Imperva Application Security Redefines API Protection with Unified Detection and Response Capabilities
In a groundbreaking advancement for API security, Thales has announced the integration of new detection and response capabilities into the Imperva Application Security platform. This innovation delivers real-time protection against business logic attacks, including Broken Object Level Authorization (BOLA)—the leading threat in the OWASP API Security Top 10. By combining advanced detection with automated mitigation of risky APIs, unauthenticated endpoints, and deprecated APIs, Imperva Application Security sets a new standard for safeguarding sensitive data and combating complex business logic vulnerabilities across both cloud and on-premises environments.
The Growing Importance of API Security
APIs have become the backbone of modern applications, enabling businesses to connect services, streamline operations, and deliver personalized experiences at scale. However, this increased reliance on APIs has also made them a prime target for cybercriminals. According to Imperva Threat Research, APIs now account for 71% of all web traffic, highlighting their critical role in today’s digital ecosystems. More alarmingly, recent observations reveal a sharp rise in API-directed attacks, with 44% of advanced bot traffic targeting APIs, compared to just 10% targeting web applications.
This shift underscores how attackers are exploiting API endpoints to access sensitive and high-value data. As APIs continue to grow in complexity and scale, securing them has become a top priority for organizations seeking to protect their assets, maintain compliance, and preserve customer trust.
Why BOLA Poses a Critical Risk to Businesses
One of the most pervasive and damaging API threats is Broken Object Level Authorization (BOLA). This vulnerability occurs when APIs fail to properly verify whether users are authorized to access specific data objects. Attackers can exploit this flaw by manipulating requests to gain unauthorized access to sensitive information, such as personal data, financial records, or proprietary business assets.
As the leading threat in the OWASP API Security Top 10, BOLA exposes organizations to significant risks, including costly data breaches, compliance failures, and reputational damage. The consequences of a single BOLA attack can be catastrophic, making it imperative for businesses to adopt robust solutions that address this critical vulnerability.
“API security is no longer optional—it’s fundamental to maintaining business continuity and trust,” said Tim Chang, Global Vice President and General Manager of Application Security at Thales. “Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.”
A Unified, Flexible, and Privacy-First Solution
The Imperva Application Security platform introduces a comprehensive approach to API protection, empowering enterprises with the tools they need to detect and respond to threats like BOLA without compromising development speed or user experience. Key features of the platform include:
1. Unified Platform Architecture
Imperva Application Security consolidates API discovery, risk assessment, detection, and mitigation into a single console, eliminating the inefficiencies of managing multiple tools. This unified architecture reduces operational friction and provides a seamless experience across cloud and on-premises environments, ensuring consistent protection regardless of deployment model.
2. Real-Time BOLA Detection
The platform leverages hybrid behavioral and rule-based engines to analyze API request patterns, identify anomalies, and flag suspicious activity in real time. This proactive approach ensures that potential threats are detected and addressed before they can cause harm.
3. Automated Response and Remediation
Integration with Imperva Cloud WAF and WAF Gateway enables automated inline responses, such as blocking malicious API traffic in real time. Additionally, the platform supports integration with security automation tools, ensuring rapid incident orchestration and minimizing the impact of attacks.
4. Flexible Deployment Options
Designed with flexibility in mind, Imperva Application Security offers deployment options that cater to diverse organizational needs. Whether operating in the cloud, on-premises, or in hybrid environments, businesses can secure their API infrastructure at scale without sacrificing performance or privacy.
5. Privacy-Forward Design
Recognizing the importance of data privacy, the platform incorporates a privacy-forward design that ensures sensitive information remains protected during processing and analysis. This feature is particularly valuable for organizations subject to stringent regulatory requirements, such as GDPR or CCPA.
Advancing the Imperva Security Anywhere Vision
The integration of API detection and response capabilities into Imperva Application Security aligns with the broader Imperva Security Anywhere vision, which aims to provide scalable, end-to-end protection for applications and APIs across any environment. This unified solution equips enterprises with a comprehensive view of automated threats targeting APIs and the tools needed to mitigate those threats effectively.
By addressing vulnerabilities such as deprecated APIs, unauthenticated endpoints, and BOLA attacks, Imperva Application Security empowers organizations to stay ahead of evolving threats. Its ability to deliver real-time detection and mitigation ensures that businesses can protect their most critical assets while maintaining operational efficiency and user satisfaction.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.
The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.
Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.
