Imperva Application Security Integrates API Detection and Response, Setting A New Standard in API Security
APIs have become the backbone of modern applications, enabling businesses to seamlessly connect services, optimize operations, and deliver personalized experiences at scale. According to Imperva Threat Research, APIs accounted for 71% of all web traffic. More recently, the team observed a sharp rise in API-directed attacks, with 44% of advanced bot traffic targeting APIs, compared to just 10% targeting web applications. This shift underscores how attackers are increasingly exploiting API endpoints that manage sensitive and high-value data.
Why BOLA is a Critical Business Risk
BOLA occurs when APIs fail to properly verify whether users are authorized to access specific data objects. This allows attackers to manipulate requests and gain unauthorized access to sensitive information. As the leading OWASP Top 10 API threat, BOLA exposes businesses to significant risks, including data breaches, compliance failures, and loss of customer trust.
'API security is no longer optional – it's fundamental to maintaining business continuity and trust,' said Tim Chang, Global Vice President and General Manager of Application Security at Thales. 'Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.'
Empowering Enterprises with a Unified, Flexible, and Privacy-First Solution
Imperva Application Security integrates advanced threat detection engines with automated inline responses and flexible deployment options, enabling security teams to detect and respond to API attacks like BOLA without slowing development or disrupting the user experience. For customers who want to protect their API infrastructure, Imperva Application Security delivers the following benefits:
Unified Platform Architecture: Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments.
Real-Time BOLA Detection: Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action.
Automated Response and Remediation: Integration with Imperva Cloud WAF and WAF Gateway enables a variety of response actions, including inline mitigation actions such as automatically blocking malicious API traffic in real-time. Integration with security automation tools ensures rapid incident orchestration.
Advancing the Imperva Security Anywhere Vision
The integration of API detection and response into Imperva Application Security is foundational to the Imperva Security Anywhere vision, which provides scalable, end-to-end protection for applications and APIs across any environment. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools to protect those APIs.
Detection and response to deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.
The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.
Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion.
Thales Group
Cybersecurity Solutions | Thales Group
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Wire
7 minutes ago
- Business Wire
LogicMonitor Achieves FedRAMP® Authorization to Operate (ATO), Unlocking Secure and Compliant Hybrid Observability for U.S. Government Agencies
SANTA BARBARA, Calif.--(BUSINESS WIRE)-- LogicMonitor, the leading SaaS-based platform for AI-powered data center transformation, today announced that its LM Envision platform has achieved a FedRAMP® Moderate Authorization to Operate (ATO). This achievement signifies LogicMonitor's successful completion of the rigorous FedRAMP authorization process, and underscores its continued commitment to providing a highly secure, scalable, and AI-powered observability platform that meets stringent security and compliance standards for federal government agencies. A Major Milestone in Government IT Modernization The FedRAMP Moderate ATO designation validates that LogicMonitor meets the federal government's stringent security and risk management standards, enabling agencies to confidently deploy its LM Envision AI-powered hybrid observability platform across their hybrid, cloud, and on-premises environments. This milestone in the FedRAMP authorization process demonstrates LogicMonitor's capability to support mission-critical workloads with the security posture required by federal standards. 'Achieving a full FedRAMP Moderate Authorization reinforces LogicMonitor's dedication to protecting government data while enabling operational excellence across their complex hybrid infrastructures,' said Nitin Navare, CTO at LogicMonitor. 'With LM Envision, federal agencies now have access to a secure, scalable platform that empowers them to modernize IT operations, reduce risk, and respond proactively to today's growing infrastructure demands.' Enabling Secure, AI-Powered Observability for the Public Sector LM Envision enables government agencies to: Gain unified visibility into multi-cloud, on-prem, and hybrid infrastructures—including AWS GovCloud and Microsoft Azure Government. Leverage AI-driven insights to predict and prevent service disruptions before they impact mission delivery. Streamline compliance with security frameworks such as FedRAMP, FISMA, and HIPAA. Consolidate legacy monitoring tools into a single, intelligent observability platform. As government IT environments grow in complexity and face rising cyber threats, LogicMonitor's FedRAMP-authorized platform equips agencies with the tools to secure and modernize operations without compromising performance or compliance. Commitment to the Public Sector This achievement marks a new chapter in LogicMonitor's support for the public sector. As a trusted technology partner, LogicMonitor will continue investing in secure, compliant innovations that help federal agencies fulfill their missions with confidence and agility. To learn more about LogicMonitor's FedRAMP-authorized solution and how it supports government agencies, visit About LogicMonitor LogicMonitor® offers AI-powered data center transformation. The company's SaaS-based platform, LM Envision, enables observability across on-prem and multi-cloud environments. LogicMonitor provides IT and business teams operational visibility and predictability across their technologies and applications to focus less on troubleshooting and more on delivering extraordinary employee and customer experiences. For more information, visit and our blog, or follow us on LinkedIn, X, Facebook, and YouTube.
