Radware today announced it has enhanced its API Protection solution with a new AI-driven, auto-learning protection engine designed to immediately detect and mitigate business logic attacks. Working in real-time, the engine exposes bad actors’ identities and automatically detects and blocks malicious API calls by continuously learning the application’s business logic. The solution offers organizations comprehensive coverage for the OWASP API 2023.
API attacks that leverage business logic vulnerabilities are becoming more sophisticated and harder to detect, often mimicking legitimate API usage. According to Radware’s latest Global Threat Intelligence Analysis Report, malicious web application and API transactions increased by 171% in 2023 compared to 2022. Retail (37%) and transportation (19%) were the most attacked industries, followed by software as a service (8%) and carriers (8%).
“Radware is helping organizations take the guesswork out of API protection,” said Gabi Malka, Radware’s chief operation officer. “Unlike competitive solutions that rely on past attack log analysis for detection and remediation recommendations rather than immediately blocking the attacks, Radware’s AI-powered protection works automatically, continuously, and in real-time. It not only learns the business logic, but also accurately reveals bad actors’ identities and blocks their attacks as they occur, resulting in frictionless, optimized protection and reduced risk.
Radware’s enhanced API Protection solution takes a multi-layer approach to real-time detection and mitigation of business logic attacks. It leverages:
- Continuous auto-learning of the application business logic to deliver real-time insights into the legitimate or malicious intent of API calls.
- Real-time AI-driven context analysis of security policies to enhance the reliability of API attack detection and mitigation.
- Precise identification of bad actors that surpasses simple IP blocking to accurately block malicious users and clients.
Radware’s API Protection is part of the company’s comprehensive Cloud Application Security Protection Service. The service also includes the company’s web application firewall (WAF), bot detection and management, and client-side and application-level (Layer 7) web DDoS protection. Combining end-to-end automation, behavioral-based detection, and 24/7 managed services, the solution is designed to offer organizations the highest level of application protection with the lowest level of false positives.