Arxan Technologies, provider of application protection solutions, announced this week the launch of Arxan for Web, the latest enhancement to its protection solution for client-side web apps. Enabling organizations to defend against server side API attacks and credential theft, Arxan for Web provides a multi-layered defensive approach including:
- Passive protection - obfuscates code, making it harder for attackers to understand and analyze for reverse engineering
- Active protection - in the event of code analysis, tampering or malware attacks, the browser can be shut down or attacked code can be repaired
- Real-time alerting - notifies organizations of attempted code tampering or analysis via Arxan Threat Analytics to quarantine suspicious accounts and update code protections
The continued increase in global data breaches significantly affects business performance, costing an average of $3.86 million in a single breach. And a particularly sharp increase in API-based attacks is anticipated. According to Gartner: “by 2022, API abuses will be the most frequent attack vector, resulting in data breaches for enterprise web applications.” The rise in client-side threats makes timely, proactive threat response even more critical.
“Arxan for Web now provides organizations real-time threat reporting, which means they can respond to threats before attacks can get through APIs to backend systems,” says Joe Sander, CEO, Arxan. “We’re enabling a closed loop security process between code deployment, early stage client-side attacks, detection and remediation, and preventing the compromise of critical back office systems and assets.”
OWASP research also shows that insufficient logging and monitoring is a primary security concern, noting that the time it takes most organizations to detect a breach is far too long to adequately address the threat until it’s too late: “most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring. Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.”
Arxan Threat Analytics provides much-needed visibility into the security posture of applications by giving organizations timely data and intelligence to stay in front of evolving threats to any web app deployed in the wild. For example, if a debugger is plugged into a web app, Arxan will immediately alert the organization to that activity.