Thales announces new suite of detection and response capabilities for Imperva

Thales today announced new detection and response capabilities in the Imperva Application Security platform to protect against business logic attacks, such as Broken Object Level Authorization (BOLA)—the leading threat in the OWASP API Security Top 10.

By integrating real-time detection with automated mitigation of risky APIs, BOLA attacks, unauthenticated APIs, and deprecated APIs, the Imperva Application Security platform delivers comprehensive protection against unauthorized data exposure and other complex business logic vulnerabilities across cloud and on-premises environments.

“API security is no longer optional—it’s fundamental to maintaining business continuity and trust,” said Tim Chang, Global Vice President and General Manager of Application Security at Thales. “Imperva Application Security bridges the gap by delivering a fully unified platform that identifies business logic threats and actively blocks malicious sessions, setting a new benchmark for API protection.”

Imperva Application Security integrates advanced threat detection engines with automated inline responses and flexible deployment options, enabling security teams to detect and respond to API attacks like BOLA without slowing development or disrupting the user experience.

Imperva Application Security delivers the following benefits:

• Unified Platform Architecture: Manage API discovery, risk assessment, detection, and mitigation in a single console, eliminating tool sprawl and operational friction across cloud and on-premises environments.

• Real-Time BOLA Detection: Hybrid behavioral and rule-based engines analyze API request patterns, scoring anomalies, and flagging endpoints for immediate action.

• Automated Response and Remediation: Integration with Imperva Cloud WAF and WAF Gateway enables a variety of response actions, including inline mitigation actions such as automatically blocking malicious API traffic in real-time. Integration with security automation tools ensures rapid incident orchestration.

The integration of API detection and response into Imperva Application Security is foundational to the Imperva Security Anywhere vision, which provides scalable, end-to-end protection for applications and APIs across any environment. This unified solution provides enterprises with a comprehensive view of automated threats targeting APIs and the necessary tools to protect those APIs.

Detection and response to deprecated APIs, unauthenticated APIs, and BOLA attacks are now available as part of Imperva Application Security.