Imperva Application Security Integrates API Detection and Response, Setting A New Standard in API Security
MEUDON, France:
First unified, single-pane-of-glass platform to deliver real-time detection and mitigation of API threats, including Broken Object Level Authorization (BOLA) and other advanced business logic threats.
Offers flexible deployment across cloud and on-premise environments, with a privacy-forward design to secure APIs at scale.
Thales today announced new detection and response capabilities in the Imperva Application Security platform to protect against business logic attacks, such as Broken Object Level Authorization (BOLA) – the leading threat in the OWASP API Security Top 10. By integrating real-time detection with automated mitigation of risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, Imperva Application Security platform delivers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across cloud and on-premises environments.
APIs have become the backbone of modern applications, enabling businesses to seamlessly connect services, optimize operations, and deliver personalized experiences at scale. According to Imperva Threat Research, APIs accounted for 71% of all web traffic . More recently, the team observed a sharp rise in API-directed attacks, with 44% of advanced bot traffic targeting APIs , compared to just 10% targeting web applications. This shift underscores how attackers are increasingly exploiting API endpoints that manage sensitive and high-value data.
Why BOLA is a Critical Business Risk
BOLA occurs when APIs fail to properly verify whether users are authorized to access specific data objects. This allows attackers to manipulate requests and gain unauthorized access to sensitive information. As the leading OWASP Top 10 API threat, BOLA exposes businesses to significant risks, including data breaches, compliance failures, and loss of customer trust.
'API security is no longer optional – it's fundamental to maintaining business continuity and trust,' said Tim Chang, Global Vice President and General Manager of Application Securityat Thales. 'Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.'
Empowering Enterprises with a Unified, Flexible, and Privacy-First Solution
Imperva Application Security integrates advanced threat detection engines with automated inline responses and flexible deployment options, enabling security teams to detect and respond to API attacks like BOLA without slowing development or disrupting the user experience. For customers who want to protect their API infrastructure, Imperva Application Security delivers the following benefits: Unified Platform Architecture: Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments.
Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments. Real-Time BOLA Detection : Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action.
: Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action. Automated Response and Remediation: Integration with Imperva Cloud WAF and WAF Gateway enables a variety of response actions, including inline mitigation actions such as automatically blocking malicious API traffic in real-time. Integration with security automation tools ensures rapid incident orchestration.
Advancing the Imperva Security Anywhere Vision
The integration of API detection and response into Imperva Application Security is foundational to the Imperva Security Anywhere vision, which provides scalable, end-to-end protection for applications and APIs across any environment. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools to protect those APIs.
Detection and response to deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.
The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.
Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.
PLEASE VISIT
Thales Group
Cloud Protection & Licensing Solutions | Thales Group
Cybersecurity Solutions | Thales Group
View source version on businesswire.com: https://www.businesswire.com/news/home/20250624052385/en/
Disclaimer: The above press release comes to you under an arrangement with Business Wire. Business Upturn takes no editorial responsibility for the same.
Ahmedabad Plane Crash
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNBC
an hour ago
- CNBC
Europe's big defense push is putting supply chains in a chokepoint. Here's how they aim to break through
European defense stocks have become a favorite play among investors, but extra demand has also put supply chains under strain. Charlotte Reed spoke to the CEOs of Thales, Leonardo and Saab about how they are tackling those challenges.
