Data Theorem has launched the industry’s first Active Protection including observability and runtime defense, delivering comprehensive security across modern application stacks including API, cloud, mobile, modern web, and serverless (Lambda) functions.
Organizations today need tools that are purpose built for securing modern application stacks to prevent data breaches. Past-generations of runtime AppSec tools (WAFs, RASPs, EDRs) are unable to address critical areas of modern application stacks such as cloud-native applications. As an example, serverless applications with APIs, such as AWS Lambda, cannot be secured using traditional web application firewalls (WAFs), runtime application self-protection (RASPs), or endpoint detection and response (EDR) agents. This is because there are no accessible operating systems for agent installation or traditional network perimeters with ingress/egress points. Data Theorem now uniquely delivers runtime defenses and observability across its entire product suite, addressing security gaps in modern application exposures commonly found with cloud-native stacks.
According to Gartner, “Optimal security of cloud-native applications requires an integrated approach that starts in development and extends to runtime protection. SRM (security and risk management) leaders should evaluate emerging cloud-native application protection platforms that provide a complete life cycle approach for security.” 1
Data Theorem is the first to deliver comprehensive full stack security for today’s modern applications that starts at the client layer (mobile and web), protects the network layer (REST and GraphQL APIs), and extends down through the underlying infrastructure (cloud services).
Active Protection is a runtime defense and observability offering. Active Protection works across Data Theorem’s product portfolio to help customers enable application-layer security defenses across their application stacks. The runtime defenses include attack prevention, OWASP Top 10 rules, known malicious sources, policy violations of encryption levels, authentication types, authorization rules, and a variety of custom rule checks including preventing BOLA attacks. Further, organizations also need increased observability (logging, tracing, trending) before enforcing security policies because the dynamic nature of their modern application stacks. Customers can enable Data Theorem’s Active Prevention through the use of their SDKs (software development kits), application extensions (Lambda layers), and AppSec proxy (L7 sidecar proxying).
“Data Theorem’s Active Protection is the first in the industry to provide comprehensive security across today’s modern application stacks,” said Doug Dooley, Data Theorem COO. “Organizations’ dynamic environments such as public cloud services require more observability and telemetry to discover their changing attack surfaces than current solutions provide. We are not aware of any other vendor delivering active protection runtime defenses and observability across cloud-native, mobile, modern web, and serverless applications.”
Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine, which leverages a new type of dynamic and run-time analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation.
The Active Protection is available today for free for existing customers and included in the price for Data Theorem’s suite of API Secure, Cloud Secure, Mobile Secure and Web Secure solutions. For more information, see https://www.datatheorem.com/free-trial/.
Note 1 – Gartner, Inc. “Innovation Insight for Cloud-Native Application Protection Platforms” by Neil MacDonald and Charlie Winckless. Aug. 25, 2021.