Patent pending always-active API security capabilities are powered by ThreatX's eBPF-based sensors, enabling DevSecOps to detect and remediate vulnerabilities earlier, while protecting APIs

ThreatX, a visionary innovator in application and API security, today announced it has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.

By combining runtime detection and dynamic scanning with protection, ThreatX’s RAAP solution empowers DevSecOps to detect and remediate vulnerabilities earlier, while protecting vulnerable APIs – all within one platform. Leveraging extended Berkeley Packet Filter (eBPF) technology, RAAP enables real-time, persistent observability into API/App architecture, traffic data exchanges, vulnerabilities, and threats (including zero-day attacks). It endlessly observes application/API security posture, east-west and north-south, so that vulnerabilities and attacks cannot take place unnoticed from development to production environments, thus fostering collaboration between DevOps and Sec teams through a unified platform. The latest Always-Active API Security capabilities enable Dev to remediate vulnerabilities early and Sec to protect what has not been remediated.

Traditional application and API security solutions fall short in providing one essential element: real-time, continuous observability across the entire DevOps cycle. On one hand – monitoring technologies, such as WAF/WAAP – inspect security posture continuously, but only at SecOps phase and without deep insight into application/API architecture. On the other hand – scanning technologies, such as SAST, DAST, and SCA – provide insight into application/API architecture but do it only at Dev phase and on an intermittent, non-continuous basis. With the latest Always-Active API Security capabilities, ThreatX RAAP offers a solution to those deficiencies by combining the best of monitoring and scanning capabilities.

“The CISOs I speak to consistently emphasize the need for a solution that combines the functionalities of WAF, RASP, and DAST or SAST, rather than having multiple standalone AppSec tools. Having the ability to consolidate all these functions into one platform will decrease operational burden, reduce complexity, and foster collaboration between DevOps and security teams,” said Gene Fay, CEO at ThreatX. “We are excited to provide these unified runtime and dynamic API testing capabilities by extending ThreatX’s RAAP offering, enabling DevSecOps to remediate vulnerabilities like never before.”

ThreatX RAAP is easily deployed as a sidecar container within a Kubernetes (K8) environment without requiring an in-line deployment. It may be installed as a standalone solution or coupled with the ThreatX API & Application Protection – Edge solution.

Learn more about ThreatX Always-Active API Security capabilities by taking a product tour or visiting us at RSA Conference (Booth 3103) May 6th – 9th in San Francisco, CA. Follow ThreatX on LinkedIn for more event details.

About ThreatX

ThreatX is an innovator of API and application security - from the edge to runtime, enabling Dev to discover and remediate and Security to protect. Trusted by companies in every industry around the globe, ThreatX's integrated platform detects API/application vulnerabilities and protects against attacks 24/7. Learn more at https://www.threatx.com.

Sydney Gangi, ThreatX, sydney.gangi@threatx.com