Thales has announced enhanced detection and response capabilities within the Imperva Application Security platform, specifically designed to protect against business logic attacks such as Broken Object Level Authorization (BOLA). BOLA is recognized as the leading threat in the OWASP API Security Top 10.

These new features integrate real-time detection with automated mitigation for risky, unauthenticated, and deprecated APIs. The Imperva Application Security platform now offers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across both cloud and on-premises environments. APIs are integral to modern applications, facilitating seamless service connectivity and optimized operations. Imperva Threat Research data indicates that APIs constitute 71% of all web traffic. The research team has also observed a significant increase in API-directed attacks, with 44% of advanced bot traffic targeting APIs, compared to 10% targeting web applications. This trend highlights the increasing focus of attackers on API endpoints that manage sensitive data.

BOLA occurs when APIs fail to properly verify user authorization for specific data objects, enabling attackers to manipulate requests and gain unauthorized access to sensitive information. As the foremost OWASP Top 10 API threat, BOLA poses substantial risks, including potential data breaches, compliance failures, and erosion of customer trust.

Tim Chang, Global Vice President and General Manager of Application Security at Thales, stated, “API security is no longer optional – it’s fundamental to maintaining business continuity and trust. Imperva Application Security addresses this need by providing a fully unified platform that identifies business logic threats and actively blocks malicious sessions, establishing a new standard for API protection.”

The Imperva Application Security platform offers a unified, flexible, and privacy-focused solution for enterprises. It integrates advanced threat detection engines with automated inline responses and offers various deployment options. This enables security teams to detect and respond to API attacks like BOLA without impeding development cycles or disrupting user experience. For organizations aiming to secure their API infrastructure, Imperva Application Security provides several advantages:

* **Unified Platform Architecture:** API discovery, risk assessment, detection, and mitigation are managed from a single console, reducing complexity and operational overhead across cloud and on-premises setups.
* **Real-Time BOLA Detection:** The platform utilizes hybrid behavioral and rule-based engines to analyze API request patterns, score anomalies, and flag endpoints for immediate action.
* **Automated Response and Remediation:** Integration with Imperva Cloud WAF and WAF Gateway facilitates various response actions, including automated inline blocking of malicious API traffic in real time. Integration with security automation tools supports rapid incident orchestration.

These integrated API detection and response capabilities are a core component of the Imperva Security Anywhere vision, which aims to deliver scalable, end-to-end protection for applications and APIs across diverse environments. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools for protection. Detection and response for deprecated APIs, unauthenticated APIs, and BOLA attacks are now available within Imperva Application Security.

Thales (Euronext Paris: HO) is a global leader in advanced technologies, focusing on Defence, Aerospace, Cyber & Digital sectors. The Group invests over €4 billion annually in Research & Development, particularly in critical areas such as Artificial Intelligence, cybersecurity, quantum, and cloud technologies. Thales employs over 83,000 individuals across 68 countries, with sales totaling €20.6 billion in 2024.