Associated Press
5 hours ago
- Associated Press
Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments
MEUDON, France--(BUSINESS WIRE)--Jun 30, 2025-- Thales, a global leader in technology and cybersecurity, today released the findings of its2025 Cloud Security Studyconducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritizing AI security investments over other security needs, signaling a shift in how organizations are allocating budgets in response to the accelerated adoption of AI. This year's research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority levels. This press release features multimedia. View the full release here: ©Thales Cloud remains at the forefront of security considerations Cloud is now an essential part of modern enterprise infrastructure, but many organizations are still building the skills and strategies needed to secure it effectively. The variability of controls across cloud providers, combined with the distinct mindset required for cloud security, continues to challenge security teams. This pressure is only increasing as AI initiatives drive more sensitive data into cloud environments, amplifying the need for robust, adaptable protections. This year's Thales Cloud Security Study confirms that cloud security remains a top concern for enterprises worldwide. Nearly two-thirds (64%) of respondents ranked it among their top five security priorities, with 17% identifying it as their number one. Security for AI, a new addition to the list of spending priorities this year, ranked second overall, highlighting its growing importance. Despite sustained investment, cloud security remains a complex, persistent challenge that goes beyond technology to include staffing, operations, and the evolving threat landscape. 'The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,' SebastienCano, Senior Vice President, Cyber Security Products at Thales, said. 'With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.' The average number of public cloud providers per organization has risen to 2.1, with most also maintaining on-prem infrastructure. This growing complexity is driving security challenges with 55% of respondents reporting that cloud is harder to secure than on-prem, a 4-percentage-point increase from last year. As organizations expand through growth or M&A, they're also seeing a surge in SaaS usage, now averaging 85 applications per enterprise, complicating access control and data visibility. This complexity extends to security operations, with many teams struggling to align policies across varied platforms. The study found that 61% of organizations use five or more tools for data discovery, monitoring, or classification, and 57% use five or more encryption key managers. Attacks target cloud resources with human error remaining a top vulnerability Cloud infrastructure is a prime target for attackers as organizations continue to struggle with securing increasingly complex environments. According to the 2025 Thales Cloud Security Study, four of the top five most targeted assets in reported attacks are cloud-based. The rise in access-based attacks, as reported by 68% of respondents, underscores growing concerns around stolen credentials and insufficient access controls. Meanwhile, 85% of organizations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed. Compounding the issue, human error remains a major contributing factor in cloud security incidents, from misconfigurations to poor credential management. ' A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data ,' Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. ' Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience .' For more information, please download the full report and join our webinar hosted by Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research . About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies. Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion. PLEASE VISIT Thales Group Cloud Protection & Licensing Solutions | Thales Group Cybersecurity Solutions | Thales Group View source version on CONTACT: PRESSThales, Media Relations Security & Cybersecurity Marion Bonnet +33 (0)6 60 38 48 92 [email protected] KEYWORD: FRANCE EUROPE INDUSTRY KEYWORD: APPS/APPLICATIONS TECHNOLOGY SECURITY BUSINESS PROFESSIONAL SERVICES INTERNET DATA ANALYTICS DATA MANAGEMENT ARTIFICIAL INTELLIGENCE SOURCE: Thales Copyright Business Wire 2025. PUB: 06/30/2025 03:00 AM/DISC: 06/30/2025 03:00 AM
Business Wire
6 hours ago
- Business Wire
Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments
MEUDON, France--(BUSINESS WIRE)-- Thales, a global leader in technology and cybersecurity, today released the findings of its 2025 Cloud Security Study conducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritizing AI security investments over other security needs, signaling a shift in how organizations are allocating budgets in response to the accelerated adoption of AI. This year's research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority levels. 'With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption." Cloud remains at the forefront of security considerations Cloud is now an essential part of modern enterprise infrastructure, but many organizations are still building the skills and strategies needed to secure it effectively. The variability of controls across cloud providers, combined with the distinct mindset required for cloud security, continues to challenge security teams. This pressure is only increasing as AI initiatives drive more sensitive data into cloud environments, amplifying the need for robust, adaptable protections. This year's Thales Cloud Security Study confirms that cloud security remains a top concern for enterprises worldwide. Nearly two-thirds (64%) of respondents ranked it among their top five security priorities, with 17% identifying it as their number one. Security for AI, a new addition to the list of spending priorities this year, ranked second overall, highlighting its growing importance. Despite sustained investment, cloud security remains a complex, persistent challenge that goes beyond technology to include staffing, operations, and the evolving threat landscape. 'The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,' Sebastien Cano, Senior Vice President, Cyber Security Products at Thales, said. 'With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.' The average number of public cloud providers per organization has risen to 2.1, with most also maintaining on-prem infrastructure. This growing complexity is driving security challenges with 55% of respondents reporting that cloud is harder to secure than on-prem, a 4-percentage-point increase from last year. As organizations expand through growth or M&A, they're also seeing a surge in SaaS usage, now averaging 85 applications per enterprise, complicating access control and data visibility. This complexity extends to security operations, with many teams struggling to align policies across varied platforms. The study found that 61% of organizations use five or more tools for data discovery, monitoring, or classification, and 57% use five or more encryption key managers. Attacks target cloud resources with human error remaining a top vulnerability Cloud infrastructure is a prime target for attackers as organizations continue to struggle with securing increasingly complex environments. According to the 2025 Thales Cloud Security Study, four of the top five most targeted assets in reported attacks are cloud-based. The rise in access-based attacks, as reported by 68% of respondents, underscores growing concerns around stolen credentials and insufficient access controls. Meanwhile, 85% of organizations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed. Compounding the issue, human error remains a major contributing factor in cloud security incidents, from misconfigurations to poor credential management. ' A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data,' Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. ' Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience.' For more information, please download the full report and join our webinar hosted by Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research. About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies. Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion. Cybersecurity Solutions | Thales Group
