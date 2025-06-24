Thales has announced new detection and response capabilities for the Imperva Application Security platform, designed to address Broken Object Level Authorization (BOLA). This vulnerability ranks at the top of the OWASP API Security Top 10 and poses a growing risk to businesses.

BOLA attacks occur when APIs fail to verify whether users are authorized to access specific objects. Cybercriminals can then manipulate requests to gain unauthorized access to sensitive data. This can lead to data breaches, compliance issues, and loss of customer trust.

“API security is no longer optional – it’s fundamental to maintaining business continuity and trust,” said Tim Chang, Global Vice President and General Manager of Application Security at Thales.

According to research by Imperva Threat Research, 71 percent of all web traffic last year came from APIs. Even more striking is that 44 percent of advanced bot traffic targeted API endpoints, while only 10 percent targeted traditional web applications.

Real-time detection and automated response

The platform combines hybrid behavior and rule-based engines that analyze API request patterns to provide a comprehensive solution. Anomalies are scored, and endpoints are flagged for immediate action. Integration with Imperva Cloud WAF and WAF Gateway enables automatic blocking of malicious API traffic.

The solution offers flexible deployment in both cloud and on-premise environments. Security teams can manage API detection, risk analysis, and mitigation from a single unified console. This prevents tool fragmentation and operational friction.

The new capabilities align with Thales’ broader Security Anywhere vision for the end-to-end protection of applications and APIs. In addition to BOLA detection, the platform also protects unauthenticated APIs and outdated endpoints.

The detection and response capabilities are now available as part of Imperva Application Security. The platform is designed for companies seeking to secure their API infrastructure against the increasing threat of automated attacks.