Business Wire
7 minutes ago
- Business Wire
First Due Partners with NextNav to Provide First Responder Vertical Location and 3D Visualization to Improve Responder Safety and Accountability
RESTON, Va.--(BUSINESS WIRE)--NextNav (Nasdaq: NN), a leader in next generation 3D geolocation technology, and First Due, the all-in-one AI-powered platform for fire and emergency medical services (EMS) agencies, today announced a partnership that brings NextNav's vertical location and 3D visualization technology to Fire and EMS giving these agencies a powerful new tool for personnel accountability. This partnership and NextNav's technology will allow incident commanders to visualize not only the horizontal location of personnel but also their vertical position. By displaying first responders using a NextNav 3D wireframe view of buildings directly within First Due's Incident Command and Response solution, commanders on scene can now pinpoint the exact real-time location of personnel inside tall or complex structures. This capability supports faster and more informed decision-making during emergencies and is designed to enhance responder safety and operational awareness, helping both front-line personnel and their command teams make better tactical choices in high-pressure situations. 'We're focused on ensuring First Due delivers real impact when it matters most. With the ability to visualize personnel not just on a 2D map but within a 3D model of a structure, incident commanders gain powerful situational awareness in the moments that count,' said Andreas Huber, Co-founder and CEO of First Due. 'We're proud to continue our partnership with NextNav and further develop solutions that aim to improve operational outcomes during the most complex urban responses.' 'NextNav is excited to bring its accurate z-axis location and 3D visualization services to First Due's application ecosystem. This partnership gives first responders and command staff a clearer picture of what's happening inside buildings during an emergency,' said Rob Clark, Senior Director of Public Safety at NextNav, 'This rollout marks a major milestone in bringing advanced actionable data into real-world emergency response — and sets the stage for similar upgrades at 9-1-1 call centers across the country.' About NextNav NextNav Inc. (Nasdaq: NN) is a leader in next generation positioning, navigation and timing (PNT), enabling a whole new ecosystem of applications and services that rely upon 3D geolocation and PNT technology. Powered by low-band licensed spectrum, NextNav's positioning and timing technologies deliver accurate, reliable, and resilient 3D PNT solutions for critical infrastructure, GPS resiliency and commercial use cases. For more information, please visit or follow NextNav on X or LinkedIn. About First Due First Due is the end-to-end, AI-powered operational suite for Fire, EMS, and Law Enforcement. Its comprehensive, cloud-based platform includes Training and Learning Management, NERIs ePCR, Fire Prevention, Pre-Incident Planning, Scheduling & Personnel, Assets & Inventory, Community Engagement, Mobile Response, and more. Built for the modern responder, First Due delivers unified, data-driven solutions that reduce risk, streamline operations, and serve as the last piece of software an agency ever needs to buy. To learn more and see what First Due would look like for your agency, visit NextNav
Business Wire
7 minutes ago
- Business Wire
KBRA Releases Research – Conduit Subordination: Follow the Credit Metrics
NEW YORK--(BUSINESS WIRE)--KBRA releases research on the current trends in CMBS conduit credit metrics and subordination levels. Junior AAA subordination levels in conduit CMBS increased to 20.3% in 1H 2025, marking an increase of more than 10% from the full-year 2023 average of 18.4%. This trend is unsurprising, as average appraised loan-to-value (LTV) ratios have increased over four points to 56.6% during the same period. Notably, KBRA loan-to-value (KLTV) ratios for KBRA-rated transactions have also risen to 91.6% from 87.4%, while KBRA debt yield (KDY) has decreased to 10.5% from 11.1%. Overall, pools remain relatively concentrated in terms of loan diversity, with a continued high proportion of interest-only (IO) loans. Beyond deal-level metrics, the commercial real estate (CRE) market continues to face challenges from higher interest rates, weak office demand, and uncertainty stemming from the potential economic impacts of tariffs. Barring any meaningful reversal in current trends, these deal dynamics and market factors suggest that credit enhancement (CE) levels are likely to hold steady or even increase from their current position. While KBRA continues to be an active voice in the market, our views may not be shared by all rating agencies. KBRA's participation rate in conduit CMBS transactions has declined since 2023, and based on the current pipeline, we expect this trend to continue. This is primarily due to our views on preliminary CE levels, which are informed by lessons learned from the global financial crisis (GFC) and CMBS 2.0 performance. For example, our A stress levels incorporate insights gained from the GFC. In this KBRA report, we examine historical conduit CE levels and highlight several trends that suggest subordination should remain stable—or even increase—on average. Key Takeaways Lessons learned from the GFC have helped CMBS 2.0 navigate market challenges. CE levels remain well above pre-GFC benchmarks, even though LTV ratios are nearly 15 percentage points lower in the post-GFC period. The higher enhancements have helped KBRA ratings stability ratios remain above 99% for AAA and 91% for AA and contributed to minimal expected losses among classes initially assigned these ratings. Transaction metrics trends such as leverage, loan and property concentrations, and IO loan payments indicate CE levels should remain at current levels or move higher. Leverage trends—as measured by KBRA LTVs—are on the upswing with the average deal KLTV reaching 91.4% in 1H 2025 after hitting a post-GFC low of 87.4% in 2023. Average conduit loan Herfindahl (Herf) scores, a measure of diversity, remain near all-time lows reached in 2023 as CRE origination has yet to fully recover following the Federal Reserve's rate increases that began in 2022. Office and lodging loan concentrations, which have a historically higher propensity to default relative to other property types, are beginning to trend upward with a combined concentration of 36.5% during 1H 2025 compared to 30.5% in 2024. IO loan concentrations remain near all-time highs as the KBRA IO Index hovers close to 90% during 1H 2025. Click here to view the report. Recent Publications CMBS Trend Watch: June 2025 CMBS Loan Performance Trends: June 2025 KBRA CMBS Loss Compendium Update: June 2025 About KBRA KBRA, one of the major credit rating agencies, is registered in the U.S., EU, and the UK. KBRA is recognized as a Qualified Rating Agency in Taiwan, and is also a Designated Rating Organization for structured finance ratings in Canada. As a full-service credit rating agency, investors can use KBRA ratings for regulatory capital purposes in multiple jurisdictions. Doc ID: 1010490
