Watching the attacker vs. the attack.
ThreatX brings together active interrogation and passive analysis to identify and track attacker entities over time even as their IP and traits change.
- Progressive Interrogation – Active interrogation and deception to distinguish human from automated entities.
- Advanced Fingerprinting – TLS fingerprinting and attacker analytics to track and correlate attacking entity actions even as IP addresses and user agents change.
- Automated Correlation – All actions are correlated over time to deliver a combined, up-to-the-second view of risk for each entity.
Seeing an attack from a myriad of perspectives
ThreatX integrates multiple context sensors each with unique perspectives and strengths.
- App and API Profiling – Automatically profile all application traits and behaviors to establish baselines. Automatically discover all API endpoints.
- IP Interrogation – actively engage suspicious entities using transparent cookie injection, TLS fingerprinting, deceptive fields, and more.
- Exploit Detection – Parses and analysis all aspects of traffic to identify exploits such as SQL injection, XSS, malware injection, and more.
- Flow Validation – Analyze the flow of all application and API behavior to detect attempts to avoid authentication controls or gain improper access.
- Layer DDoS – Detect abuses of exposed Layer 7 functionality to identity DDoS as well as other application level and business logic abuses.
Adaptive Enforcement and Action
Dynamically engaging to understand intent
ThreatX can then take a variety of actions based on the combined observed risk and all entity actions.
Block – Automatically block and unblock entities based on their risk. Dynamically blacklist or whitelist IPs based on policy.
Monitor – Prioritize and track suspicious entities with actively engaging in order to gather additional intelligence on entity techniques and intent.
Interrogation – Apply additional interrogation and deception techniques to mitigate the attacking entity and collect more information.
Tarpitting – Tarpit suspicious or DDoS traffic to prevent attackers from overwhelming application resources.