ThreatX Adds API Visibility, Protection Capabilities To Defend Against Real-Time Attacks

To provide deep security of APIs and real-time insights into API attacks, ThreatX is enhancing its API protection platform with API schema compliance and dashboard features.

Tags: API, gateways, ThreatX visibility,

API protection platform ThreatX is offering customers deeper, real-time insight into the scope of API attacks. The latest updates will let customers better visualize API attack surfaces and identify API schema compliance gaps that attackers can exploit.


“When speaking with both our customers and prospects, it’s become clear to us that many of today’s solutions, such as API Gateways, aren’t designed to protect APIs against the sophisticated, multi-mode attacks that have become commonplace,” said Bret Settle, Chief Strategy Officer at ThreatX.


In specific, ThreatX has now added the following capabilities:


API Schema Compliance
API schemas often provide enterprises with a central way of defining how APIs should work. Without them, it can be difficult for security teams to understand whether any API call is legitimate or malicious, creating a significant security risk for organizations, Hickman noted.


To address this challenge, ThreatX is adding API schema compliance capabilities to allow customers to centrally manage OpenAPI 3.0 schemas for the API endpoints ThreatX discovers and protects. This new feature aims to enable organizations to compare API traffic to specifications to determine whether compliance gaps exist so they can work to mitigate them, the company said.


API Real-time Discovery
ThreatX is adding real-time discovery capabilities to spotlight API endpoints that may be out of the view of security and development teams. The new feature helps IT watch zombie and rogue APIs. The capabilities aim to give customers a holistic and clear picture of their API attack surface and understand when and where APIs are being managed appropriately.


API Dashboard
ThreatX’s new API Dashboard details API endpoint usage and how it compares to expected behavior, as defined in the schema. Users can build custom schemas for outdated APIs or even those with no schemas available. The dashboard lets users quickly identify critical indicators of an attack and potential vulnerabilities.


In specific, the ThreatX API Dashboard provides data on:

  • API endpoint usage and how it compares to expected behavior, as defined in actions from the schema
  • API traffic analytics
  • Error code summaries

ThreatX’s dashboards make it easier than ever for organizations to drill into the finer points of API attacks. With a comprehensive set of data available, customers can quickly take responsive actions, such as automatic blocking, geo-fencing and other approaches. 


ThreatX applies artificial intelligence and machine learning to detect even the slightest indicators of suspicious activity. Unlike post-attack API anomaly detection tools that require offline data analysis, ThreatX builds risk profiles of attackers over time, enabling it to identify and stop even the most complex threats in real-time.


“To get API protection right, it is imperative that organizations have a clear view of their API attack surface and API schemas. Additionally, it is equally important that they can assess attacks against APIs as compared to traditional web apps,” said Tom Hickman, Chief Innovation Officer at ThreatX. 


“By delivering these new capabilities directly within the ThreatX platform, our customers will be able to leverage a single solution that gives them the unique ability to both identify and stop attacks in real time,”  Settle added.

ThreatX Releases Report Detailing ‘Consumer Perspective’ of API Security

ThreatX also released a study that finds most consumers are aware of the risk to their personal data due to the increasing use of APIs for passing data across internal systems or with a business’ third-party partners.


“APIs are a common part of enabling digital experiences in our daily lives, whether consumers realize it or not. The data gathered by our survey sheds light on how API security can affect brands and reinforces how core APIs are to peoples’ lives,” said ThreatX CEO Gene Fay of the results. “We hope that the industry will be able to use these insights to rethink how they approach API security so they can protect both customers and their brands for years to come.”


One big takeaway from the survey is that consumer brands would be wise to build security into their applications, Fay said. That’s because consumers do not feel brands do enough to protect their personal information.


The ThreatX survey reveals notable consumer sentiment about how companies treat their data.

  • 74% of respondents reported that they either have “minimal” or “no” influence to encourage brands to take their security more seriously, which may signal a resignation among consumers that data breaches are inevitable
  • 65% of respondents would consider paying more for an application or tech marketed as “secure.”
  • 61% of respondents do not feel confident that brands prioritize building security into their APIs and associated applications.
  • 56% of consumers report changing their login credentials for accounts associated with the brand following a breach.
  • 30% of respondents reported that if a mobile, web application or piece of technology they purchased was down once per week for updates, they would leave the brand.
  • Only 26% of respondents assume that a brand did everything in its power to protect against a data breach or an attack.

“This survey serves not just as a wake-up call to consumers, but to brands that may unwittingly expose customer PII and therefore put their reputations at risk,” said Dave Howell, ThreatX Chief Marketing Officer. “I hope this report helps people realize that by prioritizing API security, companies have the opportunity to protect both the user experience and the personal information of customers.”


The ThreatX survey polled 883 respondents from the United States and was performed in December 2021. Participants between the ages of 18 and 70 were chosen from the responses.