Blog

Bad bots and malicious automation are one of the few technology challenges that can materially impact on every business team inside an organization. With up to 50% of Internet traffic generated by bots, organizations are awash in a sea of automated visitors. Some bots are benign, others aren’t. Those that aren't can interfere with customer acquisition. They steal data and intellectual property. They erode application performance. They directly defraud businesses.

I’m a big fan of the ThreatX agentless architecture. It simplifies many of aspects of deployment and side-steps a lot of the problems with agent-based architecture.

Most anyone who works in application security can tell you that the traditional WAF model has not aged gracefully over the past few years. Facing new challenges from bots, API-based threats, DDoS attacks, and sophisticated evasive attackers, the old guard of WAFs have bolted on module after module in an attempt to keep pace. This has, unsurprisingly, resulted in more complexity, the need for more AppSec talent, and the inability to protect an over-growing application attack surface. 

I’m excited, y’all! We’ve just published a cool piece of content that everyone with an interest in AppSec should take a look at. 

Modern AppSec and security teams face enormous challenges of scale when it comes to their daily workload. Organizations need to secure more applications and APIs than ever before, and those apps and APIs are under constant attack from increasingly sophisticated methods. Security staff has to parse and analyze an avalanche of alerts and data to stay ahead of bad actors and continuously improve the security posture of their organization. Collectively, this is a perfect storm that can put even the best security teams under intense strain.

By focusing intently on risk-based security, ThreatX delivers a truly modernized approach to AppSec that enables our clients to manage their threat posture in a fundamentally different way. It lets us consistently recognize and stop more legitimate attacks for our customers, vastly reduce false positives, and significantly reduce the fatigue and burden on staff and analysts. Let's take a closer look at what it's all about and why it matters.

Today I am proud to announce the integration of the ThreatX WAAP with the Palo Alto Networks XSOAR platform. You can read the official announcement for more details here. This integration is exciting for me personally because it tackles one of the most important issues I see facing enterprise security teams regardless of size or industry. Virtually every organization needs to get more leverage out of their security tools, whether that means arming analysts with critical data or turning that data into automated responses. This integration lets organizations harness the power of the ThreatX’s web application + api protection + bog protection + DDoS attack mitigation (WAAP++) platform for such things as risk scores, entity details, and other insights and leverage that data across the enterprise so that teams can do more, faster. 

Mergers and acquisitions are some of the most important, exciting, and often messy aspects of the business world. Having been through the process several times, both as an acquirer and an acquiree, I can personally attest that technology and security are areas where things can get particularly messy. Buyers and sellers will often have very different approaches to security–different levels of operational maturity, different tools, and different threat profiles. This means that many of the details about security posture and risk only become known after an acquisition is complete. Yikes!

While no technology can tame all the challenges of an acquisition, ThreatX’s web application and API protection +Bot + DDoS (WAAP++) platform can give organizations an easy, yet powerful way to wrestle control over AppSec. Because it can be up and running in just a few hours, ThreatX can help uncover problems during the due diligence process; letting security teams quickly triage and deliver core protections to newly acquired sites and apps after the merger is complete. Let’s take a closer look.