Latest news with #TimChang
Business Upturn
24-06-2025
- Business
- Business Upturn
Imperva Application Security Integrates API Detection and Response, Setting A New Standard in API Security
MEUDON, France: First unified, single-pane-of-glass platform to deliver real-time detection and mitigation of API threats, including Broken Object Level Authorization (BOLA) and other advanced business logic threats. Offers flexible deployment across cloud and on-premise environments, with a privacy-forward design to secure APIs at scale. Thales today announced new detection and response capabilities in the Imperva Application Security platform to protect against business logic attacks, such as Broken Object Level Authorization (BOLA) – the leading threat in the OWASP API Security Top 10. By integrating real-time detection with automated mitigation of risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, Imperva Application Security platform delivers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across cloud and on-premises environments. APIs have become the backbone of modern applications, enabling businesses to seamlessly connect services, optimize operations, and deliver personalized experiences at scale. According to Imperva Threat Research, APIs accounted for 71% of all web traffic . More recently, the team observed a sharp rise in API-directed attacks, with 44% of advanced bot traffic targeting APIs , compared to just 10% targeting web applications. This shift underscores how attackers are increasingly exploiting API endpoints that manage sensitive and high-value data. Why BOLA is a Critical Business Risk BOLA occurs when APIs fail to properly verify whether users are authorized to access specific data objects. This allows attackers to manipulate requests and gain unauthorized access to sensitive information. As the leading OWASP Top 10 API threat, BOLA exposes businesses to significant risks, including data breaches, compliance failures, and loss of customer trust. 'API security is no longer optional – it's fundamental to maintaining business continuity and trust,' said Tim Chang, Global Vice President and General Manager of Application Securityat Thales. 'Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.' Empowering Enterprises with a Unified, Flexible, and Privacy-First Solution Imperva Application Security integrates advanced threat detection engines with automated inline responses and flexible deployment options, enabling security teams to detect and respond to API attacks like BOLA without slowing development or disrupting the user experience. For customers who want to protect their API infrastructure, Imperva Application Security delivers the following benefits: Unified Platform Architecture: Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments. Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments. Real-Time BOLA Detection : Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action. : Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action. Automated Response and Remediation: Integration with Imperva Cloud WAF and WAF Gateway enables a variety of response actions, including inline mitigation actions such as automatically blocking malicious API traffic in real-time. Integration with security automation tools ensures rapid incident orchestration. Advancing the Imperva Security Anywhere Vision The integration of API detection and response into Imperva Application Security is foundational to the Imperva Security Anywhere vision, which provides scalable, end-to-end protection for applications and APIs across any environment. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools to protect those APIs. Detection and response to deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security. About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies. Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion. PLEASE VISIT Thales Group Cloud Protection & Licensing Solutions | Thales Group Cybersecurity Solutions | Thales Group View source version on Disclaimer: The above press release comes to you under an arrangement with Business Wire. Business Upturn takes no editorial responsibility for the same. Ahmedabad Plane Crash
Business Wire
24-06-2025
- Business
- Business Wire
Imperva Application Security Integrates API Detection and Response, Setting A New Standard in API Security
MEUDON, France--(BUSINESS WIRE)-- Thales today announced new detection and response capabilities in the Imperva Application Security platform to protect against business logic attacks, such as Broken Object Level Authorization (BOLA) – the leading threat in the OWASP API Security Top 10. By integrating real-time detection with automated mitigation of risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, Imperva Application Security platform delivers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across cloud and on-premises environments. APIs have become the backbone of modern applications, enabling businesses to seamlessly connect services, optimize operations, and deliver personalized experiences at scale. According to Imperva Threat Research, APIs accounted for 71% of all web traffic. More recently, the team observed a sharp rise in API-directed attacks, with 44% of advanced bot traffic targeting APIs, compared to just 10% targeting web applications. This shift underscores how attackers are increasingly exploiting API endpoints that manage sensitive and high-value data. Why BOLA is a Critical Business Risk BOLA occurs when APIs fail to properly verify whether users are authorized to access specific data objects. This allows attackers to manipulate requests and gain unauthorized access to sensitive information. As the leading OWASP Top 10 API threat, BOLA exposes businesses to significant risks, including data breaches, compliance failures, and loss of customer trust. 