New Kasada API protects from botnet attacks and targeted fraud

Kasada, provider of the only online traffic integrity solution that accurately detects and defends against bot attacks, announced the introduction of Kasada API, which protects an organization’s web and mobile APIs from automated botnet attacks and targeted fraud.

If left unprotected, an organization’s most sensitive API endpoints (i.e. authentication, account creation, and handling sensitive data) can be quickly exploited by attackers, giving them a direct path into the organization.

Gartner predicts that by 2022, API abuses will be the most frequent attack vector, given their criticality in cloud-native web, mobile app, and SaaS applications. Protecting APIs can be challenging, not just because of their ubiquity, but also because they are created and used by both technical and non-technical application developers within an organization, meaning security teams don’t always have full visibility into everything in use.

“Today’s users need to stay vigilant in their approach to protecting their most valuable assets, including customers, brand, and intellectual property,” said Kasada CEO Pascal Podvin. “By delivering Kasada API, we are providing our customers with a holistic line of defense that not only mitigates current attacks but also deters future ones.”

Understanding that APIs are vulnerable, attackers use emulators, simulators, and direct HTTP requests to launch attacks including credential stuffing, web scraping and application DDoS. Kasada API, delivered as a cloud-based service, has a simple deployment model and can be implemented quickly, protecting APIs with long-term efficacy from the very first request. It helps to decrease operating costs, maintains a frictionless customer experience, and most importantly, allows an organization’s developers to continue innovating rapidly using APIs.

“There are so many ways that automated attacks can inflict damage on a company’s API endpoints,” said Dick Ward, Head of Cyber Security for Sportsbet, a Flutter Entertainment company. “With Kasada, we’re able to quickly and effectively stop malicious bots targeting our login APIs used across websites and mobile apps.”

Unlike legacy approaches that rely heavily on historical data and rules, Kasada detects the immutable evidence associated with malicious automation when bots interact with APIs. Kasada API customers are provided with either JavaScript SDKs for web applications or mobile SDKs for native Android and iOS apps. Using proprietary techniques, Kasada API presents a myriad of obstacles to frustrate and disrupt the operating model of bot attacks, preventing hackers from using automation and challenging critical aspects of the attack process.

Sam Crowther, founder of Kasada shared, “As part of the ever-changing threat landscape, fraudsters shift their tactics towards the weak entry points of online businesses. It is not good enough to have only robust website security, as attackers will then quickly direct their efforts towards mobile and business apps and access sensitive data through APIs.”

Future software releases will deepen Kasada’s protection for the assortment of APIs that exist within enterprise organizations.