and suspicious cyber behavior. We don’t have to specify the conditions or rules like we would in any other WAF, because the ThreatX solution continuously learns from what it observes.”

Joel Bruesch, Senior Director of Information Security | BMC Software

“It’s been easy to work with the SOC team…I feel, the team feels, like they’re an extension of our information security team. Before, I would get all these text messages, at two in the morning or three in the morning. And it was never fun. I felt like I worked 24 by 7, nonstop, not just being on call. I just felt like we were working seven days a week. So, this past Thanksgiving was actually the first holiday that I felt I could actually enjoy with my family.”

Information Security Analyst | Large Financial Services Organization