Attacker-Centric Behavioral Analytics
Stay ahead of an ever-changing threat landscape and defend against attackers intent on exploiting traditionally vulnerable web applications and APIs.
Protection that evolves with attacks
APIs and web applications are often the holy grail for attackers. These adversaries see great value in these assets and exert significant time and creativity to evade rules-based detection techniques. ThreatX goes far beyond the basics of rules by inspecting the specific behaviors of an adversary over time. Through this inspection, ThreatX’s Attacker-Centric Behavioral Analytics (ACBA) enable security teams to stay ahead of an ever-changing threat landscape and defend against attackers intent on exploiting traditionally vulnerable web applications and APIs.
Benefits of Attacker Centric Behavioral Analytics
Quickly Identify, Monitor, and Block the Riskiest Threats in APIs and Applications
ThreatX identifies and correlates attackers’ behavior across multiple attack vectors to more precisely identify threats than is possible via a signature-based approach
Relying on signatures to identify threats used to work – but today, such approaches fall short and assume attackers are not as capable and creative as they are. By tracking and analyzing the behavior of attackers over time, ThreatX gains a much more complete and precise view of risk – both immediately and borne through low and slow attacks over time. This level of behavioral insight gives you the most complete defense against web app and API attackers.
Say Goodbye to Endless Custom Rules and Maintenance
ThreatX automatically responds to changing attack patterns over time, as attacks morph, ebb and flow, adjusting to the motions of security defenses
The methods, modes, and cadence of attacks are far from consistent. Adversaries probe web apps and APIs for vulnerabilities – and may retreat before relaunching an attack. Attackers deploy bots and DDoS attacks, as well as other sophisticated techniques, that make it challenging – if not impossible – to rely on signatures as a means of protection.
Through ThreatX’s ACBA, customers can identify tactics and procedures being deployed and escalation of the kill chain over time; determine whether an attempt is legitimate – or an attack; and secure their web apps and APIs. We analyze IP reputation, TOR exit node status, geo IP, user agent, TLS fingerprint, and a number of behavioral attributes to identify entities and codify the risk associated with their behavior.
High Confidence Automated Blocking
Block suspicious entities from accessing web applications or APIs when behaviors have surpassed an acceptable threshold of risk
Attacker-Centric Behavioral Analytics coupled with our single risk engine, blocks a suspicious entity from accessing a web app or API when behaviors have surpassed an acceptable threshold of risk. Because the IP address of an entity currently exhibiting suspicious or malicious behavior may later be reassigned to a legitimate user, each entity is allowed three opportunities to exhibit questionable behavior before they’re permanently blocked.
ThreatX’s blocking modes are designed to block malicious requests and deter suspicious entities from attacking your sites, while allowing benign traffic and real users through.
ThreatX’s ACBA engine identifies and blocks persistently malicious entities.
ThreatX analyzes IP reputation, TOR exit node status, geo IP, user agent, TLS fingerprint, and a number of behavioral attributes to identify entities and codify the risk associated with their behavior.
ThreatX analyzes behaviors from multiple vantage points – rather than requiring a single, significantly risky event or identifying a known signature – to block a suspicious entity.
What Our Customers Are Saying
“We look at our ThreatX dashboard and pinpoint whether attackers are just getting their feet wet, or really trying to exploit us. It’s a good visual because we can see clearly what to focus on. With other solutions, it was just an immediate block for anything that met a rule.”Marco Escobar, Senior Director of Operations | Segpay
“Prior to ThreatX we would spend countless hours adjusting rules, and manually blocking countries and IP addresses when under attack. Now we let ThreatX take care of it and my team and I have our evenings and weekends back. The best part of working with ThreatX is the SOC that is keeping an eye on things and making recommendations and adjustments. The relationship and trust is important to our Credit Union and we have found an amazing partner in ThreatX.”Steve Liu, Director of Information Technology | Selco Community Credit Union
“We had a site that was being targeted by a bot, attempting to log in with rotating usernames and passwords. However, this threat actor was crafting a properly formed interaction with the API. So, there was nothing malicious. It was using proper user agents and properly formed headers — nothing about it was out of the ordinary. ThreatX’s ability to recognize anomalies that indicate suspicious behavior is game-changing.”Director of Security Architecture and Engineering | Global Marketing Company
“A behavior-based approach to security was very compelling for us. Threat interactions are monitored and ThreatX enables us to automatically identify and block potentially malicious and suspicious cyber behavior. We don’t have to specify the conditions or rules like we would in any other WAF, because the ThreatX solution continuously learns from what it observes.”Joel Bruesch, Senior Director of Information Security | BMC Software
“It’s been easy to work with the SOC team…I feel, the team feels, like they’re an extension of our information security team. Before, I would get all these text messages, at two in the morning or three in the morning. And it was never fun. I felt like I worked 24 by 7, nonstop, not just being on call. I just felt like we were working seven days a week. So, this past Thanksgiving was actually the first holiday that I felt I could actually enjoy with my family.”Information Security Analyst | Large Financial Services Organization