Imperva sets new benchmark in API security with real-time threat detection and response

Thales has announced a major upgrade to its Imperva Application Security platform, introducing real-time API detection and automated response features aimed at combating Broken Object Level Authorization (BOLA) and other rising threats to API infrastructure. The move sets a new industry standard for protecting sensitive data in an era when APIs now account for 71% of all web traffic, according to Imperva Threat Research.

With API abuse rapidly increasing, 44% of advanced bot attacks now target APIs versus just 10% targeting traditional web apps, the update underscores a pressing need for smarter, faster defenses.

BOLA is the leading risk in the OWASP API Security Top 10. It occurs when APIs fail to validate whether a user is authorized to access a particular data object, exposing businesses to data leaks, regulatory risks, and reputational damage.

“API security is no longer optional – it’s fundamental to maintaining business continuity and trust,” said Tim Chang, Global VP and GM of Application Security at Thales. “Imperva bridges the gap by delivering a unified platform that actively identifies and blocks business logic threats in real-time.”

Key features of the new Imperva API protection capabilities

Real-Time BOLA Detection: Advanced hybrid engines use behavioral and rule-based analysis to detect risky API behavior and flag suspicious endpoints immediately.

Automated Inline Mitigation: Tight integration with Imperva’s Cloud WAF and WAF Gateway enables instant blocking of malicious API sessions, without slowing down application performance.

Unified Security Console: Teams can now manage API discovery, risk scoring, anomaly detection, and mitigation from a single interface, reducing complexity across cloud and on-premises environments.

Part of Imperva’s broader 'security anywhere' vision

These enhancements are a foundational step in advancing Imperva’s Security Anywhere strategy, a vision to deliver comprehensive, flexible protection for applications and APIs across any environment. By enabling inline mitigation and seamless orchestration with existing tools, Imperva empowers organizations to stay ahead of increasingly sophisticated attacks without disrupting development velocity.

“This isn’t just about stopping attacks, it’s about securing innovation,” said Chang.

As APIs become the connective tissue of digital transformation, the stakes for getting API security right have never been higher. With this latest upgrade, Imperva is helping enterprises turn a critical weak point into a security strength.