'API security is no longer optional – it's fundamental to maintaining business continuity and trust,' said Tim Chang, Global Vice President and General Manager of Application Security at Thales. 'Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.' Empowering Enterprises with a Unified, Flexible, and Privacy-First Solution Imperva Application Security integrates advanced threat detection engines with automated inline responses and flexible deployment options, enabling security teams to detect and respond to API attacks like BOLA without slowing development or disrupting the user experience. For customers who want to protect their API infrastructure, Imperva Application Security delivers the following benefits: Unified Platform Architecture: Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments. Real-Time BOLA Detection: Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action. Automated Response and Remediation: Integration with Imperva Cloud WAF and WAF Gateway enables a variety of response actions, including inline mitigation actions such as automatically blocking malicious API traffic in real-time. Integration with security automation tools ensures rapid incident orchestration. Advancing the Imperva Security Anywhere Vision The integration of API detection and response into Imperva Application Security is foundational to the Imperva Security Anywhere vision, which provides scalable, end-to-end protection for applications and APIs across any environment. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools to protect those APIs. Detection and response to deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security. About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies. Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion. Thales Group Cybersecurity Solutions | Thales Group
Straits Times
04-05-2025
- Business
- Straits Times
Malicious bots behind nearly half of web traffic in S'pore: Study
Politically-motivated activities have also risen, with these bots setting up social media accounts to proliferate politically-charged messages. PHOTO ILLUSTRATION: PEXELS Malicious bots behind nearly half of web traffic in S'pore: Study SINGAPORE – Malicious bots aided by artificial intelligence (AI) tools now generate 45 per cent of all internet traffic in Singapore, a sharp rise from 35 per cent a year ago, according to a new study. The 2025 Imperva Bad Bot Report, which compared bot traffic between 2023 and 2024, found bad bots to be most prevalent in the gambling, gaming, automotive and travel sectors here. The 12th edition of the report drew from data collected from across the Imperva global network in 2024, including the blocking of 13 trillion bad bot requests across thousands of domains and industries. Singapore ranked fourth among places in the Asia-Pacific that were most targeted by bad bots in 2024, after Hong Kong, Indonesia and Australia, according to the 12th annual study released in late April by United States-based cyber-security firm Imperva. Globally, automated bot traffic surpassed the human-generated type for the first time in a decade, constituting 51 per cent of all web traffic in 2024, according to the study. Of the total bot traffic, 37 per cent were found to be malicious activities, including data scraping, payment fraud, account takeovers, credentials theft and distributed denial of service (DDoS). DDoS attackers make websites unavailable to legitimate users by flooding the sites with queries. With the help of AI, bad bots can mimic human behaviour – including mouse movements and clicks – making them difficult to detect and block, said the report. 'The surge in AI-driven bot creation has serious implications for businesses worldwide,' said Mr Tim Chang, general manager of application security at Thales, which owns Imperva. The emergence of advanced AI tools – including ChatGPT, ByteSpider Bot, ClaudeBot, Google Gemini, Perplexity AI and Cohere AI – has transformed the methods by which attackers execute cyber threats. For instance, bad bots automatically crack outdated mobile applications that do not enforce mandatory updates, write codes to increase attack volumes and collect large quantities of sensitive data . In 2024, Imperva blocked an average of two million AI-powered cyber attacks daily . ByteSpider Bot alone accounted for more than half of all AI-enabled attacks globally. Other significant contributors include AppleBot, ClaudeBot and ChatGPT User Bot. Over the last few months, politically-motivated activities have risen, with these bots setting up social media accounts to proliferate politically-charged messages in the midst of the hustings as Singaporeans prepare to go to the polls on May 3, Appdome, another cyber-security firm, found. Such traffic typically comes in the form of social media post hijacking, where bots produce inflammatory or empathetic messages to rouse viewers to engage with the content, said Mr Jan Sysmans, Appdome's mobile app defence evangelist based in Singapore. 