Data Theorem Launches Industry’s First Active Protection Suite with Observability and Runtime Defense Across Modern Application Stacks

Data Theorem Active Protection Secures Modern Application Stacks Including API, Cloud, Mobile, Modern Web and Serverless Functions

Palo Alto, Calif.., November 10, 2021

Data Theorem, Inc., a leading provider of modern application security, today launched the industry’s first Active Protection suite including observability and runtime defense, delivering comprehensive security across modern application stacks including API, cloud, mobile, modern web, and serverless (Lambda) functions.

Organizations today need tools that are purpose built for securing modern application stacks to prevent data breaches. Past-generations of runtime AppSec tools (WAFs, RASPs, EDRs) are unable to address critical areas of modern application stacks such as cloud-native applications. As an example, serverless applications with APIs, such as AWS Lambda, cannot be secured using traditional web application firewalls (WAFs), runtime application self-protection (RASPs), or endpoint detection and response (EDR) agents. This is because there are no accessible operating systems for agent installation nor traditional network perimeters with ingress/egress points. Data Theorem now uniquely delivers runtime defenses and observability across its entire product suite, addressing security gaps in modern application exposures commonly found with cloud-native stacks.

According to Gartner, “Optimal security of cloud-native applications requires an integrated approach that starts in development and extends to runtime protection. SRM (security and risk management) leaders should evaluate emerging cloud-native application protection platforms that provide a complete life cycle approach for security.”1

Data Theorem is the first to deliver comprehensive full stack security for today’s modern applications that starts at the client layer (mobile and web), protects the network layer (REST and GraphQL APIs), and extends down through the underlying infrastructure (cloud services).

Active Protection is a runtime defense and observability offering. It works across Data Theorem’s product portfolio to help customers enable application-layer security defenses across their application stacks. The runtime defenses include attack prevention, OWASP Top 10 rules, known malicious sources, policy violations of encryption levels, authentication types, authorization rules, and a variety of custom rule checks including preventing Broken Object Level Authorization (BOLA) attacks. Further, organizations also need increased observability (logging, tracing, trending) before enforcing security policies because of the dynamic nature of their modern application stacks. Customers can enable Data Theorem’s Active Protection through the use of their SDKs (software development kits), application extensions (Lambda layers), and AppSec proxy (L7 sidecar proxying).

“Data Theorem’s Active Protection is the first in the industry to provide comprehensive security across today’s modern application stacks,” said Doug Dooley, Data Theorem COO. “Application environments are more dynamic when leveraging cloud services requiring increased telemetry. Organizations need to discover their growing attack surfaces as their cloud adoption grows. We are not aware of any other vendor delivering active protection runtime defenses and observability across cloud-native, mobile, modern web, and serverless applications.”

Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine, which leverages a new type of dynamic and run-time analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation.

Pricing and Availability

Data Theorem’s new Active Protection suite is available today for free for existing customers and included in the price for Data Theorem’s suite of API Secure, Cloud Secure, Mobile Secure and Web Secure solutions. For more information, see

Note 1 – Gartner, Inc. “Innovation Insight for Cloud-Native Application Protection Platforms” by Neil MacDonald and Charlie Winckless. Aug. 25, 2021.

Media Contact

Dan Spalding
(408) 960-9297

About Data Theorem

Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world.

Learn more at

Top 6 Security Needs for APIs and Serverless Apps

On-Demand Webinar (36 min)

Securing APIs across Amazon Lambda, Google Cloud Functions and Azure Functions