Thales announced that its Imperva Application Security platform has added detection and response capabilities to protect against business logic attacks, such as Object Level Loss of Authorization (BOLA), the top threat in the OWASP Top 10 API Security Risks. By combining real-time detection with automated responses for risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, the Imperva Application Security platform provides comprehensive protection against unauthorized data exfiltration and other complex business logic vulnerabilities in both cloud and on-premises environments.
APIs have become the backbone of modern applications, enabling enterprises to seamlessly connect services, optimize operations, and deliver personalized experiences at scale. According to the Imperva Threat Research Team, APIs account for 71% of all web traffic . Recently, the team has observed a sharp increase in attacks against APIs, with 44% of advanced bot traffic targeting APIs , compared to only 10% targeting web applications. This shift highlights that attackers are increasingly exploiting API endpoints that manage sensitive and high-value data.
Why BOLA is a key business risk
BOLA attacks occur when an API fails to properly verify that a user has permission to access a specific data object. This allows attackers to manipulate requests and gain unauthorized access to sensitive information. As the first of the OWASP Top 10 API threats, BOLA exposes enterprises to significant risks, including data breaches, compliance failures, and loss of customer trust.
“API security is no longer optional, but fundamental to maintaining business continuity and trust,” said Tim Chang, Global Vice President and General Manager, Application Security, Thales. “Imperva Application Security bridges this gap by providing a fully unified platform that identifies threats to business logic and proactively blocks malicious sessions, setting a new benchmark for API protection.”
Also Read: Panasonic HD develops “SparseVLM” technology that doubles the processing speed of Vision-Language Model
Providing a unified, flexible, privacy-first solution for the enterprise
Imperva Application Security combines an advanced threat detection engine with automated inline response and flexible deployment options, enabling security teams to detect and respond to API attacks such as BOLA without compromising development velocity or user experience. For customers looking to protect their API infrastructure, Imperva Application Security offers the following benefits:
- Unified platform architecture: Manage API discovery, risk assessment, detection, and response in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments.
- Real-time BOLA detection : A hybrid behavioral and rules-based engine analyzes API request patterns, scores anomalies and flags endpoints for immediate action.
- Automated response and remediation : Integration with Imperva Cloud WAF and WAF Gateway supports multiple response actions, including inline responses such as automatic blocking of malicious API traffic in real time. Integration with security automation tools ensures rapid incident orchestration.
Advancing Imperva’s Vision of “Security Everywhere”
The integration of API detection and response into Imperva Application Security is the foundation of Imperva’s “Security Anywhere” vision, which provides scalable, end-to-end protection for applications and APIs in any environment. This unified solution provides enterprises with a comprehensive view of automated threats against APIs and the tools they need to protect them.
Detection and response for deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security.
Source: BusinessWire