'The people behind these bots are trying to propagate their own agenda and create tension to spark a flame,' he added. 'There isn't a standard way these bots approach (hijacking). It just encourages users to engage in the content, which influences their algorithm. Subsequently, users will get fed more of such inflammatory or empathetic content, creating an echo chamber effect.' Globally, the travel sector is the most targeted, accounting for over a quarter of all bot attacks. It is trailed by the retail, education and financial services sector, according to the Imperva study. Notably, travel websites face an increase in simple bot attacks, possibly launched by less sophisticated criminals using AI tools . These attacks include 'seat spinning', where bots simulate the booking process of flight tickets up to the payment step, without completing the purchase. This hogs tickets and denies potential customers access to them, disrupting airline businesses and jeopardising their reputation. AI tools flooding travel websites with traffic may also inflate the demand and costs of tickets. Online retailers faced threats including scalping, credential stuffing, gift card fraud and DDoS – all year round in 2024 as opposed to just during festive seasons in 2023. Scalping involves buying many of the same items such as limited edition goods or concert tickets at the usual price and reselling them at higher prices. Credential stuffing involves taking over someone's online account using stolen usernames and passwords. Financial services, telecom, healthcare and retail are the most targeted industries for bot attacks on application programming interfaces (APIs). These sectors depend on APIs for critical operations and sensitive transactions, making them prime targets for such sophisticated bot attacks. APIs act like a bridge between applications, allowing them to share data. For instance, an e-commerce platform that accepts credit card payments or bank transfers is linked via APIs to the payment-service firm or the bank. Bots typically steal customer information or competitive intelligence, abuse promotional mechanisms and exploit vulnerabilities in check-out systems for fraud, according to the study. 'Businesses need to take steps to protect themselves from bots and online fraud,' Imperva said, urging businesses to implement multifactor authentication measures and real-time bot detection to protect customers. On how internet users should protect themselves from falling prey to the effects of bad bots, Mr Sysmans said: 'It is going to be very hard, with how advanced AI and technology is now. But one must always be vigilant and ask, 'Is this too good to be true?'' Join ST's WhatsApp Channel and get the latest news and must-reads.
Yahoo
15-04-2025
- Business
- Yahoo
Bots now make up the majority of all internet traffic
More than half of all internet traffic is now made up of bots, according to a new report. Analysis by cyber security firm Imperva revealed that automated and AI-powered bots accounted for 51 per cent of all web traffic in 2024, with so-called 'bad bots' at their highest level since the firm started tracking them in 2013. The researchers noted that the emergence of advanced artificial intelligence tools like OpenAI's ChatGPT and Google's Gemini have led to new cyber threats for web users. 'The surge in AI-driven bot creation has serious implications for businesses worldwide,' said Tim Chang, general manager of application security at Thales Cybersecurity Products. 'As automated traffic accounts for more than half of all web activity, organisations face heightened risks from bad bots, which are becoming more prolific every day.' These AI tools can be used to carry out spamming campaigns or even distributed denial-of-service (DDoS) attacks that knock sites offline by overwhelming them with fake traffic. The industries most at risk, according to the 2025 Imperva Bad Bot Report are financial services, healthcare and e-commerce. The report tracked an average of 2 million AI-enabled attacks each day last year, with the Bytespider web crawler tool making up 54 per cent of them. Developed by TikTok owner ByteDance, the ByteSpider bot's dominance was attributed to its widespread recognition as a legitimate tool, which the researchers said made it an 'idea candidate for spoofing'. 'The rise in the number of accessible AI tools has significantly lowered the barrier for entry for cyber attackers enabling them to create and deploy malicious bots at scale,' the report stated. 'With generative AI simplifying bot development, automated threats are evolving rapidly – becoming more sophisticated, evasive, and widespread, fueling the growth of both simple and advanced bad bots. 'Attackers now use AI not only to generate bots but also to analyse failed attempts and refine their techniques to bypass detection with greater efficiency.'
