Radware introduces API Protection Engine to combat business logic attacks

In a significant advancement for the company, Radware® (NASDAQ: RDWR), a leader in cybersecurity and application delivery solutions, has announced an enhancement to its API Protection solution. This new feature includes an AI-driven, auto-learning protection engine designed to detect and mitigate business logic attacks in real time.

This innovative engine continuously learns the business logic of applications, exposing malicious actors and automatically blocking harmful API calls as they occur, offering robust coverage for the OWASP API 2023 standards.

Addressing the Escalating Threat of Business Logic Attacks

The sophistication of API attacks exploiting business logic vulnerabilities is increasing, often making them indistinguishable from legitimate API usage. Radware’s latest Global Threat Intelligence Analysis Report reveals a 171% increase in malicious web application and API transactions in 2023 compared to the previous year. The most targeted sectors include retail (37%), transportation (19%), software as a service (8%), and carriers (8%).

Gabi Malka, Radware’s Chief Operating Officer, emphasised the unique approach of their solution: “Radware is helping organisations take the guesswork out of API protection. Unlike competitive solutions that rely on past attack log analysis, Radware’s AI-powered protection operates automatically, continuously, and in real-time. It not only learns the business logic but also accurately reveals bad actors’ identities and blocks their attacks as they occur, providing frictionless, optimised protection and reduced risk.”

Radware’s enhanced API Protection solution employs a multi-layered strategy to detect and mitigate business logic attacks in real time. Key features include:

  • Continuous Auto-Learning: The engine continuously learns the application’s business logic, providing real-time insights into the legitimate or malicious intent of API calls.
  • AI-Driven Context Analysis: This real-time analysis enhances the reliability of API attack detection and mitigation by evaluating security policies.
  • Precise Identification of Bad Actors: Beyond simple IP blocking, the engine accurately identifies and blocks malicious users and clients.

This comprehensive API Protection is part of Radware’s Cloud Application Security Protection Service, which also includes an industry-leading web application firewall (WAF), bot detection and management, and client-side and application-level (Layer 7) web DDoS protection. Combining end-to-end automation, behavioural-based detection, and 24/7 managed services, Radware’s solution ensures maximum application protection with minimal false positives.