Layer 7 constitutes the front line in the battle against account takeover, API abuse and misuse, and injection-style attacks. Our new partnership with Okta will integrate our web application and API protection platform with their identity and access management platform. By feeding intelligence to Okta, we can help them spot potential bad actors to make better authentication decisions. This relationship is a powerful example of how we can marshall our respective strengths to secure customers against these increasingly sneaky attacks.
Layer 7 attacks are on the rise
Layer 7 attacks are getting both larger and more common. The scorecard makes for grim reading. All the while, these attacks have become harder to identify, as bad actors find ways to mimic normal user behavior. Consider the following:
Approximately 3 in 4 companies have experienced malicious account takeover attacks
Attackers are increasingly successful at bypassing existing security mechanisms as they step up their assaults against APIs
Injection attacks, despite being a common vulnerability that should be easy to remedy, continue to plague the business world
We’ve watched this trend develop for some time now with attackers using modern tools and workflows to build and advance new threats that are both more common and increasingly sophisticated. This growth testifies to our need as an industry to make security an integral part of the cultural and technical aspects of building software — a central tenet of the “new rules” governing web app and API security that I wrote about recently.
An industry-wide problem deserves an industry-wide solution
Let me be blunt: we need to do better and step up collectively so that our solutions work together and provide the best umbrella defense possible for customers. That requirement became particularly acute during the pandemic when employers shifted to work-at-home routines. Cyber criminals were not far behind; nearly half of businesses surveyed reported that changes to remote working practices made during last year’s lockdown had adversely affected their cybersecurity.
Rest assured that threat will remain even as the health crisis recedes, given that many organizations are expected to continue to feature hybrid work arrangements for the foreseeable future. “The future is making everything work together securely,” Okta CEO Todd McKinnon points out to Business Insider, as habits have changed and we’re not returning to an office-centric work environment.
By integrating our web application and API protection solution with Okta’s identity and access management platform, we are able to help organizations better protect consumer identities without compromising the user experience. With this “continuous authentication” powered by our ability to monitor threats at layer 7 and feed that info into Okta, customers gain the ability to protect their critical applications through their already deployed authentication service — without unduly inconveniencing the user.